You’ll see this pop up from time to time: “is there something like ZoneAlarm™ for Linux?”
I’ll admit, one thing I liked about Zone Alarm was its ability to tell me if a newly-installed program was trying to access the network. Perfect example: you’d install Adobe’s Acrobat Reader under Windows with Zone Alarm active, and it would instantly warn you: “This thing is trying to access the Internet.” You get no such warning under Linux. I have to admit, I miss that. (Badly.)
However … after looking into this in more detail than I thought I would, I know now why there’s not a “Zone alarm” for Linux. The kernel’s innards have to be patched for this sort of thing, primarily because Linus himself considers it very insecure to allow just anyone to patch it. There are specifically-defined places where patches are allowed, and only by “approved” Linux Security Modules.
(Simply put: the same patches that Zone Alarm tacks into Windows could easily be bypassed, or used by a malicious program in some other way. In the case of Linux, you’d basically have to build your own custom kernel, so you’d have to repatch and recompile everytime there was an update!)
The most common alternatives to Zone Alarm for Linux appear to be AppArmor and SELinux. For example, you could simply make it a policy that Acrobat couldn’t access the network and that would be it.
SELinux really isn’t an option for me, at least, not until someone develops better config tools for it. It’s just too difficult to get working, and it’s very easy to render a system unusable (speaking from experience!).
AppArmor looks a little more “user-friendly” (relatively speaking), but I’m worried about relying on it. Immunix, the original creator, is long gone. Since Novell laid off the developers, is any work being done on it? Is it Abandonware? Looking at the forge page for it, no updates have been issued for over a year.
Does anyone know if 11.2 will support AppArmor?