On Mon, 2006-05-08 at 23:36 -0700, Victor Odhner wrote:
> I love that ZoneAlarm gives me a fresh alert each
> time I update Firefox, for example ... do you want
> *this* version of Firefox to connect to the Internet?
> I'd really like to see that kind of trojan protection
> in the Linux world.
>
> I tend to be overly trusting of the apps that I run
> under Linux, but I'd certainly like to know when
> one of them decides to phone home.
>
> Is there anything available in the Linux world that
> resembles ZoneAlarm's per-application outbound
> firewall? Does iptables know what application is
> sourcing an outbound connection? Is it technically
> feasible to insert that kind of hook?
>
> This is a question that came to me during a thread
> on Adobe Reader, but I didn't see an answer.
>
> Googling for "Outbound firewall" and "Linux"
> just brought up a bunch of recent articles about
> Vista's outbound firewall being disabled by
> default.
>
> I've been very impressed by ZoneAlarm. This
> evening it stepped in once again ... I brought up
> Adobe Reader under Windows, and it tried to
> connect out. I've now disabled that feature.
>
> Adobe Reader also claimed there was a script
> inside the PDF, which I had generated with
> "Cute PDF Writer", and didn't I want to enable
> the scripts?
>
> I suspect it is wrong about that, but it would be
> nice if I could disassemble the PDF and see for
> myself -- especially since I'm mailing that PDF
> out to a few dozen people.
----
I don't know of any Linux application that would manage that but perhaps
someone will pipe up with a suggestion but did want to sound off on
this.
While I specifically don't mind this type of alert 'most' of the time,
sometimes I don't want to be bothered with it and I have found that most
users don't know or understand the alerts that are presented anyway.
It appears that most legitimate processes such as Acrobat Reader trying
to see if there is a newer version available don't make any effort to
disguise it's efforts but many other processes will completely escape
detection by using port 80 which passes through most every proxy and
firewall unfiltered and thus you would never know about the activity
anyway which leads to a false sense of security and I think that to a
great extent, the products like ZoneAlarm, Norton Internet Security,
etc. fool the users into thinking that they have extended some great
amount of security.
Yes, if you use ZoneAlarm (or one of the others) and you fire up
LimeWire, it will present a warning that it is attempting to make a
connection but if you get a trojan horse that starts firing off emails
from your system, you wouldn't know the difference.
FWIW, I just use the built-in 'Windows Firewall' on WinXP SP2 since it's
installed automatically and scriptable.
Just my 2 cents.
Craig
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)