Firewall confusion
in [Suse]
|
Prev: Do I have a Virus?
Next: making an rpm package
From: J G Miller on 28 Dec 2009 09:53 On Mon, 28 Dec 2009 04:59:24 +0000, Stephen Horne wrote: > It doesn't matter whether you download binaries or build from source - > unless you inspect that source line by line, the possibility still > exists that there is an undocumented nasty lurking within. A good example of this is the trojan contained in the Gnome Waterfall screensaver installation package which was uploaded to the official site Gnome Look. <http://www.zdnet.com.AU/blogs/null-pointer/soa/Carelessness-busts-Linux- security/0,2001102868,339299939,00.htm> > *BUT* - with a ZoneAlarm-style firewall - that trojan *cannot* phone > home, and so the security issue is minimised. As far as I am aware this is not the case. A firewall works by blocking ports. When Zone Alarm initially asks you if you want to allow an application to access the internet, it opens the port for that application. If another application uses the same port, then as far as I am aware, it will be able to get through the already opened port.
From: Stephen Horne on 28 Dec 2009 10:30 On Mon, 28 Dec 2009 09:06:21 -0500, Van Chocstraw <boobooililililil(a)roadrunner.com> wrote: >What makes you think a virus or Trojan can't be written to ignore, >bypass or fool Zonealarm? Firewalls are broken into daily. This sounds >like a 'feel good' firewall. Makes you think you are in control. Since expressing a tangential opinion rather than answering/not my question is all you've done, I choose to believe that you are not jumping to conclusions and attacking me, but simply having a conversation. Therefore... Yes, I agree. It's a good firewall only to the extent that term makes sense in Windows - ie it's presumably better than the Windows built-in firewall that does similar things. In the context of Windows, and given that I've yet to jump to Vista or 7 (and probably never will). As I've said, I have had cases where the popup pops up just as I'm hitting a key, and gets an unintended "yes" - no disasters yet from that, but it's an obvious serious flaw. And, as I've also said, you don't always have much idea which app it's talking about, and even if you think you do, you could be fooled. And of course, since ZoneAlarm isn't protected behind a root password, it could be directly targetted and tampered with by malware without my knowledge. I didn't say that one myself in this thread, but I certainly agree that the points valid.
From: Peter Köhlmann on 28 Dec 2009 10:34 Stephen Horne wrote: > On Mon, 28 Dec 2009 13:17:03 +0100, houghi <houghi(a)houghi.org.invalid> > wrote: > < snip > > It may well be a non-issue - probably is - It is a non-issue. Linux has a firewall which is way better than ZoneAlarm and company could ever hope to be > but in that case, why is > everyone so seriously oversensitive? Because you are an inorant fool simply ignoring advice and bringing up your stupid idea again and again. And. although you have no clues about linux and/or security, you still want an insecure-by-design bullshit "firewall" -- Microsoft's Guide To System Design: Let it get in YOUR way. The problem for your problem.
From: Death on 28 Dec 2009 10:45 Van Chocstraw wrote: SNIP > > What makes you think a virus or Trojan can't be written to ignore, > bypass or fool Zonealarm? Firewalls are broken into daily. This sounds > like a 'feel good' firewall. Makes you think you are in control. True. It is quite useless to use such things. The user has no idea what file needs, doesn't need access to the outside world. The user has no idea of the origin of such files. Does mscrvt.dll (made up, it may or not be a file) need internet access? Does allowing IE allow all files associated with IE access? I have used Zone Alarm years ago. You end up allowing most things...cause if not, you start breaking valid programs. You end up in a pickle, them simply uninstall the stupid thing. Its best just to not click on things that are too good to be true. the "1000 free wallpapers" link is best left alone. But, even if you do click on it, the do you want to run this question is dumb...if I didn't want to run it, I wouldn't have clicked on it! And if you are clicking on stuff, just to answer No ... then that's pretty funny. -- Vita brevis breviter in brevi finietur, Mors venit velociter quae neminem veretur. felix dies Nativitatis
From: Stephen Horne on 28 Dec 2009 11:11
On Mon, 28 Dec 2009 13:49:32 +0100, houghi <houghi(a)houghi.org.invalid> wrote: >Peter K�hlmann wrote: >> For doing what? Allow trojans which *masquerade* as firefox/IE/Konqueror >> to access the internet? Or trojans which simple use thoise apps as >> vehicles? > >To be fair, you could include the PATH of the aplication. But wich one >is correct: >/bin/firefox >/opt/firefox/bin/firefox >~/.mozilla/firefox >~/bin/firefox > >Could be done, but a LOT of hard work and prone to mistakes. So make it easier - only allow applications installed in the standard way in standard locations to be whitelisted, mandate a standard way of identifying the path, and mandate that the relevant path must be protected behind an admin password. And don't forget - other priviledges are successfully controlled. The principles aren't that hard - though of course the devil is always in the details. >The main problem I have with it all is that you place the administration >rights on a user level. That is not where they belong as you said. No you don't. I never said you should. The worst I did is describe the fact that ZoneAlarm displays a popup, and while I didn't immediately call it the spawn of the devil, I mentioned at least one flaw with that right from the start. And even if there is a popup, it would be associated with whatever service grants/refuses access, not the untrusted program. If you choose to supply the password it can add the app to the admin-access-only whitelist - otherwise, access denied. |