Re: secure installation
email@example.com un jour écrivit:
All I'm saying is, would it be possible to have a single simple
option that users could *elect* to take, that wasn't the default,
that wasn't bending anyones life out of shape, marked "Novice User"
or something :-)
A question during the Debian installation about installing a firewall
that default to no? Yes, that would be possible. But I am not sure I
would want to put that for a novice user.
What I see comming, is many more newbies users complaining on the
mailling lists that application xyz doesn't work properly. Example, they
downloaded bittorent (instead of just installing one of the existing
Debian package), and then complain that It doesn't work.
We all agree that having a firewall is a good line of defense, but the
most important is not having unneeded services listening to the net, and
that the code of the software doing network interaction be secure. A
computer that is secure, should be secure regardless of the presence of a
firewall. Otherwise, It will simply give you a false sense of security,
which is worst.
I never used lokkit, but I guess It would need to be reconfigured
everytime someone install a software that use the net, because a real
novice user will not think about reconfiguring his firewall when needed,
and know even less which ports needs to be opened.
So installing by default a firewall for new user will probably creates
more problems than It will solve, and not makes the computer significantly
more secure (many trojan will use port 80 or 21 anyway). But adding the
option to install a firewall in the expert mode makes sense to me.