Originally Posted by
scruffyeagle
I just finished carefully reading every single post in this thread, and have a couple of things to say:
*) Using the term "Windows mindset" or repeating "this isn't Windows" is a cop out - a way of avoiding discussing the details, by lumping dissenting voices into a generic stereotyping.
*) Phone home software in drivers IS an issue, and it's unavoidable. It has absolutely no connection with questions re. repositories vs. other sources. It's the consequence of equipment manufacturers working hard to dig deeper into the pockets of their customers, and working hard to leverage their sales/transactions into further profit regardless of the ethics of their methods. Use of those drivers is a necessity; the equipment is designed from scratch to insist on it. This problem won't go away just because this is Linux, and the time-honored traditional methods & tools in Linux are insufficient to obstructing this new threat to privacy. Therefore, new tools & methods are required.
Based on what I've read in this thread, process #'s are insufficient for this task, as are port #'s. The problem in limiting outgoing connections on a per-application basis, is that the Linux environment doesn't maintain a comprehensive table of program I.D. #'s. (Please correct me, if I'm wrong about that.) In the absence of a comprehensive table of program I.D. #'s, it's not possible to maintain a table of which programs own which current connections - or, to block programs from making connections. Such a table of program I.D. #'s would have to be updated & maintained during every instance of program installation, including assigning separate I.D. #'s for each & every driver. Given such a table to reference, it would be easy to implement per-program internet access privileges. The registration table would have 3 columns: Text of program name, numeric program I.D. # assigned at installation time, and numeric value indicating privileges.
If such a table existed, then establishing a connection could be allowed or refused based on the value of the privileges info in the table. A request for an outgoing connection would require the requesting program to provide a valid I.D. #. Administrators would be able to review &/or edit the privileges in the table on an as-needed basis. A session log would be maintained of programs owning current outgoing connections, with start & end times. The drawback to this framework, is the possibility of programs accessing the table's values for the purpose of spoofing I.D. #'s & associated privileges. I'm not proposing that this would be a replacement for IPtables - it would be an associated accesory, plugging a gap in the security measures.
I don't know the details of operation, re. TuxGuardian, so I don't know if it does what I've proposed here. All I'm really sure of, is that software to do what I've written in the previous 2 paragraphs is needed.
But, please don't tell me that if I want such a feature in the OS then I should write it myself. My programming activities were limited to BASIC - however, my experience in flowcharting, principles of program design, and complex systems analysis are still valid & useful. Of course, if you think it would be right & proper for the entire Linux community to wait until I somehow manage to master writing software in a new language like C++ or Python...?
To sum up: A new problem exists, and traditional methods are insufficient for dealing with it. A method for controlling this problem exists - all that's required is for the community of Linux developers to recognize & acknowledge the problem, then create software that applies the remedy.
Bookmarks