Re: firewall securing outgoing traffic?

From: Alexander (aldem-news@news.aldem.net)
Date: 02/05/02 

From: "Alexander" <aldem-news@news.aldem.net>
Date: Tue, 5 Feb 2002 08:28:37 +0100

"Dimitri Maziuk" <dima@127.0.0.1> wrote:

> Keep in mind that there aren't any trojan programs for Linux
> to speak of: 1) OS security makes it hard for them to do
> real damage (you must run the trojan as root, otherwise it
> won't be able to access the important stuff),

  Hmm... "OS security"? Which one? :) Novice users, and most home
  users run their system as root anyway, so... Or how can you explain
  thousand of owned/hacked Linux systems around the world?

> chances of success are higher. This is oversimplyfing quite a
> bit, but the point is, trojans and viruses are not a very big
> problem on Linux ATM.

  Really? See note above. A lot of hacked Linux boxes.

> Secondly, a program can e.g. lie to ZA about its name. So
> setting up firewall rules on per-program basis is not all
> that foolproof, either.

  Aha... Lie... Embed into kernel, modify it, etc... Trojan OS, eh? :)
  Well. It _can_ be done on misconfigure (or not configured) system,
  but if you know what to do, on WinNT/2K/XP it just cannot happen
  (forget about W95/98/ME - this is DOS with GUI).

> Sorry, Unix/Linux philosophy is that your brain works much better
> than any code, so you're supposed to use it.

  That's common sense, and (IMHO) has nothing to do with Linux/UNIX :)
  If you can use your brain - it will work everywhere, isn't?

  OTOH, clerks and pizza-boys (who do work with computers) are not supposed
  to go so far - to understand how computers work and why. They just use it.
  You don't need to _know_ what is inside if you can use it (cars, for
instance).

> The downside is that there's a steep learning curve, esp. in the beginning.
OTGH, it
> really *does* work better than a computer program.

  But slower as well. You can't know everything - so it won't work better for
  everyone. That's why we have doctors, for instance - because not everyone
can
  help himself :)

/Al

Relevant Pages

  • Deploring *nix Philosophy ( Was Re : Splitting archives across floppies )
    ... >> appears so simple a task in Windows.Why this feature not in Linux? ... afloat on Linux in the sea of Windows and all personal computers. ... Anaconda) I am both root and user.I am advised not to work as root.But I ... Parameshwara Bhat ...
    (Fedora)
  • Re: what to do with spywares
    ... Since you don't run as root all the timeit ... and installing a trojan. ... Since many people install programs ... You may hear about anti-virus software for linux such as clam ...
    (alt.linux)
  • Re: IPCop for Small-Business Network: Web Proxy Usage
    ... > In all the years I have run computers I have had no virus, no trojan, no ... I've been using computers since 76, can say that I've NEVER been ... > they need to communicate with the net only through a single firewall ... > should be running linux, with either esmith or smoothwall firewall ...
    (comp.security.firewalls)
  • Re: Password
    ... I ran a quick search on Ask with the phrase "linux lost ... Have you ever forgotten your root password? ... Fortunately, it wasn't a boot password, so I did have ... (although "mount" may say it is). ...
    (alt.os.linux)
  • RE: Linux hacked
    ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
    (Security-Basics)