faq  flatforty  contribute  subscribe  configure  search  rdf  main  parent  thread	Re: Protection against Trojans? by Michael on Saturday 04/May/2002, @23:42 Only if it's running on the same machine though - and you're better having a separate firewall Remember ZA is fiction-ware, if you run malware code on windows 98 you are toast as there's no security model to prevent bypassing ZA. It's only that numerous malware hasn't yet appeared to demonstrate that, which means you even gain any benefit from ZA yet. A few things you need to think about if you really want to stop apps connecting to the internet a) `mv malware mozilla-bin` - you need crypto to prove that mozilla is mozilla and that it hasn't changed. b) export LD_LIBRARY_PATH=~/malware-libs / export LD_PRELOAD=~/malware/lib - lets me use mozilla's access to run my program. c) ... thousands of others... If you want to stop an app doing something - and there's a lot more an app might do than access the network, a bigger problem that you can't really expect a front-end to packet filtering to solve, look at running it under a chrooted user-mode-linux environment - give it root then if you like ;o)	Related Links  ·   Articles on Applications  ·   Also by Michael  ·   Contact author Thread Threshold: 10 comments 20 comments 30 comments 40 comments 50 comments 60 comments 70 comments 80 comments 90 comments 100 comments 110 comments 120 comments 130 comments 140 comments 150 comments 160 comments 170 comments 180 comments 190 comments 200 comments 300 comments 400 comments 500 comments 1000 comments
	The Fine Print: The following comments are owned by whomever posted them. ( Reply ) Door Locks by Ian M on Sunday 05/May/2002, @18:02 Just because you can break in through the window, doesn't mean you shouldn't lock your door. When GRC was talking to Microsoft about the full implementation of TCP/IP in Windows XP Microsoft had a hard time grasping this concept. They argued that because drivers could be installed in current machines giving windows machines raw sockets (and thus ip-spoofing capablity), what could be so bad about giving alll windows machines this by default? Having ZoneAlarm-like functionality would be nice in Linux because the crackers would have to go through the extra effort to get a program to connect to the internet without user permission. Though your right, checksums would be needed to verify programs or else getting around the firewall would be way to easy. Ian http://ian.webhop.org [ Reply To This | View ] Re: Door Locks by Simon on Monday 06/May/2002, @14:16 This is a good comment. Zone-alarm is protecting us from "legitimate" software calling out without our knowledge ie spyware. Further the spyware is only really hostile in the same sense that Mcdonalds is hostile, it's just something you want to keep under control before it does do you harm This software can only crawl so far up the hostility ladder before the principals will fall foul of anti-hacking laws. Commercial spyware that renames itself as mozilla to dial out would probably be illegal. Light protection could be quite effective against spyware. [ Reply To This | View ] Re: Door Locks by Michael on Tuesday 07/May/2002, @04:45 If you don't trust your applications, you need sandboxing. Sandboxing, as I hinted above, is more than a 'yes/no' question to "can program X connect to x.x.x.x on port Y". By definition, that's a lot of questions to answer for your web browser - or else you allow your web browser all access on port 80? In which case, what are you protecting by asking the question? Perhaps you really want your web browser not to send personal info? "Protect the info" then seems a better idea than pretending you've secured the network against information leakage, no? You have to learn from the mistakes windows software has made, not copy what they do to try and reach the same unsatisfactory point. [ Reply To This | View ] Re: Door Locks by Michael on Tuesday 07/May/2002, @04:19 No, simply put, ZA doesn't make anything harder for code running on the same machine as ZA. Period. (I would expand further on the performing moustaches stuff about raw sockets, but there's plenty of that elsewhere - suffice to say linux tcp/ip has them and I doubt you'll get far trying to get them removed - certainly not with cliched statements about doors and windows) [ Reply To This | View ] Re: Protection against Trojans? by Bloke on Saturday 22/Jan/2005, @09:53 No, you're wrong. You don't need "crypto". You need the OS to tell you the path to the program that is trying to access the internet, or it to tell you the path to the program that is originally calling the library. Crypto. Wtf! [ Reply To This | View ] The Fine Print: The previous comments are owned by whomever posted them. ( Reply )

		"KDE: The news ticker with integrated desktop environment." -- Frerich Raabe
KDE®, "K Desktop Environment", "KDE Dot News", "got the dot?" and the KDE Logo® are trademarks or registered trademarks of KDE e.V. in the European Union, the United States and other countries. All other trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster. The rest: Copyright © 2000-2008 KDE e.V. for The KDE Project. For further information or comments on this site, please contact the Webmaster.

[ home | post article | flat forty | subscribe | search | rdf ]