[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

paddy@panici.net un jour écrivit:

All I'm saying is, would it be possible to have a single simple
option that users could *elect* to take, that wasn't the default,
that wasn't bending anyones life out of shape, marked "Novice User"
or something :-)

A question during the Debian installation about installing a firewall that default to no? Yes, that would be possible. But I am not sure I would want to put that for a novice user.

What I see comming, is many more newbies users complaining on the mailling lists that application xyz doesn't work properly. Example, they downloaded bittorent (instead of just installing one of the existing Debian package), and then complain that It doesn't work.

We all agree that having a firewall is a good line of defense, but the most important is not having unneeded services listening to the net, and that the code of the software doing network interaction be secure. A computer that is secure, should be secure regardless of the presence of a firewall. Otherwise, It will simply give you a false sense of security, which is worst.

I never used lokkit, but I guess It would need to be reconfigured everytime someone install a software that use the net, because a real novice user will not think about reconfiguring his firewall when needed, and know even less which ports needs to be opened.

So installing by default a firewall for new user will probably creates more problems than It will solve, and not makes the computer significantly more secure (many trojan will use port 80 or 21 anyway). But adding the option to install a firewall in the expert mode makes sense to me.

Simon Valiquette

Reply to: