User-Friendly Firewalling [Re: ZeroConf in Ubuntu Edgy]

Micah J. Cowan micah at cowan.name
Tue Jul 4 02:34:10 BST 2006 

On Mon, Jul 03, 2006 at 09:00:48PM -0400, Patrick McFarland wrote:
> On Monday 03 July 2006 20:35, Micah J. Cowan wrote:
> > On Mon, Jul 03, 2006 at 06:43:30PM -0400, Patrick McFarland wrote:
> > > On Monday 03 July 2006 18:21, Dennis Kaarsemaker wrote:
> > > > On ma, 2006-07-03 at 18:02 -0400, Patrick McFarland wrote:
> > > > > I'd like to see this added to the todo list as a required feature for
> > > > > Edgy release, because it really is a sore spot in the Linux desktop
> > > > > environment platform.
> > > >
> > > > Feel free to work on it, code says more than ranting.
> > >
> > > I've been trying to wrap my head around this one for awhile. My problem
> > > is I know how to use iptables pretty proficiently. and using iptables
> > > directly is always going to be an order of magnitude more powerful than
> > > any UI tool... and also an order of magnitude or two more difficult to
> > > use.
> > >
> > > So, basically, I haven't quite figured out how to yet.
> >
> > I believe that Windows Firewall is actually a very excellent model for
> > a secure, user-friendly firewall interface. Pretty much everything is
> > locked down by default, and when an attempt to connect to your machine
> > that has not been explicitly authorized or blocked occurs, the system
> > prompts you to authorize or deny the request/future such requests.
> 
> Thats not exactly the greatest solution, it teaches users to not read dialogs 
> and just click yes.

We'll have to agree to disagree on that one.

...you don't think a (non-idiot*) user will notice if they suddenly get
a pop-up for a program they've never heard of, asking if it's okay that
an outside computer is trying to contact it?

* (Idiot users are buggered no matter what security solution you
  implement... there's always someone who will ignore everything they're
  supposed to read, and will blindly enable any gaping hole within
  reach. There are no security solutions that require zero thought.)

-- 
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/

More information about the ubuntu-devel mailing list