Page 1 of 2 12 LastLast
Results 1 to 10 of 112

Thread: TuxGuardian - application based firewall

Hybrid View

  1. #1
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    TuxGuardian - application based firewall

    I added Package Request for TuxGuardian - application based firewall. If you want it, please vote for it.
    https://bugs.launchpad.net/ubuntu/+bug/657249

    Features:
    Detects unauthorized applications trying to act like a client or a server;
    Operates with or without user intervention;
    Verifies the applications' integrity so that maliciously modified software won't be able to send or receive data through the network;
    Uses a three-layered architecture of independent modules, which eases the task of addings new features and functionality;
    http://tuxguardian.sourceforge.net/screenshot.png
    http://tuxguardian.sourceforge.net/

  2. #2
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    The last time TuxGaurdian was updated, was in 2006, why use something that could potentially have security flaws, when there are already iptables front ends in the repositories. The preferred tool is ufw/gufw.

  3. #3
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Please, read description. Gufw doesn't have this functionality and as far as I know will not have.
    Anyway, when something is in repository it is your choice what to install and what not.
    I think that developers are able to check if it is secure or maybe develop similar application. It has a 'wish' status now.

  4. #4
    Join Date
    May 2010
    Beans
    462
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    It sound good but seem working like a window based firewall.

  5. #5
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    Please, read description. Gufw doesn't have this functionality and as far as I know will not have.
    Anyway, when something is in repository it is your choice what to install and what not.
    I think that developers are able to check if it is secure or maybe develop similar application. It has a 'wish' status now.
    All of these orphaned applications have package maintainers, that make sure the app works with the latest distro release, there may be some bug fixing, but nothing major. Don't count on a package maintainer to fix any major flaws.

    There must be a reason why the original author abandoned the application, but we aren't privy to it.

    As for learning new ways of doing things, any operating system is hard to learn, we weren't born knowing how to use Windows, it took many years for you to gain the knowledge you have now. Give Linux the same amount of effort.

  6. #6
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    I added Package Request for TuxGuardian - application based firewall. If you want it, please vote for it.
    https://bugs.launchpad.net/ubuntu/+bug/657249

    Features:
    Detects unauthorized applications trying to act like a client or a server;
    Operates with or without user intervention;
    Verifies the applications' integrity so that maliciously modified software won't be able to send or receive data through the network;
    Uses a three-layered architecture of independent modules, which eases the task of addings new features and functionality;
    http://tuxguardian.sourceforge.net/screenshot.png
    http://tuxguardian.sourceforge.net/
    While such a thing may sound like a good idea if you are coming from Windows, it has not caught hold in the Linux community as of yet.

    Part of the reason is that Linux is not Windows and this type malware does not exist in Linux.

    Another issue is that people use alternate tools such as selinux or apparmor.

    Another issue is that Linux sysadmins have much more control over what servers are or are not installed on the clients.

    Last, the amount of "damage" any potential clinet could do is very limited on Linux. Sure it could affect things in /tmp or /home, but not system files.

    tuxguardian is very buggy and as has been pointed out no longer maintained.

    All I can say, this is not windows and they type of application firewall you suggest has not really been needed.

    So -1 from me.
    Last edited by bodhi.zazen; October 10th, 2010 at 04:38 PM.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #7
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by bodhi.zazen View Post
    Part of the reason is that Linux is not Windows and this type malware does not exist in Linux.
    You can't guarantee that it will not be created. When this happen linux users will not be prepered.
    Quote Originally Posted by bodhi.zazen View Post
    Another issue is that people use alternate tools such as selinux or apparmor.
    These tools are to difficult for new linux users. And apparmor works differently. First you have to allow certain application to run and then create a policy. It may be too late.
    Anyway, maybe it is great tool for IT professionals but for desktop, an application working like tuxguardian would be simpler and better solution at least for newbies. And second thing the choice should be left for user. It doesn't have to be default firewall. I only want it to be in repositories.
    Quote Originally Posted by bodhi.zazen View Post
    Another issue is that Linux sysadmins have much more control over what servers are or are not installed on the clients.
    I don't work on servers and I really don't care about servers.

    Quote Originally Posted by bodhi.zazen View Post
    tuxguardian is very buggy and as has been pointed out no longer maintained.
    Maybe something similar could be developed. It would be more important for me then a new font in Ubuntu.

  8. #8
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    You can't guarantee that it will not be created. When this happen linux users will not be prepered.
    That sentiment is understandable as you are likely coming from Windows.

    As I have tried to indicate, Linux is not Windows and we do not have the same vulnerabilities.

    There are many reasons this type of vulnerability is extremely unlikely, probably the main one being the Repositories. Most if on all applications are installed from trusted sources and as such adware or spyware of the kind you are worried about is non-existant.

    Security is much tighter in Linux for a variety of reasons and without debating each and every point with you I am explaining to you why the interest in such an application is low.

    Just because you are new to Linux and you are unfamiliar with security does not mean Linux users are not unprepared. Linux and Ubuntu are designed from the ground up to be secure.

    There is a reason we do not have spyware, and it most certainly is not security through obscurity.

    As I said this is not Windows.

    See the stickies and you might also like :

    http://librenix.com/?inode=21

    Securing Debian Manual

    SecurityTeam/FAQ - Ubuntu Wiki

    https://wiki.ubuntu.com/SecurityTeam


    And similar.
    Last edited by CharlesA; December 5th, 2011 at 03:08 PM. Reason: fixed quote tag
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #9
    Join Date
    Oct 2007
    Beans
    11

    Re: TuxGuardian - application based firewall

    Ok guys, I don't know exactly what your backgrounds are, but an application based firewall is needed for linux to gain popularity and maintain it's high security. I use appamor, selinux, snort, and a host of other hids services to maintain my host. However, to run online games that access multiple ip addresses or even use services such as skype witch uses p2p to communicate, an application based firewall is needed. I definately don't want to open all the ports needed for those services on my host for anytime use, and i don't want to keep turning everything off to use them. An application based firewall is needed to continue to maintain our call to the world that ubuntu is ready to be used as your home os.

  10. #10
    Join Date
    Oct 2010
    Beans
    34

    Re: TuxGuardian - application based firewall

    I contacted the initial developer of Tuxguardian - he dropped the project because the underlying linux kernel infrastructure (namely LSM modules API) has been changing so dramatically, it has become impossible to keep up and maintain the project. In newer kernels the possibility to plug-in an LSM modules has been removed, thus Tuxgardian can' work there.
    The only other similar project I came across was linux-firewall.org ,although it didnt work as promised on my machine, so I cant vouch for it.
    I believe that application based firewall for linnux has been long overdue. It is needed not so much to guard off malware and viruses which are largely non-existant because all packages are vetted in the repositories, as to give a privacy-minded user a sense of complete control of what's going on on his machine.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •