On Tuesday 05 Apr 2005 11:13, Bryan Phinney wrote: > > > > I think what people really want is something like a dialogue box on any > > dial-out from an application that gives the option of > > > > this session > > always > > never > > > > so that they can block automatic dial outs but allow genuine ones. > > An app that knows the difference between these two things? That's not > asking for much now, is it? If I could build such a thing, nobody on this > group could afford it, Cisco and the other router manufacturers would be in > a bidding war to buy it for themselves. > No, a user that knows the difference.
> If you, as a user, can > allow/deny packets, then a rogue process that you installed on your machine > can do the same thing for its own packets. It need merely know HOW to do > so. That sounds a valid point, to me. > If you have a single personal firewall-like app for Linux, that problem > is solved. If you install such an app and count on it to protect you from > insecure software, you are living in a fool's paradise. > > Again, I don't have any problem with someone coding this, nor with running > it, I simply don't see the point. It is "Windows" dressing, nothing more. I don't think so. I accept that it is not good control, but the alternative seems to be complete absence of control. If an application needs to reach out to get data, as Acrobat Reader does, then it has to have that ability, and I see no reason why it could not equally well send out packets. Perhaps that's because I don't understand firewalling deeply enough, but the discussions on both lists are not explaining the things we need to understand, like this point. The problem is that security is a huge subject. People who need to understand security for their business invest a great deal of time in learning it well, but for users that need only to protect themselves from a few things they see as threats while getting on with their real need there is no easy way to get an overview of the subject. We don't need the same level of security, really, though obviously it would be nice, but this isn't utopia. Frankly, the issue that started the discussion on Expert, that of Acrobat Reader being capable of telling an author who is reading his work, doesn't worry me personally. I'm just concerned that we are being told to either invest the time that a professional would, or 'take a running jump' - not that you would be so rude :-) Anne -- Registered Linux User No.293302 (http://counter.li.org/) Have you visited http://twiki.mdklinuxfaq.org yet? Mandrake at all levels
pgphQ1tLnNlOe.pgp
Description: PGP signature
