Re: TuxGuardian - application based firewall
Honestly, I'm a little disappointed at the attitude of the ubuntu forums staff members, and their complete obstinance regarding this issue - even to the extent that they WILL NOT allow, in the remotest sense, that an application based firewall MIGHT be useful for some people, and in some situations. It makes me wonder if there's an agenda of some kind at work behind the scenes...
I admit to feeling pretty secure on my linux box, but I also admit to wishing I had some application level control over what comes in and goes out of my machine - even if I never really need to use it.
I read with interest LucasAdams post with the link to the brainstorm thread about LittleSnitch, a Mac firewall applet that appears to look and act just like a windows application-based firewall. It seems to me if apple can do it, so can linux.
AppArmour is a great program, but it's hopelessly complex. What I, and the others here, are looking for is something that doesn't require an hour of coding, or memorization of a syntax in order to block or allow anything we want, at any time we want, in a few seconds - especially if we don't know what it is ahead of time - while continuing to go about our normal routine. That's not too much to ask, is it?
While it's true that most of my software is from the repositories, I do have some from outside. I consider them to be "reliable", but you never really know, do you? I would be very surprised if anyone reading this could say that they have never installed something from outside. In fact, I would be surprised if most of us here did not have at least one program installed right now that at least began life outside the repositories (installed it before it was in there).
Then there's the problem of zero day vulnerabilities. These can affect any program - even the kernel. If (when) linux malware becomes more prevalent, even mousing-over an invisible link on an otherwise innocuous webpage can begin an infection. Yes, I admit it will be harder to infect a linux box, and even more difficult to affect anything beyond the user's own files and folders, but not impossible.
Application-based firewalls appear to me to have one big advantage over port-based ones, and that is the ability to monitor and affect what goes in and comes out (albeit in crude fashion) in real time. They combine the virtues of a net monitor, with the ability to actually stop the transfer of data with a click of the mouse. That may not seem important to you, and if it's not, well, okay. I would like to be able to do it.
I admit to being pretty much in the dark when it comes to the experience of a malware attack on a linux system. I have no idea what one would be like. I have heard of people's home folders being trashed. Linux systems are very secure, but they do get hacked on occasion - a friend's linux server was hacked a while ago, and they are not invulneralble. Imagine if someone installed a backdoor to your system, or installed a keylogger, without your knowledge. Perhaps you might only discover it, or at least you might first discover it, when it tried to connect to its master (and a little alert popped-up).
To those who say that application-based firewalls turn users into "clickers", I would say that in combination with a port-based configuration, "allowing" everything would be as secure as a port-based configuration alone. I don't see the problem...
You nay-sayers may be right. There likely isn't enough interest at the developer level to support this right now. Linux is very safe - especially if you're careful and at least a little bit educated. But I predict that a time will come when malware for linux will become more prevalent and at that time an application-based firewall will finally be developed and maintained. It's not a panacea, and no one's suggesting it is (in point of fact, it's a pain in the ***). It's just one more tool for the security conscious person (okay, the excessively paranoid) to monitor and control their system. It fits very nicely between the port-based firewall and a packet analyzer.
Last edited by Laysan_A; December 5th, 2011 at 07:17 AM.
MB:ASUS M3A78-EM AM2+/AM2 780G HDMI, Proc: Athlon 64 X2 5000+ Brisbane 2.6 GHz 2x512KB L2 Cache, Graph: Int. ATI Radeon HD 3200, Aud: Int. Realtek ALC1200 8 channels, Ram: 2GB Corsair XMS2 DDR2 800 SDRAM, Monitor: Dell SE198WFP 19" Wide FPM