User-Friendly Firewalling [Re: ZeroConf in Ubuntu Edgy]
Micah J. Cowan
micah at cowan.name
Wed Jul 5 21:12:58 BST 2006
On Wed, Jul 05, 2006 at 12:56:23AM +0200, Jan Claeys wrote:
> On ma, 2006-07-03 at 18:34 -0700, Micah J. Cowan wrote:
> > ...you don't think a (non-idiot*) user will notice if they suddenly get
> > a pop-up for a program they've never heard of, asking if it's okay that
> > an outside computer is trying to contact it?
> And of course any malware that doesn't hide itself in another
> application or doesn't give itself the name of an expected application
> is written by an "idiot" script kiddie... ;-)
That seems an entirely different issue.
If you are using a program to which you expect connections to be made,
and it includes malware, this is a problem whether you have a nice clean
GUI interface, or are forced to edit iptables by hand. Such a thing will
bite even very technical, security-minded people, and there is no
/completely/ secure solution to it (even compiling from source has been
demonstrated to have problems for this). This is what digital signatures
are intended for.
Now, if someone enables connections to an application that's not
supposed to be communicating over the Net... I don't really see how we
can protect someone too well against that, without stepping over some
lines that I don't believe we have the right to cross ("we know what's
best for you better than you do...").
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
More information about the ubuntu-devel