Thread: zonealarm type functionality...again
View Single Post

  #4 (permalink)  
Old 07-07-2003
Bright
 
Posts: n/a
Default Re: zonealarm type functionality...again
You could be right - that zonealarm functionality provides a false
sense of security, but I'd be interested to know the fundamental
weakness ....

If I inadvertently install a trojan on my system and it tries to
connect to an external server (either to DoS another system or to get
instruction...setup a tunnel etc) my standard firewall will stop the
outbound traffic if it's using a non-standard port. But if it decides
to connect to an external host on TCP 80 then my firewall will assume
it's HTTP traffic and let it through.

If I can tie the firewall down so that it only allows my browser out
on that port then I will be alerted about the trojan (unless it
invokes the browser to make the connection)

That's a good thing isn't it?

Taking it a step further, and having the port dynamically opened per
application (by prompting the user when the outbound network traffic
is initiated) will allow me even more control on outbound traffic ...
When I've run zonealarm on a PC I've used this feature and it gives a
warm feeling when you startup an application which appears to
phone-home (ok..it's probably just checking for updates) and I can
block its access to the Internet

I'm sure there is a flaw there somewhere but I can't see that it's
completely false security.

Whoever <nobody@devnull.none> wrote in message news:<Pine.LNX.4.44.0307031428160.25482-100000@c941211-a>...
> On 3 Jul 2003, Bright wrote:
>
> > Dear all ... I just posted a similar message to linux networking but
> > this query applies as much to security (more so in fact)
> >
> > zonealarm type functionality has been queried in the past on a number
> > of occasions and the general consensus appears to be that it isn't
> > available ... although the posts I was looking at were quite old so
> > maybe the situation has changed.
> >
> > So I'll try again...........
> >
> > I would like to gain some zonealarm-like functionality for my linux
> > desktop.
>
> I suspect that the reason this does not exist is that the type of security
> obtained from such a system is rather like a "security blanket" (in other
> words, it gives you a good feeling, but does not really do anything
> useful).
Reply With Quote