On Tuesday 05 April 2005 04:49, Anne Wilson wrote: > On Tuesday 05 Apr 2005 01:11, Bryan Phinney wrote: > > So, when someone suggests that a Linux app be coded to provide the same > > false sense of security to users, when there are myriad choices of real > > firewalls as well as methods to lock the system down that are not > > trivially bypassed, some of us simply don't take the suggestion > > seriously. > > I think what people really want is something like a dialogue box on any > dial-out from an application that gives the option of > > this session > always > never > > so that they can block automatic dial outs but allow genuine ones.
An app that knows the difference between these two things? That's not asking for much now, is it? If I could build such a thing, nobody on this group could afford it, Cisco and the other router manufacturers would be in a bidding war to buy it for themselves. > So far > many people have said that iptables rules should be used, but no-one has > actually shown that it can be done - at least they hadn't up to last night. > I haven't finished reading this morning. This has really been covered previously, Anne. If you, as a user, can allow/deny packets, then a rogue process that you installed on your machine can do the same thing for its own packets. It need merely know HOW to do so. If you have a single personal firewall-like app for Linux, that problem is solved. If you install such an app and count on it to protect you from insecure software, you are living in a fool's paradise. Again, I don't have any problem with someone coding this, nor with running it, I simply don't see the point. It is "Windows" dressing, nothing more. -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
