On Tuesday 05 Apr 2005 11:13, Bryan Phinney wrote:
> >
> > I think what people really want is something like a dialogue box on any
> > dial-out from an application that gives the option of
> >
> > this session
> > always
> > never
> >
> > so that they can block automatic dial outs but allow genuine ones.
>
> An app that knows the difference between these two things?  That's not
> asking for much now, is it?  If I could build such a thing, nobody on this
> group could afford it, Cisco and the other router manufacturers would be in
> a bidding war to buy it for themselves.
>
No, a user that knows the difference.

> If you, as a user, can
> allow/deny packets, then a rogue process that you installed on your machine
> can do the same thing for its own packets.  It need merely know HOW to do
> so. 

That sounds a valid point, to me.

> If you have a single personal firewall-like app for Linux, that problem 
> is solved.  If you install such an app and count on it to protect you from
> insecure software, you are living in a fool's paradise.
>
> Again, I don't have any problem with someone coding this, nor with running
> it, I simply don't see the point.  It is "Windows" dressing, nothing more.

I don't think so.  I accept that it is not good control, but the alternative 
seems to be complete absence of control.  If an application needs to reach 
out to get data, as Acrobat Reader does, then it has to have that ability, 
and I see no reason why it could not equally well send out packets.  Perhaps 
that's because I don't understand firewalling deeply enough, but the 
discussions on both lists are not explaining the things we need to 
understand, like this point.

The problem is that security is a huge subject.  People who need to understand 
security for their business invest a great deal of time in learning it well, 
but for users that need only to protect themselves from a few things they see 
as threats while getting on with their real need there is no easy way to get 
an overview of the subject.  We don't need the same level of security, 
really, though obviously it would be nice, but this isn't utopia.  Frankly, 
the issue that started the discussion on Expert, that of Acrobat Reader being 
capable of telling an author who is reading his work, doesn't worry me 
personally.  I'm just concerned that we are being told to either invest the 
time that a professional would, or 'take a running jump' - not that you would 
be so rude :-)

Anne
-- 
Registered Linux User No.293302 (http://counter.li.org/)
Have you visited http://twiki.mdklinuxfaq.org yet?  Mandrake at all levels

Attachment: pgphQ1tLnNlOe.pgp
Description: PGP signature

Reply via email to