Re: [opensuse] Re: Interactive Firewall Needed

On Wednesday 06 May 2009 22:28:43 Jim Henderson wrote:
And yet it's one of the more popular avenues to compromise a system -
trick the user into running something they didn't mean to and then
connect outbound. Why? Because it's something a lot of systems don't
protect against.

You managed to miss my point. If you're running a rogue application, an
outbound connection should be the least of your worries.

What local root/Administrator exploits do we not know about yet? What
happened to that critical presentation you were going to deliver to a customer
at 7am tomorrow?

And as for the pseudo-security presented by ZoneAlarm, the "security by popup"
scheme simply does not work. Microsoft tried it in Vista, and people forced
them to stop. The immediate and instantaneous reaction to a popup, any
popup, regardless of circumstance, from a "normal" user is to click ok. I have
seen it even from relatively experienced users. Error popups, warnings,
whatever - it's gone a tenth of a second after it's appeared.

The first ten times they might be OK with clicking "Yes, I accept" when the
web browser or email client wants to connect. After this, they either click by
rota, or simply select "always allow this application". And guess what? No
more security, no more blocking of outgoing connections, the rogue app has a
path to the outside world.

It's better to design for security correctly in the first place. Part of this
is not running applications from untrusted sources, and part is to have a good
security infrastructure - and in this, things like ZoneAlarm have no place at
all

Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: Recurrent question
    ... >> applications from communicating outbound. ... Which is why the Windows Firewall is sufficient. ... Security needs to be reliable otherwise you don't have security. ... Because they are reliable in the scenarios they are made for. ...
    (comp.security.firewalls)
  • Re: win xp firewall
    ... Trust me a friend of mine and I tested it. ... Closing popup after popup would, IMO, qualify since ... I also never referred to it in particular as a 'security ... > The firewall is not ment to block services that are already on. ...
    (comp.security.firewalls)
  • [NEWS] Firefox Popup Blocker Allows Reading Arbitrary Local Files
    ... Get your security news from a reliable source. ... Firefox Popup Blocker Allows Reading Arbitrary Local Files ... There is an interesting vulnerability in the default behavior of Firefox ... allows the attacker to read arbitrary user-accessible files on the ...
    (Securiteam)
  • Re: Which Firewall with Nod32?
    ... Some of us do not want to be data packet inspectors or firewall rules ... which apps get outbound rights" and which ones don't.How boring, ... > first it was the supposed myth of firewall security and now it's this... ... > "hungry people don't stay hungry for long ...
    (comp.security.firewalls)
  • Re: Blocking unauthorized remote access
    ... The user then contacts the external site from their home PC or traveling laptop, and the site uses the previously-opened connection to create a remote session for them. ... It's not caught by normal firewall config, because the outbound ssl connection appears to be legal. ... I'm sure this is a valuable tool for some folks, but it breaks security policy by allowing unauthorized remote access, so my client wants the ability to shut it down. ...
    (comp.security.firewalls)