> ZoneAlarm will, as I said before, catch *any* new program trying to
> connect to the Internet. It does not just filter based on ports, but on
> the originating executable. So I can use Firefox all day, but if I put in
> a new version, ZoneAlarm will recognize that and block it until I
> say it's OK.
I don't have an answer for you original question. I've never heard of
anything like this being developed for Linux. There's an option to the kernel
to allow user-space packet filtering, if I remember correctly and understood
the help message correctly so I might be possible to do it.
I do feel I need to add that zonealarm and the others like it really do more
for the sense of security than real security. I can't remember the group or
the poster's name, but there is a German guy on one of the security or
networking Usenet groups who is always arguing this with people. There is a
very easy way for a program on Windows to circumvent this sort of outbound
filtering. The German guy regularly provides links to proof-of-concept code
he wrote to demonstrate the technique.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)