Page 5 of 12 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 112

Thread: TuxGuardian - application based firewall

  1. #41
    Join Date
    Jun 2010
    Location
    Austria - Graz
    Beans
    124
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Kinstonian View Post
    Good, because this thread is about firewalls.



    Secure by default is great and I love it. However, it only means you have to do less to harden the OS before you start using it.

    It's a term that only covers the very beginning of security, and doesn't mean you're secure tomorrow when you install additional software/services, have to install patches, determine what action to take after getting a security warning in FireFox/NoScript, back up your important data, choose strong passwords for websites, etc. Secure by default is a small part of security, and it has an increasingly smaller impact on security as time goes by.

    Even if you don't have any services you can still get hacked through a client side vulnerability. That's why you need to keep things like your browser updated and use NoScript, etc.
    Well thank you very much for posting this as this is exactly what I'm ranting about the last couple of pages. I'm talking about that absolute security is an illusion where a simple front-end giving you the option to simply mark a checkbox to block something only amplifies this illusion.

    I'm nowhere in contradiction with what you've posted right now. This thread is not only about firewalls but also about the security of Ubuntu where I just tired to highlight that it won't help to move Ubuntu to the thinking patterns of new users migrated from another OS but instead we should invest energy in helping those new users to adopt a new thinking pattern.

  2. #42
    Join Date
    Oct 2010
    Beans
    5

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by mainerror View Post
    ....
    I'm nowhere in contradiction with what you've posted right now. This thread is not only about firewalls but also about the security of Ubuntu where I just tired to highlight that it won't help to move Ubuntu to the thinking patterns of new users migrated from another OS but instead we should invest energy in helping those new users to adopt a new thinking pattern.
    A new thinking pattern is important but that doesn't mean we should ditch the techniques of the old. While the Windows security model was fundamentally broken it doesn't mean the techniques used to patch it are broken too. Those techniques were built on foundations of sand and that's the why they failed, not because they were flawed too.

  3. #43
    Join Date
    Aug 2008
    Beans
    Hidden!

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by mainerror View Post
    Well thank you very much for posting this as this is exactly what I'm ranting about the last couple of pages. I'm talking about that absolute security is an illusion where a simple front-end giving you the option to simply mark a checkbox to block something only amplifies this illusion.
    Is absolute security an illusion? Yes. However, no one is saying an application based firewall is absolute security. Besides, I'm willing to bet you use NoScript, even though that also fits your idea of "marking a checkbox to block something."

  4. #44
    Join Date
    Jun 2010
    Location
    Austria - Graz
    Beans
    124
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Kinstonian View Post
    Is absolute security an illusion? Yes. However, no one is saying an application based firewall is absolute security. Besides, I'm willing to bet you use NoScript, even though that also fits your idea of "marking a checkbox to block something."
    I use only AdBlock Plus to get rid of adds'n stuff. No NoScript.

    The problem is that for the average user a firewall application symbolizes total security as the don't know better and they don't have to further think about anything because "Hey, I have a firewall; I'm secure!". This is exactly the thinking I always encounter and I'm doing private support almost 7 years now. There only a handful of people I know which think further.

  5. #45
    Join Date
    Aug 2008
    Beans
    Hidden!

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by mainerror View Post
    I use only AdBlock Plus to get rid of adds'n stuff. No NoScript.

    The problem is that for the average user a firewall application symbolizes total security as the don't know better and they don't have to further think about anything because "Hey, I have a firewall; I'm secure!". This is exactly the thinking I always encounter and I'm doing private support almost 7 years now. There only a handful of people I know which think further.
    Yes, and those people probably don't even know what a firewall is, and have almost certainly never heard of TCP/IP. I don't think the people you are ranting at here are the same computer illiterate people you've been helping for the past 7 years.

  6. #46
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Kinstonian View Post
    True, but the point of this kind of firewall isn't about being notified or preventing web browsers and email. I think it would be nice to be notified as soon as wget or ftp were used, and be able to permit/block it if necessary. Preventing an attacker's toolkit from getting on your computer is critical and can mean the difference between a minor or major incident. Wouldn't you want to know if a process like Nmap or a new process you don't know about wants to make an outbound connection to the Internet out of the blue?
    Are you assuming a system is already compromised when the programs you mention are started? If not, it is the user that starts those programs, and that is what most of us in this thread are saying. Wget, ftp and nmap don't start by themselves and normally when you start the program you have to add where it is connecting to.

    If you don't want something to open a port to the wild, don't start the program.

  7. #47
    Join Date
    Oct 2010
    Beans
    5

    Re: TuxGuardian - application based firewall

    An idea that implements most of what we want but fails to mention how much additional effort application based security would require: http://brainstorm.ubuntu.com/idea/23333/

    This article simple disregards the linux-is-superior-to-MS arguments: http://lwn.net/Articles/316940/

    It appears that someone will work on stacking linux-security-modules. That way other connection and file permission applications can operate at the same time. Does anyone have an update on the progress of this?

    In the meantime firestarter is an interactive firewall with limited application based functionality. We need something with a bit more polish and focus on the application side of things.

  8. #48
    Join Date
    Jun 2010
    Location
    Austria - Graz
    Beans
    124
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Kinstonian View Post
    Yes, and those people probably don't even know what a firewall is, and have almost certainly never heard of TCP/IP. I don't think the people you are ranting at here are the same computer illiterate people you've been helping for the past 7 years.
    And you think only computer literate will find their ways to Ubuntu? This would be very naive at best. All kinds of people with all kinds of knowledge will find their way to Ubuntu, which is something very good as long as they try to open their minds a bit and learn about how Linux and Ubuntu work. As long as people come here and start thinking about how to restore their old way security we won't make progress; well we will but not forward. Those new people should invest their energy in learning about Linux and Ubuntu instead of trying to start unnecessary projects for inexistent problems. Maybe inexistent problems isn't the right definition the problem is between chair and keyboard.

  9. #49
    Join Date
    Jun 2010
    Beans
    111
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by mainerror View Post
    The problem is that for the average user a firewall application symbolizes total security as the don't know better and they don't have to further think about anything because "Hey, I have a firewall; I'm secure!". This is exactly the thinking I always encounter and I'm doing private support almost 7 years now.
    Don't generalize and don't exaggerate. I'm interested in all kind of security stuff like apparmor, iptables and I try to implement some good advise from forum, but I don't want to became a computer geek. Having more simple solution doesn't contradict security knowledge.
    Last edited by arapaho; November 3rd, 2010 at 04:32 PM.

  10. #50
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by arapaho View Post
    Don't generalize and don't exaggerate. . . . . . .
    He is generalising but not exaggerating. Ask most people why they use a firewall and the answers will extend from 'don't know, but it is recommended' to 'it makes you safer'. If you are wise you do not persue it.
    Brian.

Page 5 of 12 FirstFirst ... 34567 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •