TuxGuardian - application based firewall

[arapaho]

If you are wise you do not persue it.

He, he. Maybe I'm not so average.
Besides, my point is: most users will choose the most simple solution and operating system, also considering safety solutions simplicity. And even Unity desktop won't increase Ubuntu popularity considerably.
Observing what Canonical is doing, they want to make Ubuntu more popular and user friendly. At least they should think about apparmor GUI with "block THIS application from accessing Internet' feature. OpenSuse has a GUI for apparmor and apparmor will be included in 2.6.36 kernel, so it is the right time to think about it.

[mainerror]

I don't think that here is anyone arguing that it is bad to have a GUI for apparmor. What I've been trying to say of the past few pages is that only with a nice little GUI for apparmor and also only with apparmor, or iptables and all other security applications you ain't done. If users demand to make a certain distro more like an older distro just so they don't have to learn anything new then we will be moving in circles.

Linux and thus Ubuntu is getting more and more popular as many of you have observed. That will certainly draw attention to the malware coding scene and they will also definitely start concentrating to find ways to exploit security holes and so on. With users denying to learn about security we are going to end up same as in the past only the operating system name will change on all those quotes from people not understanding whats really going on "Meh I've been hacked ... Ubuntu sucks." but hey before they were secure because "Hey I have a nice GUI to control an application which enhances security even tho I don't have any clue about what security is. But I'm secure because this software is supposed to protect me against any bad.".

Sure I'm generalizing because fact is that the majority of the people out there have no clue about security but believe me I'm not exaggerating; not even a slightly bit. It's what the majority of people understand as being secure. Having a firewall on their system makes them unbelievably secure as no one really tried to understand is because no one really tried to teach them what security is in am easy to understand way. I'm not saying that I'm the one who can teach everyone what security is at least not in an easy to understand way but I know that there are very talented people out there (talented in terms of teaching).

So to sum it up. Is it good to have a GUI for a security application? Definitely; it makes it easier for people to control them. Is it enough to just create a GUI or more security tools without teaching people about security? Probably if you deny history if you are someone like me who'd like to not let history repeat then definitely no.

[bodhi.zazen]

I don't think that here is anyone arguing that it is bad to have a GUI for apparmor. What I've been trying to say of the past few pages is that only with a nice little GUI for apparmor and also only with apparmor, or iptables and all other security applications you ain't done. If users demand to make a certain distro more like an older distro just so they don't have to learn anything new then we will be moving in circles.

Linux and thus Ubuntu is getting more and more popular as many of you have observed. That will certainly draw attention to the malware coding scene and they will also definitely start concentrating to find ways to exploit security holes and so on. With users denying to learn about security we are going to end up same as in the past only the operating system name will change on all those quotes from people not understanding whats really going on "Meh I've been hacked ... Ubuntu sucks." but hey before they were secure because "Hey I have a nice GUI to control an application which enhances security even tho I don't have any clue about what security is. But I'm secure because this software is supposed to protect me against any bad.".

Sure I'm generalizing because fact is that the majority of the people out there have no clue about security but believe me I'm not exaggerating; not even a slightly bit. It's what the majority of people understand as being secure. Having a firewall on their system makes them unbelievably secure as no one really tried to understand is because no one really tried to teach them what security is in am easy to understand way. I'm not saying that I'm the one who can teach everyone what security is at least not in an easy to understand way but I know that there are very talented people out there (talented in terms of teaching).

So to sum it up. Is it good to have a GUI for a security application? Definitely; it makes it easier for people to control them. Is it enough to just create a GUI or more security tools without teaching people about security? Probably if you deny history if you are someone like me who'd like to not let history repeat then definitely no.

Linux is not Windows and Unix has been around for longer then Windows.

Linux is designed from the ground up to be secure and at this time we do not have the same problems with malware.

It is not as if *nix is not a target as *nix has a high penetration in the server market.

The suggestion that Linux users somehow ignore security is a false assumption.

If such a problem develops the general solution is to patch the code, ie security updates.

This thread is essentially a discussion with new users applying Windows mentality to Linux making broad claims that Linux needs to somehow change.

The take home message more experienced users are trying to convey comes down to several items.

1. Relax. This is not Windows.

2. Linux is secure by default. The developers have taken care of security for you.

3. If you want to harden your system it will require a bunch of reading. A graphical front end may help, but you still need to know a fair amount about Linux in order to configure apparmor, GUI or no.

If you are interested in security, start reading. Start with the security sticky and move to the Apparmor and HIDS/NIDS threads.

Only when you do some reading and learning will you fully understand security.

See also:

http://www.debian.org/doc/manuals/se...-debian-howto/

http://www.debian.org/doc/manuals/se...n-step.en.html

[arapaho]

bodhi.zazen - You are 'The Great Guru of Ubuntu Security' and it is easy for you to operate all this mysterious applications like apparmor.

And definitely I will read, read and read but - my first experience with apparmor started like this:
http://ubuntuforums.org/showpost.php...&postcount=155
I downloaded apparmor profiles and put them into enforce mode and now I can't even make a pdf from web page because cups are blocked by apparmor. Firefox doesn't work too, it is blocked somehow.

Now I have to learn how to interpret all this logs and apparmor messages. It is a way too much for a newbee like me. It makes me frustrated.
Besides I'm a humanist and this IT stuff is so difficult to understand to me even when I try. Please, tell Ubuntu developers that a simple solution for NON geeks is requested.
I really don't want to apply Windows mentality but apparmor profiles and logs are too difficult.

I discovered
http://brainstorm.ubuntu.com/idea/21652/
This idea is a duplicate of Idea #8827: gui apparmor.

Why Ubuntu developers haven't implemented it yet? Why Unity desktop is more important?

Can you also comment on what chocolateboy wrote about snet #12 and LucasAdams #47?

[bodhi.zazen]

bodhi.zazen - You are 'The Great Guru of Ubuntu Security' and it is easy for you to operate all this mysterious applications like apparmor.

And definitely I will read, read and read but - my first experience with apparmor started like this:
http://ubuntuforums.org/showpost.php...&postcount=155
I downloaded apparmor profiles and put them into enforce mode and now I can't even make a pdf from web page because cups are blocked by apparmor. Firefox doesn't work too, it is blocked somehow.

Now I have to learn how to interpret all this logs and apparmor messages. It is a way too much for a newbee like me. It makes me frustrated.
Besides I'm a humanist and this IT stuff is so difficult to understand to me even when I try. Please, tell Ubuntu developers that a simple solution for NON geeks is requested.
I really don't want to apply Windows mentality but apparmor profiles and logs are too difficult.

I discovered
http://brainstorm.ubuntu.com/idea/21652/
This idea is a duplicate of Idea #8827: gui apparmor.

Why Ubuntu developers haven't implemented it yet? Why Unity desktop is more important?

Can you also comment on what chocolateboy wrote about snet #12 and LucasAdams #47?

Linux is not windows.

I suggest you relax and use Ubuntu "as is" without attempting to change anything.

If you have a problem, post here for assistance.

I think your problem boils down to applying Windows mentality to Ubuntu.

I am not suggesting you should ignore security, keep reading and asking questions. But understand the vast majority of people run Ubuntu without any additional hardening and without any of the problems you may have experienced with other OS.

I think a better question is, what makes you think you need to harden Ubuntu ?

Gui front ends do not help with apparmor. You need to read and understand the warnings in your logs. A GUI front end that simply asks "Do you want to allow this (Y/N)?" does nothing as you do not understand what you are allowing or what the implications of allowing such access. IMO, you might as well just disable apparmor if you are going to allow everything without understanding the underlying principles.

You can not write an apparmor profile for firefox that applies to everyone because everyone uses firefox differently. Only you can know how you use firefox and what you wish to add or disable.

If you are new to apparmor, firefox is not the place to start as firefox is a complex application with very broad and variable needI (everything from internet access to audio/video to PDF files to apt-url). Start with a simpler application such as say Privoxy (as one example) and build up to firefox.

How long have you used Windows ? Give yourself 6-12 months to learn the OS, then you will understand better.

[arapaho]

I think a better question is, what makes you think you need to harden Ubuntu?

I'd like to use programs from different sources like for example from this site
http://www.linuxlinks.com/Software/
not only from repositories. And I'm not sure if they are safe and if they can contain a spyware or a keylogger. So, just in case I'd like to block them right at the installation process.

[brian_p]

I'd like to use programs from different sources like for example from this site
http://www.linuxlinks.com/Software/
not only from repositories. And I'm not sure if they are safe and if they can contain a spyware or a keylogger. So, just in case I'd like to block them right at the installation process.

You were doing very well with your argument until now.

You think something from linuxlinks may contain some malware. Maybe it does, maybe it doesn't. But it's what you think that counts. So why download it and install it.? Are you sure you really want to use programs from this source?

But now you want the installation process to say - "don't do this, it's dangerous!". The computer is not a replacement for your brain.

[arapaho]

But now you want the installation process to say - "don't do this, it's dangerous!". The computer is not a replacement for your brain.

No, I want to block it just in case if it could help to be more secure. Some time ego there was a dangerous code in gnome screensaver. I think linux users should be protected somehow by software. The only question is to what degree. But even if I had a very large and smoothly running brain I wouldn't be able to prevent all possible present and future dangers myself. And limiting users only to repository won't make linux more popular.
So, definitely there should be easy programs supporting users and warning them. I don't see it strange. It is rather normal in windows that for example firewall or antivirus pop-ups a message. Linux doesn't have to be like windows but I have to admit that being user friendly is a good feature and doesn't contradict user awareness and knowledge about security issues.

That's sad that I can't use application from other sources.
How about commerce application in Canonical store? Does Ubuntu team check them if they don't have any dangerous code, do they have access to source code? For example PowerDVD? What is its licence?
http://shop.canonical.com/product_in...roducts_id=243
How can I be sure that they don't gather information for some marketing/commercial purpose?

If your advice is not to use any software from outside repository it greatly limits functionality of the system, because OS is for running applications and is only functional to the degree applications for this OS are.

Anyway, I have the feeling that this discussion doesn't change anything.

[CharlesA]

It's a port of PowerDVD for Linux. What's the problem (outside of it not being listed as able to be used with 10.04 and 10.10.

Most software is in the repos, but there are some stuff that isn't, which you can find in PPAs or by compiling them from source.

As long as you know the file is from a reputable source you'll be fine.

[brian_p]

No, I want to block it just in case if it could help to be more secure.

If you install a program which you consider to be insecure or which you don't completely trust how does
blocking it make it more secure?

If your advice is not to use any software from outside repository it greatly limits functionality of the system, . . . . .

There are 30,496 packages in Debian unstable. I've never noticed any limitation in functionality of the system.