Firewall blocking desktop features
Alec Leamas
leamas.alec at gmail.com
Wed Sep 11 10:30:26 UTC 2013
On 2013-09-11 12:02, Nicolas Mailhot wrote:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>>> - These software inform and take permission from the user before
>>>> opening
>>>> ports in the firewall.
>>> IMHO it should be the job of the firewall to inform the user about an
>>> application that want's to open one or more ports and ask for permission
>>> to open that ports either temporary for the current session or
>>> permanent.
>>>
>>>
>> Is this a good idea? The firewall just knows aboyt an attempt to use a
>> specific port. It does not know which application which *really* is
>> trying to use that port. It could certainly make an educated guess, but
>> that's just not good enough in this context IMHO.
>>
>> OTOH, the application knows what ports it needs (even some which just
>> might be used later) and can also identify itself to the user. Seems
>> more reasonable to me.
> The application can lie and propose to open X and then when user says ok
> open Y. The prompt really needs to be initiated firewall-side
>
>
True. But isn't there a lot to do if we should safefuard against local,
lying applications? Well, we have the precompiled, proprietary ones...
Even if an app isn't malware, most applications are just not designed
for a scenario where the user is prompted to punch o hole in the
firewall as soon as an attempt is done. There might be surprises down
this road.
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, whereas only the
firewall can guarantee that it actually opens the ports requested by
user instead of something else.
--alec
More information about the devel
mailing list