On Tuesday 05 April 2005 06:26, Anne Wilson wrote: > > An app that knows the difference between these two things? That's not > > asking for much now, is it? If I could build such a thing, nobody on > > this group could afford it, Cisco and the other router manufacturers > > would be in a bidding war to buy it for themselves. > > No, a user that knows the difference.
Should have been more clear here. Two scenarios, first a user that has access which I covered below, second, an app that can do it at root level without user access which I was pointing out is quite a stretch. > > If you have a single personal firewall-like app for Linux, that problem > > is solved. If you install such an app and count on it to protect you > > from insecure software, you are living in a fool's paradise. > > > > Again, I don't have any problem with someone coding this, nor with > > running it, I simply don't see the point. It is "Windows" dressing, > > nothing more. > > I don't think so. I accept that it is not good control, but the > alternative seems to be complete absence of control. If an application > needs to reach out to get data, as Acrobat Reader does, then it has to have > that ability, and I see no reason why it could not equally well send out > packets. Perhaps that's because I don't understand firewalling deeply > enough, but the discussions on both lists are not explaining the things we > need to understand, like this point. Well, let's cover that really quickly. If Acroread is only being used to access local data, it needs no Internet access at all. Thus, you could firewall it off and still use it. However, as I understand things, it integrates into a browser and may actually pull the pdf file itself. Assuming that is the functionality you want, there is an outgoing request to pull the data from the web, and then incoming packets that contain the pdf file. You could probably block posts which is what is being suggested, but this implies an intimate knowledge of the workings of the app, knowing what to block versus accept. Given the audience for this, I think that assumes entirely too much. Also, if Acroread is really using embedded javascript/java for this type of thing, it is possible that someone can code the web bug such that communication is sent on a port other than port 80 and well above what would be considered a security area that fits within the first 1024 ports. Again, this requires some type of intimate knowledge of what is being done and thus what needs to be blocked. If you want local access to pdf's only, then use an OS pdf viewer. What is much more likely to happen is that Acroread will request access to pull the pdf, the user will click allow and then Acroread will yank the pdf and then try to send a web bug to the source and since it has already been given permission, it will send its data. Another scenario is that the user will click Allow for get and then deny for second Post attempt in which case, perhaps the PDF will not display which will cause the user to click Allow for the second and the web but goes out. The only point that I can see that is possibly valid is the idea of having a firewall to block heretofore unknown requests from apps that should not need network access. Things like the spyware and adware apps that are bundled with other apps. However, again, I would point out that if you go around installing untrusted apps on your machine, I don't think that any personal firewall-like app is going to salvage your security. You will be compromised. Just as so many Windows users are compromised even though they have personal firewalls installed. > The problem is that security is a huge subject. People who need to > understand security for their business invest a great deal of time in > learning it well, but for users that need only to protect themselves from a > few things they see as threats while getting on with their real need there > is no easy way to get an overview of the subject. We don't need the same > level of security, really, though obviously it would be nice, but this > isn't utopia. There are trade-offs to everything. If you tighten things down too much, a platform becomes nearly unusable for certain things. For instance, locking down a web server makes it an unsuitable platform for development, or building applications. If you lock down your desktop to the level that it is impossible for any local app to communicate out, you are going to likely end up with either a nightmare administration scenario or an unusable desktop. I still truly feel that this discussion is misplaced. Someone wants to run an app they don't trust and they want a second app to protect them from the first. The premise is faulty, the real solution is to not run untrusted apps. For example, Internet Explorer is a bad browser for a lot of reasons but one of which is that it allows ActiveX applications to run without user interaction or approval. Acroread sounds very much like it is doing the same thing via embedded javascript/java based on the descriptions. The solution is not to install a third party app to try to control ActiveX, but to not use Internet Explorer because you can't trust it. > Frankly, the issue that started the discussion on Expert, > that of Acrobat Reader being capable of telling an author who is reading > his work, doesn't worry me personally. I'm just concerned that we are > being told to either invest the time that a professional would, or 'take a > running jump' - not that you would be so rude :-) Well, I did suggest that they pay someone to develop such an app as I didn't think that there would be a big Linux audience for it. (The fact that there is not a current project for such a thing, to my knowledge, would tend to bear that out.) However, I don't think that suggestion is so much rude as simply realistic. -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________