Question about the included firewall

Windows newbie here trying to learn Linux for an eventual switch. I installed openSUSE 11.3 on my spare pc since this will be my preferred OS. I looked at the firewall and it’s working, has all my netowork hardware outside, etc etc

One thing in Windows is that I could see the firewall working. Whenever it blocked access to some port, the red light would go off in the taskbar icon … green light for allowed access. Whenever a new program (actually I had it set up for every single program) wanted to access the internet, it would ask:

“Firefox is trying to access the internet. Allow?”
“VLC Player is trying to access the internet. Allow?”

On the suse Firewall, I can’t seem to figure out how to show alerts for blocked port requests or how to have programs ask for permission before being able to access the net. Just from a paranoia perspective, I prefer to have full control over all the program’s access to the internet.

At first, I thought it just trusted all the programs that came stock with the OS such as Firefox … but I’ve been installing more progs like VLC player and notice they have instant internet access too.

thnx for any help :slight_smile:

I think firewalls on windows ask if a program can do stuff mostly for viruses, and there aren’t very many linux viruses. In linux I think you mostly just need to make sure you don’t give root access to stuff like that (if you can even find it), and you’ll be fine. Anyways I’m not the most knowledgeable person about linux so it would probably be good to get another opinion.

I don’t have time to look in detail, but I may have found what your looking for. Go into YaST and look at “Security and Users -> Firewall.”

You might also look at Novel AppArmor, but I have no idea what that is.

NewbieLLP wrote:
> Windows newbie here trying to learn Linux for an eventual switch. I
> installed openSUSE 11.3 on my spare pc since this will be my preferred
> OS. I looked at the firewall and it’s working, has all my netowork
> hardware outside, etc etc
>
> One thing in Windows is that I could see the firewall working.
> Whenever it blocked access to some port, the red light would go off in
> the taskbar icon … green light for allowed access. Whenever a new
> program (actually I had it set up for every single program) wanted to
> access the internet, it would ask:
>
> “Firefox is trying to access the internet. Allow?”
> “VLC Player is trying to access the internet. Allow?”
>
> On the suse Firewall, I can’t seem to figure out how to show alerts for
> blocked port requests or how to have programs ask for permission before
> being able to access the net. Just from a paranoia perspective, I
> prefer to have full control over all the program’s access to the
> internet.
>
> At first, I thought it just trusted all the programs that came stock
> with the OS such as Firefox … but I’ve been installing more progs like
> VLC player and notice they have instant internet access too.
>
> thnx for any help :slight_smile:
>
>
this is true: in general, a completely default install of openSUSE and
its default firewall (though without blinking red/green lights or your
direct involvement giving permission to contact the net) is MORE
secure and safe from bad stuff than what you used to use, even with a
very expensive program that gave you all kinds of feeling of being
involved in staying secure…

so, you are already better off than you were…relax a little and
enjoy that as you learn what user practices can wreck the most glitzy
flashing lights–like, browsing around as root, or installing software
from unknown/untrusted sources, or using easy passwords, or using the
same password for the user and root, or giving your root password to
anyone else…

my root password looks something like this: Kl_i#o108OR


Enjoy Packman’s benefits? Show your appreciation by donating at
http://se.unixheads.org/?donate

DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

So basically the general consensus is don’t worry about it because linux is more secure? Thats probably going to come slow and hard for me comming from a windows background. I bet the hardest thing won’t be learning linux etc but just gradually relaxing my security standards. So how do you guys know what programs access what? For instance I would have never known Opera browser tries to accept connections from the internet (I always click no and it works just fine with only clicking “yes” for “Allow to connect to the internet”). I would have never known it was trying to accept connections if it wasn’t for that firewall popup.

Great advice (for any OS)

My take is that the open source community is more upfront about what their software does and I’m satisfied that the accesses that is are made are ok by me. Opera is not open source by the way. But if you have a border firewall, that access (which I believe is a sort of mini website feature) should be ineffectual. Windows however has UPNP where apps could open up the firewall, in the name of convenience.

So I see the risk as not so much the platform as the apps that are run on the platform.

With my policy I spend less time micromonitoring apps and more time having fun.

Mind you, monitoring access by application is still very crude. When you browse a page in your web browser, who knows what sites it picks up in images, popups, etc. You are basically trusting that your web browser is as secure as can be up to that point. Which is why there are so many security updates to Firefox etc. as new possible holes are discovered.

But if restriction by app is your thing, you could check out nufw technology: NuFW Project Homepage where outside access is trapped and has to be authenticated. Not exactly a weekend project though.

While I agree about the security aspects of Linux, is there a way to identify applications phoning in home?

It could be even applications such as Java that seek periodic updates - can we monitor those?

I think NewbieLLP requires some psychological support during the conversion from Windoze to Linux. The latest Windoze version asks lots of questions such as “did you start this program?”, “Are you sure?” etc etc and the red/green lights and these things give the user a feeling that they are being protected.

AppArmour (AppArmor - Wikipedia, the free encyclopedia - for starters) does all this without asking silly questions. Linux is far more secure due to its architecture but this is not obvious at first. So it might appear from the M$ users point of view that Linux is doing nothing to keep you secure.

To tell a M$ user “don’t worry Linux just does it” might not help a newbie - even if it is true. The user intervention is missing and so is the feeling that it is okay. As DenverD says above, if you spend all that money on antivirus and a firewall - you can only hope that it works. Otherwise you have wasted your money and your time.

Enjoy linux and the fact that your browser is twice as fast as the Doze version as it is not checking everything that comes in for attack. It does just work.

mailglasso wrote:
> is there a way to identify applications phoning in home?

wireshark can be used to “capture” all traffic in and out of your
machine…such would allow you to ‘see’ who is calling where and when…

note: there is a LOT of stuff going on, you will have to filter out
all the ho-hum to have any chance to ‘catch’ some “phone home” activity…

my advice is to always use common security practices (strong root
pass, etc etc etc etc) and then relax some as you always use open
source…which give you thousands of eyes looking at the source code
seeking malicious intent…

on the other hand, use proprietary and closed source with GREAT caution…

ps: i’ve never run wireshark…and, i’ve not run any anti-AV or
anti-malware since i left M$ in 1995 (but, i am behind a firewall/NAT
router, etc)…ymmv


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

clatworthy wrote:
> I think NewbieLLP requires some psychological support during the
> conversion from Windoze to Linux.

i freely admit that by running away from Redmond in 1995 i was spared
from a constant anguish and fear of being overrun and invaded by
hoards of virii/viruses and malware…

and i appreciate that i should try to build up a level understanding
of the tremendous apprehension and fright common among M$ users prior
to advising new folks here on how to break their habit of being
constantly on alert for the next big attack wave wanting to co-opt
their machine for yet more zombie bot-net duty…

hmmmmm, if i were a programmer i’d make a program with blinking
lights, asking questions like “Is it ok with you that Firefox is
checking to see if there are new add-ons available?” or, “Will you
allow YaST to check for new software?” and etc…

and, i’d charge about $10 per year per user and considering how
willing many are to pay to “feel” secure and in control, i’d guess i
be soon very rich…


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

It’s possible to maintain a secure Windows system, but yea, it takes a lot of “involvement.” I ran XP for years without being compromised, but sometimes I was spending more time defending my system than I was enjoying it. Easy to use? Some people seem to see things like rebuilding their system as normal operation.

When I think about it, I was even securing my system from Microsoft. All of their defaults aimed at “ease of use,” and later their “Genuine Advantage.” Amazing.

Thanks. Yes, I tried it once before and as you say, it was too much information to sift through!

Someone suggested a program to me. I’m still looking into it as I’m too much of a newb to tell right away how useful it would be, but here is the link: Screenshots - Firestarter

lol this is so true. I’ve been conditioned for years. It reminds me of the study I learned about in psych class where they conditioned dogs to assopciate bells with eating … then the dogs would drool whenever they heard bells. I’ve been conditioned to get a nice warm fuzzy feeling when something pops up and says “Are you sure?!”

NewbieLLP wrote:
> I’ve been conditioned to get a nice warm fuzzy feeling when
> something pops up and says “Are you sure?!”

all need to try to learn to un-drool and not expect those Redmond
Training Wheel Pop-ups, because all must soon learn to not depend on
Grown-Up Software to constantly warn you to pay attention, be careful,
and don’t play in traffic…

just go to the command line and type un-carefully and hit enter–and
soon you get to play The M$ Technician Routine (aka: format/reinstall)

heck, just pick the wrong repo, don’t read/think about what is
offered, just click ‘Allow’ in YaST and wake up tomorrow with a blank
screen…

duh!


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

lol that was a lighthearted comment I made in jest. Stop being a ******bag

Sheesh DD, bit heavy…

I’m going to step in and ask both you and DenverD to chill. Calling someone a name is a violation against the terms and conditions and is not accepted or tolerated.

There are two ways we can handle this. Continue to disrespect one another and have it escalate even further out of control. The other option is to work together and bring the hostilities to an end.

Jonathan R wrote:
> There are two ways we can handle this. Continue to disrespect one
> another and have it escalate even further out of control. The other
> option is to work together and bring the hostilities to an end.

actually, i never intended to be either hostile or disrespectful
toward the OP…not one little bit…s/he self declared as new (and
from Windows) and i was throughout the entire thread trying my very
best to enlighten him/her on the facts of how cautious s/he needed to
be, or not… :slight_smile:

exactly how s/he decided i had disrespected, i can NOT figure out…in
fact i never disagreed with anything said and always tried to add
detail and experience to be helpful…in fact i was completely
agreeing that Windows users are conditioned to be constantly afraid
that bad stuff is going to happen, and i was trying to get across the
idea that it IS possible to reverse the conditioning…and
live/compute without the constant fear of invading key loggers
stealing the family jewels… :slight_smile:

the part about building a program to to mimic wintel AV blinking
lights should have been (i guess) completely surrounded with smiling
faces…because that is sure how i wrote it… :slight_smile:

the attack, when it came, caught me completely off guard–in the
future i will attempt to make sure my helpful intent is always
visible–even if i get to help less folks because i have to throw in
extra flowery words and smileys… :slight_smile:

constantly :slight_smile:


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]