could you add this feature or discuss it at 13.04 Developer Summit?

Nicolas Michel be.nicolas.michel at gmail.com
Wed Oct 17 06:23:18 UTC 2012 

I think what Brian wants (correct me if not) is an application level
firewall. On Windows most antivirus do it : you get a popup when an
application try to access something you didn't already allowed to.
I think what should be done is an AppArmor graphical frontend (with
notifications). Some others already emits the idea on the net :
http://superuser.com/questions/271584/how-can-i-restrict-applications-on-having-internet-access
Here are the rules to set with AppArmor
http://wiki.apparmor.net/index.php/ProfileLanguage#Network_rules
More on apparmor
http://www.ubuntugeek.com/detailed-tutorial-about-apparmor-for-ubuntu-users.html

But honestly, Linux is not Windows Brian. Every application is open-source
(except if you installed a propriatary app from the net). It means from a
security point of view that everyone can read the source code (it he has
the skill)  and see what the application do exactly.
This is not the case for the big majority of applications on Windows. You
just can't see the source code and don't really know what behavior they
will have. So it works on blind trust like: "it is an Adobe app so it
should be OK". Sometimes applications are not coming from a trusted or a
well-know developper. So these application level firewalls are there to be
sure that apps won't access things you don't want to.
In consequence, all applications that you install from the Ubuntu Software
center are considered "safe" by the distribution maintainers because they
or others members of the open-source community already reviewed the source
code. This is why you always should prefer installing app from the ubuntu
software center than from the net directly except if you know what you're
doing.

In addition I also have to mentionned that on Linux, all installed
applications from the software center are updated on *system *updates and
so their security flaws are quickly patched. On windows this is not the
case: except some Microsoft app like Microsoft Office, applications are
only up-to-date when you update them manually.

Other argument against the app firewall level with popus: let the user the
possibility to easily configure the security of its computer is only
usefull when the user knows what he's really doing and all consequences.
Most people will click on "yes" on every popup that appears without asking
themselves the consequences of that click.

Final argument against : I hate popups :)

That said, Linux is also well-known for its freedom of choice. So if you
feel the need to control the network transactions of your applications with
a pretty graphical interface, do it (you or some others that may be
interested in the project). It don't need to be discussed at UDS like
Mathieu said since it's a place to discuss big trends of the next version
of Ubuntu but not where to discuss any new open-source project ;)

Regards,
Nicolas


2012/10/17 Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com>

> On Mon, Oct 15, 2012 at 1:25 PM, Brian labishi <bni1984 at live.com> wrote:
> >
> > Hi. I'm new to Ubuntu and like it very much. Overall I like Ubuntu better
> > than what I used to use, Windows. But one thing that I really miss from
> > Windows is the ability to know what applications and services are
> connecting
> > to the internet. In Windows I could log this kind of information. But
> I've
> > asked some very knowledgeable computer people for help with Ubuntu and
> I'm
> > told this can't be done on ubuntu.
> >
> > I was hoping that Ubuntu developers might address this shortcoming at the
> > summit? I was told this is where these kind of things are discussed.
>
> You're suggesting a very interesting project, yet one that is likely
> to depend on a fair amount of new development.
>
> Do we have other instances of this being asked by people, such as on
> Ubuntu Brainstorm (I'll look too)? It would be important to know,
> before committing time to work on such a thing, how important it's
> perceived to be by our users.
>
> Keeping in mind that there can be a very large number of connections
> happening on a machine at any point in time, what kind of information
> are you looking for? Is it to see everything that attempts to make a
> connection or just what gets blocked by a firewall? Do you want to see
> notifications on the desktop or are you looking for this at the server
> level?
>
> All the above are information that would be best to flesh out a bit in
> advance before starting discussion just so that work items could be
> derived from the resulting discussion.
>
> Obviously, you don't *need* to discuss a project like this at UDS.
> Perhaps it's just something people can start working on as a project,
> and ask for specific things needed in Ubuntu to support using such an
> application/service
>
> Kind regards,
>
> Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com>
> Freenode: cyphermox, Jabber: mathieu.tl at gmail.com
> 4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>



-- 
Nicolas MICHEL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20121017/84ded727/attachment.html>

More information about the Ubuntu-devel-discuss mailing list