New ZeroConf Spec

James "Doc" Livingston doclivingston at gmail.com
Fri Jul 7 11:01:24 BST 2006


On Fri, 2006-07-07 at 10:25 +0100, Chris Jones wrote:
> On 9:53:39 am 07/07/2006 "David Balazic" <david.balazic at hermes.si> wrote:
> > But then why use a firewall at all ?
> 
> Exactly! There is no need to complicate matters with a complex firewall if
> applications take a more responsible attitude to listening on ports :)

It's a question of trust:

If the applications are trusted not to deliberately do bad things, then
all a firewall gives us is a central place of configuration, and options
like "limit to local network only" (which could be done in the
application anyway).


If we're trying to protect against malicious code, then a purely
user-level firewall won't help. It will require something running with
different privileges, so that it can't be circumvented by said malicious
code. 

Presumably whatever is asking the user to make decisions would have to
be able to tell the difference between an accessibility-helper process
trying to control it and a bad program trying to.


If we want to protect against the user running malicious code, then we
can try to to so. However if we're only trying to stop "trusted" apps,
then a firewall may not be the best solution.


Cheers,

James "Doc" Livingston
-- 
Actually, we have scientifically determined that Heisenberg did indeed
sleep exactly here. However, we have no idea whatsoever just how fast
asleep he was. -- Dave Aronson in asr.




More information about the ubuntu-devel mailing list