Focus on Apple
Apple releases Mac OS X v10.5.1 with Application Firewall security updates Nov 15 2007 07:11PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Application Firewall security updates Nov 15 2007 08:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (4 replies)
Re: Application Firewall security updates Nov 21 2007 03:00PM
Dave Piscitello (dave corecom com) (2 replies)
Re: Application Firewall security updates Nov 21 2007 09:27PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (3 replies)
Re: Application Firewall security updates Nov 22 2007 06:35PM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 22 2007 04:28PM
Bruce Carter (bcarter nd edu)
RE: Application Firewall security updates Nov 21 2007 10:43PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 21 2007 09:02PM
Chris Adams (chris improbable org)
Re: Application Firewall security updates Nov 16 2007 03:58AM
Mike Savory (mike_lists nzbox com)
RE: Application Firewall security updates Nov 15 2007 09:55PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 15 2007 09:51PM
Dave Schroeder (das doit wisc edu) (3 replies)
Re: Application Firewall security updates Nov 15 2007 11:36PM
Mark Senior (senatorfrog gmail com) (3 replies)
Re: Application Firewall security updates Nov 17 2007 02:54PM
Chris Pepper (pepper reppep com) (1 replies)
Re: Application Firewall security updates Nov 19 2007 12:59PM
Sandor Szücs (sszuecs zedat fu-berlin de)
Re: Application Firewall security updates Nov 16 2007 11:03AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)
Mark Senior wrote:
>
> But, they've missed the big possibility for improvement here - they
> have an application-aware firewall - why on earth would they not apply
> it to outbound connections? No interesting malware requires inbound
> connections anymore; it's already written to get past home routers
> that allow all outbound and deny all inbound connections. Ah well.
>

That's an interesting point, but it's got its own set of problems. How
would you know what all the different applications need to communicate
with? You should be aware that mail reader has to have access to POP
(and|or) IMAP and SMTP, maybe even newsgroups, and you have to know
that for every single application out there, if you do not want to
bother user with questions.

There are solutions such as Zone Alarm (Windows) that can be configured
to ask the user for allowance the first time given application makes a
request for outside world, and then save it to internal database of
rules, but this so far proved to be confusing to Joe Average, and many
people were confused with permissions for various internal Windows
processes.

Yet, it did help, but at the expense of user-friendliness.

How to solve that issue? I believe that adding something like "Expert"
tab to firewall GUI, which is wide open for any fine-grained task,
coupled with a set of wizards that automate tasks such as "deny all
incoming connections, and I mean it", "open outbound connections for
application X", "allow this IP address/range to connect to my compuer",
etc. - together with huge warning signs about screwing up your system if
you're not sure what you're doing - would be of benefit for all users.

Users aren't idiots. Well, most of them aren't.

Instead of patronizing users, a thing like the one above might actually
promote security awareness and help people make their computers more
secure. Just as an example, it is much easier to write an article in
some Mac magazine with screenshots and values to be addedd in
appropriate boxes than instructing users to open terminal, navigate to
some directory, do changes in some wacky script and then issue strange
commands to reload some service. This is security done the way Joe
Average would understand it - give them screenshots of applications that
would ease the burden of inconvenient command line (and do half of the
task for them), add some easy explanations of what is going on, and you
get a security aware Joe Average that actually has some control in his
hand, instead of waiting for Apple to tell him what to do.

[ reply ]
Re: Application Firewall security updates Nov 16 2007 05:30PM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:34PM
Derek Chesterfield (dez mac com) (1 replies)
Re: Application Firewall security updates Nov 17 2007 12:30AM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:47AM
Derek Chesterfield (dez mac com) (2 replies)
Re: Application Firewall security updates Nov 16 2007 04:08PM
Scott Russell (ScottRussell nd edu)
Fwd: Application Firewall security updates Nov 16 2007 04:55AM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 15 2007 10:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
Re: Application Firewall security updates Nov 15 2007 10:05PM
Dave Schroeder (das doit wisc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus