Re: [opensuse] Interactive Firewall Needed
- From: "Rajko M." <rmatov101@xxxxxxxxxxx>
- Date: Tue, 5 May 2009 22:47:55 -0500
On Tuesday 05 May 2009 09:34:11 pm L. V. Lammert wrote:
On Tue, 5 May 2009, Rajko M. wrote:
On Tuesday 05 May 2009 05:24:05 pm Carlos E. R. wrote:
The request for someone to learn firewall internals in order to open
ports is the same as to ask car owner to know how to tune cars in order
to use them. Some will do that, but majority see car as a way to go from
point A to point B, not a bit more.
Sorry, you have missed the support equation entirely! A *USER* should
never be asked to open a port, as that request might have come from some
It seems that you never used personal firewall in that other OS, at least not
paid for version. User is asked would he let application [name] to access
Internet, with offer to give more details if user wants. So, if you see some
application attempting to access Internet, and you are not sure, you click
link to more information and read what firewall creators have to say.
Can you imagine better option for user that is not specialist for computers?
You can argue that Windows users are used to OK everything, but such user will
ask how to disable firewall, and knowing helpful Linux guys, he will get
information, or he will not ask anything and trash Linux.
If they KNOW it is a valid request, it's only three or four mouse clicks
to turn on that port - no internal knowledge needed.
How would they know?
Today even kwrite is networked, and second, how you as new to Linux should
know which application is benevolent and which not.
Applications try to access port, but never tell you which. Some, after failed
attempts will tell you what ports are needed, but not many.
Having program that will monitor all ports and notify user that some
application wants to go out is not out of mind. That is way better option
then having all ports closed making application to fail, or forcing
user to shut down the firewall.
Sorry, not true either. The system comes configured with standard ports
open, and any other required ports would be opened at installation.
Well if applications are installed that way why we have those that like Samba
fail royally on my own LAN? CUPS don't work on the same LAN, and probably
Under normaly circumstances, the user would never see a request to open a
port; if he/she DOES, it is higly likely that some malicous application is
the cause, OR a new application is being installed, which should have been
monitored by a qualified professional anyway.
Should I hire qualified professional to make Samba or CUPS working?
I'm sure, if I would be lesser do-it-yourself guy, I will take another
approach, ditch the non working OS and go back to working.
Continue to pay for firewall that is a bit more verbose than Linux one, pay
for antivirus software, have normal user for everything, but administration,
apply common sense in other activities, like don't open attachments, don't
visit dark corners of the web, and have OS that prints when I want, connects
to other computers on LAN without asking me for PhD in couple of computer
What that monitor will do is the same as user will do with much more
hassle. It will record port, destination IP and application name. Notify
user and after, [yes], [yes, log traffic], or [no], perform action.
No, no, no! Training users to always click on the "YES" button is
absolutely no security at all. Why do you think Vista had so many
problems? USERS are not qualified to make a security decision.
Users that always OK without reading you can't protect.
They sign more serious things without reading them.
That is just kind of people, that jump first and then hope that all will end
Harassing the rest would not increase computer security a bit.
Although, I can agree that asking user to decide should some application go to
Internet, without providing additional informational resources, is equivalent
of training them to click OK. The solution is not to give ability to poke the
hole in firewall, without providing additional information to those that ask
IMHO, the second part of solution is actually more demanding on developers,
then the first. It requires permanent maintenance and update of information.
Taking current problems with similar tasks, like providing current application
manuals and troubleshooting guides, it seems that we will wait a bit until
community builds resources for such task.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Prev by Date: Re: [opensuse] Interactive Firewall Needed
- Next by Date: [opensuse] Help! What blew my kde menu away in kde3?
- Previous by thread: Re: [opensuse] Interactive Firewall Needed
- Next by thread: Re: [opensuse] Interactive Firewall Needed