Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57

Thread: Why all Linux firewalls are snake oil (for desktop)

  1. #1
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Why all Linux firewalls are snake oil (for desktop)

    In my opinion, Linux firewalls don't do much to protect your computer. As far as I know (please correct me if I'm wrong) they are all snake oil.

    As far as I know (again correct me if there is out there a good firewall I haven't heard about) Linux firewalls don't allow you to setup application rules/outbound application filtering, only protocol rules!

    The true is: without application level filtering, a firewall is almost useless. It doesn't protect you from trojan horses, keyloggers, spyware, backdoors, and so on.

    The real protection is program-level control, so that only those applications you trust are allowed to access the Internet! Offcourse this requires cryptography signatures of all applications you allow internet access.

    Such as Steve Gibson states, it is no longer true that all of the potential problems reside outside the computer. Your Internet connection flows both ways... so must your security.

    Not only must our Internet connections be fortified to prevent external intrusion, firewalls must also provide secure management of INTERNAL EXTRUSION.

    Any comprehensive security program must safeguard its owner by preventing Trojan horses, viruses, and spyware from using the system's Internet connection without the owner's knowledge.

    Scanning for the presence of Trojans, viruses, and spyware is important and effective, but if a piece of malware does get into your computer you want to expose it immediately by detecting its communication attempts and cut it off from communication with its external agencies.

    Most personal Windows software firewalls provide — or attempt to provide — application-based management and control of outbound Internet communications. Do I need to give examples? Ok, I give some: ZoneAlarm, NIS, Look 'n' Stop, Outpost, Kaspersky Anti-Hacker.

    Linux firewalls, on the contrary, offer NO PROTECTION and control against the very real threat represented by outbound Trojan, virus, and spyware communications. They don't offer any application outbound control!

    What's Wrong With these Linux firewalls?

    - External Intrusion versus Internal Extrusion

    It is good to have a firewall protecting your system from external intrusion, but the fact is, if you are not actively offering public access services, there's really not much an outsider can do to you.

    However, the typical Internet user is under much greater threat from the malicious intent of programs which are inadvertently loaded into their machines. Trojan horses, eMail viruses, and Adware/Spyware are flying across the Internet with ever-increasing frequency and they are becoming much more clever. And, predictably, the latest ones have now become "firewall aware" and are using some simple tricks to penetrate personal firewalls!
    Therefore, any truly useful firewall must be able to not only block external intrusion, but also INTERNAL EXTRUSION!

    We need Linux firewalls which are able to give us application-based management and control of outbound Internet communications! And we need them now!

    For Ubuntu users the risk will be even greater, cause Ubuntu will ship proprietary drivers by default... any binary driver can be spyware, a rootkitt or a trojan... (Lexmark drivers, for instance, and some Epson drivers, already phone home).

    zetetic

  2. #2
    Join Date
    Feb 2006
    Location
    Moshi, Tanzania
    Beans
    805
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Why all Linux firewalls are snake oil (for desktop)

    Maybe you should read a little more about the way security is handeled in Linux before making asumptions.

    You should start here. While Asiu sais himself he's not a security expert, but he does have a gift for writing and explaining in layman's words.

    - trib'

  3. #3
    Join Date
    Oct 2005
    Location
    United Kingdom
    Beans
    4,848

    Re: Why all Linux firewalls are snake oil (for desktop)

    The linux kernel itself is a firewall.

    Ubuntu has no open ports as default.

    If you start an application up... be prepared for it to do whatever its programmed to, including openning up ports.
    - If you don't trust said application, don't open it.
    - Programs can't "just start" in Linux... so you shouldn't worry about random things openning ports.

    'nuf said.
    Last edited by PriceChild; December 4th, 2006 at 07:23 PM.
    Every time you install Jaunty, a kitten........ wait sorry what year is this again?
    Please don't PM support questions, post a thread so that everyone can benefit
    Join us in #ubuntuforums on irc.freenode.net

  4. #4
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: Why all Linux firewalls are snake oil (for desktop)

    PriceChild said:

    «If you don't trust said application, don't open it.»

    This is the worst way of dealing with security one can imagine.

    Security can't rely simple on the user not opening an apllication he doesn't trust.

    If in order to get security all we need to do would be not opening applications we don't trust, even Windows would be a completely secure system.

    The truth is: your way of dealing with security issues could only be effective if all users were good developpers and had the time to analise the source code of all Linux programs! Kind of impracticable.

    The truth is: Linux is very secure and much secure then Windows when we are talking about external intrusion, but much less secure than Windows (with a good firewall such as Outpost, ZoneAlarm, etc) when we are talking about internal extrusion!

    Who is the culprit for this situation? Linux snake oil firewalls...

    And with the upcoming proprietary drivers by default, I predict a security nightmare for Ubuntu users.

    zetetic

  5. #5
    Join Date
    Oct 2005
    Location
    United Kingdom
    Beans
    4,848

    Re: Why all Linux firewalls are snake oil (for desktop)

    What I meant was... In my opinion you can trust everything you get from the standard Ubuntu repositories.

    It "should" be secure when installed.

    If you edit these programs, they may be unsecure.

    If you add extra programs, from universe, 3rd party etc. you may be unsecure.

    Don't run anything you're not sure about, but if you have Ubuntu installed then you should trust main.
    Every time you install Jaunty, a kitten........ wait sorry what year is this again?
    Please don't PM support questions, post a thread so that everyone can benefit
    Join us in #ubuntuforums on irc.freenode.net

  6. #6
    Join Date
    Feb 2006
    Location
    Moshi, Tanzania
    Beans
    805
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Why all Linux firewalls are snake oil (for desktop)

    You seem to imply that a fair proportion of software calls home.
    This is wrong.

    As I said above, you also should sort ou the virus/malware thing - it's so improbable it hurts (only proof-of concept viruses exist, and with very little propagation ability).

    What is your firewall supposed to protect you from, then?
    And don't you think that of all Ubuntu/linux users, someone would eventually notice something is calling back home, and the security team would patch it (if open source) or remove it from the repos (the only plausible large scale distribution vector)?

    Anyway, read a little (or a little more) about linux security, you'll see the way iptables work is far from being snake oil.

    Cheers.

    - trib'

    EDIT:
    Don't run anything you're not sure about, but if you have Ubuntu installed then you should trust main.
    That's what I was trying to express, but I failed my "English written communication" roll...
    Last edited by tribaal; December 4th, 2006 at 08:06 PM. Reason: rephrase / add

  7. #7
    Join Date
    Aug 2005
    Beans
    462

    Re: Why all Linux firewalls are snake oil (for desktop)

    netfilter/iptables is a great firewall it does all the stuff needed and it's not snake oil, you just need a front end for it.

    program-level control isn't anything to do with a firewall, that's just bloat FW makers have added to keep up with the jones. if you want that you should look into HIPS software.

    here's a frontend you might like though
    http://tuxguardian.sourceforge.net/

    one of the popups
    http://tuxguardian.sourceforge.net/screenshot.png
    Thanks to the forums staff for your dedication and hard work
    (the admins changed my sig to that lol )

  8. #8
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: Why all Linux firewalls are snake oil (for desktop)

    PriceChild, tribaal and other friends:

    Please don't think I'm trying to bash Linux. I simple love Linux and the fisrt day I've installed Linux was the last day I've ever used Windows! (and I was a Windows (and DOS) power user for more than 15 years...).

    That said, I know Linux is very secure when we are talking about external intrusion. The problem is when we are dealing with internal extrusion.

    The point is we do need firewalls capable of given protection against internal extrusion, by doing application outgoing control/filtering.

    And I think we have the right (and the duty) of alerting people for this Linux security flaw.

    The only reason this security flaw haven't already turned into a serious or dramatic flaw is because almost all Linux applications are open source... And so it's difficult for a malware application beeing much time out there without beeing detected by a developper that one day decides to scrutinize it.

    But with the rising introduction of closed source software in Linux (such as the upcomming binary drivers in Ubuntu Feisty) the situation can dramatically change, and then we can face a security nigthmare (without really good Linux firewalls).

    Zetetic
    Last edited by zetetic; December 4th, 2006 at 08:29 PM.

  9. #9
    Join Date
    Oct 2006
    Location
    /home
    Beans
    189

    Re: Why all Linux firewalls are snake oil (for desktop)

    Thanks for your reply ice60!

    I will give those applications a try!

    Nevertheless I think a good firewall should give both external intrusion protection and internal extrusion protection (traffic flows in both aways).

    regards,
    zetetic

  10. #10
    Join Date
    Jan 2006
    Location
    Virginia
    Beans
    1,870

    Re: Why all Linux firewalls are snake oil (for desktop)

    I think this way of handling security is plenty good. You almost make it sound like people want to use these insecure applications. So long as the mainstay of a persons software is provided by the vendor (read as: ubuntu) you don't really have anything to worry about. I'm confident that the Ubuntu devs will look out for our security now and in the future.
    "I refuse to be part of a society that encourages the rampant abuse of its own language." ~ The Black Mage

Page 1 of 6 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •