Poster | Thread |
Jacken
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:19:53
| | [ #21 ] |
|
|
|
Regular Member |
Joined: 13-Jul-2004 Posts: 150
From: Glimma / Sweden | | |
|
| @Chip
Yeap...I know...thats why I said i was using MiamiDX..
_________________ AmigaOne G4 800Mhz, A1200TPPC 040/33 240Mhz, 2 A2000, A600,A600HD A500,A500+ and so on.....AmigaOS4.1....1500-2000 games!? And yeap, it's my dog...16 years old in 2015 |
|
Status: Offline |
|
|
cHaOs667
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:24:24
| | [ #22 ] |
|
|
|
Cult Member |
Joined: 12-Nov-2004 Posts: 706
From: Bad Homburg v.d.H., Germany | | |
|
| @takemehomegrandma
Quote:
While the router brings an outer perimeter to the LAN and shuts off (or regulates) access from the outside, that kind of software mainly shuts off (or regulates) access from the *inside* (on individual computers in the LAN), ie network connections opened up by virus/worms, evil software with various hidden "call home" functions, and generally gives you the possibility to simply deny network access to software you *don't want* to go out on the net. Maybe even software you weren't even aware of doing so |
Just close all ports with the built in firewall of roadshow (and open only the few that you need eg. 80 and others) and then you don't had any problems with such programs...Last edited by cHaOs667 on 26-Jul-2006 at 10:25 AM.
_________________ Ei gude wie! I love my AMIGA Collection... 2x A500 (1x 1MB) OS1.3 1x A600 (40MB HDD) OS2.05 (broken joyport) 1x A1200 (68030/50, 32 MB Fast RAM) OS3.1 1x A4000D 040/40 (48 MB Fast), OS3.9, Fastlane Z3, CV64, Deneb, Indi AGA 1x CD³² 1x µAOn |
|
Status: Offline |
|
|
Mr_Capehill
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:24:57
| | [ #23 ] |
|
|
|
Super Member |
Joined: 15-Mar-2003 Posts: 1933
From: Yharnam | | |
|
| @takemehomegrandma
Yep. I'm using a software firewall + router to protect my Windows system. All kind of programs want to "phone home".
I don't agree about easiness...kids and older people may misconfigure the sw firewall just by clicking away the annoying popups...who the heck anyway can always tell which cryptic component belongs to what application.
|
|
Status: Offline |
|
|
adiaux
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:30:20
| | [ #24 ] |
|
|
|
Super Member |
Joined: 1-Jun-2006 Posts: 1249
From: Unknown | | |
|
| @Mark
Quote:
Mark wrote: @JurassicC
Even a personal firewall wouldnt necessarily stop this, because if yuo've got the port open, it would need to be open of the firewall as well.
Mark
|
But since a software firewall á la ZoneAlarm has perfect knowledge about network connections to/from each and every *individual program/process* on a computer, it can exclusively open up a port on an *application level*. A port may be open for communication, but only to/from a defined application. The webbrowser may get permission to access the network using port 80, but not an Elbox USB driver ( ). Your FTP client may use port 21 for in/out communication when it's up and running, but not that game you just downloaded to try (for example), at least not without your explicit permission.
AFAIK, this is not possible when using an external hardware firewall/router alone? |
|
Status: Offline |
|
|
adiaux
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:47:35
| | [ #25 ] |
|
|
|
Super Member |
Joined: 1-Jun-2006 Posts: 1249
From: Unknown | | |
|
| @Chip
Quote:
Chip wrote: @Tuxedo
I suppose you want some kind of application like ZoneAlarm on windows. Right? Well, on AmigaOS you don't need it. Why? Because Amiga OS is fully controllable while windows isn't. What do I mean? On windows there are lot of ways to hide viruses/adware's and so on from user. It's even hard to remove them while you are the administrator of that machine. Windows still able to deny to remove non wanted tasks/etc. On AmigaOS you can kill even the kernel process if you want. So your freedom is not limited. Of course, you must know what and how to do, but AmigaOS wasn't a stupid proof OS ever and it is well known. |
I know that we have no virus problem on Amiga today, but it has been a problem in the past, and it *could* be again. Sure, if the process "***VIRUS***" shows up on your task list (and you are looking for it), you could terminate that, and with vicious software of that level, maybe you are home safe then ...
But when the checksum of your IRC program suddenly has changed, without you have been updating it, will the hardware router/firewall react at all? ZoneAlarm (for example) *will* recognize this, and put up a warning requester and ask permission before allowing network access from that particular application.
You say you want a fully controllable network envireonment, and this is all about bringing full control over your network. And also making you aware of what's happening behind the scenes, what applications opens what connections, etc ...
You should of course still be using that hardware router/firewall, since they don't replace each other, but *complement* each other just fine! |
|
Status: Offline |
|
|
adiaux
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 10:49:57
| | [ #26 ] |
|
|
|
Super Member |
Joined: 1-Jun-2006 Posts: 1249
From: Unknown | | |
|
| @Mr_Capehill
Quote:
Mr_Capehill wrote: @takemehomegrandma
Yep. I'm using a software firewall + router to protect my Windows system. All kind of programs want to "phone home".
I don't agree about easiness...kids and older people may misconfigure the sw firewall just by clicking away the annoying popups...who the heck anyway can always tell which cryptic component belongs to what application.
|
Yes, that is a problem, even if the situation has improved through better "standard configurations".
But in the end, enlightment is the only cure to cluelessness ... |
|
Status: Offline |
|
|
Chip
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 13:00:54
| | [ #27 ] |
|
|
|
Cult Member |
Joined: 4-Mar-2005 Posts: 574
From: Budapest, Hungary | | |
|
| @takemehomegrandma
Quote:
I know that we have no virus problem on Amiga today, but it has been a problem in the past, and it *could* be again. |
No doubt, but currently we don't need such a tool. Of course it's a "nice to have" one, but IMHO it's more important to have a finished OS4 and a usable browser/office suit and while our developer number is limited, developing a tool like "zonealarm" is waste of time at the moment. |
|
Status: Offline |
|
|
Helge
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 13:47:30
| | [ #28 ] |
|
|
|
Cult Member |
Joined: 10-Jul-2006 Posts: 689
From: Norway | | |
|
| @All
Why not ask the Hyperion guys about this for OS4? I'm sure they can tell us _________________ Helge K. Leaving the Amiga in favour of a PC.. |
|
Status: Offline |
|
|
Hans
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 13:59:02
| | [ #29 ] |
|
|
|
Elite Member |
Joined: 27-Dec-2003 Posts: 5067
From: New Zealand | | |
|
| @all
I think that a "firewall" program that will bring up a requester if a new program tries to access the internet would be useful. Right now, any program can open a port and start transmitting data. True, on the Amiga these things are less likely to be automatically installed like they are on windows. However, it's still a good idea to add the extra protection.
Even with this, remember that there's no such thing as a 100% secure system. A trojan could always use atach itself to an existing server running on your machine and use that.
Hans
_________________ http://hdrlab.org.nz/ - Amiga OS 4 projects, programming articles and more. Home of the RadeonHD driver for Amiga OS 4.x project. https://keasigmadelta.com/ - More of my work. |
|
Status: Offline |
|
|
JurassicC
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 16:08:10
| | [ #30 ] |
|
|
|
Super Member |
Joined: 13-Mar-2003 Posts: 1441
From: Somerset, UK | | |
|
| @Chip
Quote:
Chip wrote: @JurassicC
Quote:
How can you say we dont need it. |
Because most people don't need it.
Quote:
I can't speak for your ISP but I regularly see people port sniffing on my subnet. If they see you have port 2500 open with amiganetfs, then its a free for all for them and goodbye to your files.
|
If you have a personal firewall it will not protect you from these kind of attacks either.
Quote:
Not everybody has the luxury of being behind a router. |
What luxury? A 25-30 euro device??? Where are you living?
|
Most ISPs here still give out modems be it adsl or cable in the UK, rather than routers. You can usually updrage to a routers but it cost you more. Basic broadband which most people go for doesn't come with these. You can't expect joe public to go out and by extra hardware just because its only 30Euros. We are only a small %age and generally have a good understanding of technical issues and hardware. It because of this knowledge short fall in the windows world thats why customers are encouraged to buy an internet security suite or the setup CD's have a free firewall on them. _________________ A1200T 603e 330Mhz - Mediator TX OS4.1 F.E. CDTV 8MB Fast, OS3.1, SCSI, MicroSD SCSI & CD32 FMV X5000, X1000, A1XE with OS4.1F.E. |
|
Status: Offline |
|
|
elwood
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 17:33:25
| | [ #31 ] |
|
|
|
Elite Member |
Joined: 17-Sep-2003 Posts: 3428
From: Lyon, France | | |
|
| @All
Let me rephrase it When we have more important tools, when we have a bigger user base (and coder base), we'll have it.
My wording wasn't correct. What I mean is that it's not as easy as just asking for it. A firewall with a nice GUI and nice features like automatic recognition of an attack will require a lot of work. We are certainly not ready for that. Last edited by elwood on 26-Jul-2006 at 05:35 PM.
_________________ Philippe 'Elwood' Ferrucci Sam460 1.10 Ghz AmigaOS 4 betatester Amiga Translator Organisation |
|
Status: Offline |
|
|
Tuxedo
| |
Re: A Firewall under AmigaOS? Posted on 26-Jul-2006 18:06:41
| | [ #32 ] |
|
|
|
Elite Member |
Joined: 28-Nov-2003 Posts: 2341
From: Perugia, ITALY | | |
|
| @elwood
Quote:
Let me rephrase it When we have more important tools, when we have a bigger user base (and coder base), we'll have it.
|
Ok i know that...
But, to improve our user base we need to present to that users an usable and secure system, not only a nice and usable system... I think that security was a GREAT issue in these days... And ASAP we got an usable browser (maybe mozilla/khtml based) we surely need at the same time a tool to prevent attacks or similar things.
However at those regards I(and many other people here seems) like to read something wrote directly from Hyperion's guys to konw if was a planned feature or if someone must do all work alone or etc etc...
Tuxedo.Last edited by Tuxedo on 26-Jul-2006 at 06:08 PM.
_________________ Simone"Tuxedo"Monsignori, Perugia, ITALY. |
|
Status: Offline |
|
|
elwood
| |
Re: A Firewall under AmigaOS? Posted on 27-Jul-2006 8:03:18
| | [ #33 ] |
|
|
|
Elite Member |
Joined: 17-Sep-2003 Posts: 3428
From: Lyon, France | | |
|
| @Tuxedo
I always wanted to ask Olaf Barthel if Roadshow could close all ports by default. Maybe it's time to ask _________________ Philippe 'Elwood' Ferrucci Sam460 1.10 Ghz AmigaOS 4 betatester Amiga Translator Organisation |
|
Status: Offline |
|
|
R-TEAM
| |
Re: A Firewall under AmigaOS? Posted on 27-Jul-2006 8:40:22
| | [ #34 ] |
|
|
|
Regular Member |
Joined: 22-Jan-2004 Posts: 271
From: Germany | | |
|
| Hi,
@elwood
This is the ONLY change that i see as usefull on the actual Amiga TCP/IP pakages! [per default on AmiTCP/Genesis a few ports open.. but easy closed]
The discussion over a "personal" firewall on Amiga IS NONSENS !
Pleas list me ONE prg on AmigaOS [3.x or 4] that connect from selfe to the internet !! This is not a PC ! No prg connect without a init from the user to the internet ! No prg is startet if you click on an e-mail attachment [is this an amiga exe] and connect hiden to the internet !
It is purely NONSENS ! Have running many Net prg [print daemon/Apache+MySQL/NFS] and no ONE connect over hiden and mysterious lines to the net i dont know .......
If you have not a "advantage" OS that have tha ability to start self programms and take action without the user [very clever] .. you need NO "personal" firewall nonsens .. A clear firewall that is inbuilt in AmiTCP/Genesis and maybe roadshow [have ATM no OS4] is enough !
R-TEAM _________________ My Hardware Config and GFX-Work on my HomePage
Long Live T H E [|D|A|R|K^><^E|M|P|I|R|E|] |
|
Status: Offline |
|
|
olsen
| |
Re: A Firewall under AmigaOS? Posted on 27-Jul-2006 9:54:09
| | [ #35 ] |
|
|
|
Cult Member |
Joined: 15-Aug-2004 Posts: 774
From: Germany | | |
|
| @elwood
Quote:
elwood wrote: @Tuxedo
I always wanted to ask Olaf Barthel if Roadshow could close all ports by default. Maybe it's time to ask |
All ports are closed by default in the standard installation. In order to open a port you either have to run a program which starts listening to incoming traffic on a specific port, or you need to activate/add an entry in the DEVS:Internet/servers file.
AmigaOS is not like Windows, where you have services you'll never need or don't even know listening by default for incoming traffic. These days even most Linux and BSD installations are secure by default in that they don't have any services attached to the ports (well, maybe except for secure shell, but that's arguably a tolerable exception).
So much for inbound traffic. It's a different story for outbound traffic, which is notoriously difficult to filter if you want to maintain a working system at the same time. The need to filter outbound traffic for security reasons is valid and established practice. But just with all other matters of security, you need to know what exactly it is you are protecting and what you want to sacrifice for it. As far as the Amiga is concerned we're still unaffected by the major threats which may make outbound traffic filtering necessary elsewhere (no worms). Besides, the outbound traffic filtering works best if you do it in a dedicated server which enforces the local network access policy.Last edited by olsen on 27-Jul-2006 at 09:59 AM.
|
|
Status: Offline |
|
|
elwood
| |
Re: A Firewall under AmigaOS? Posted on 28-Jul-2006 7:43:29
| | [ #36 ] |
|
|
|
Elite Member |
Joined: 17-Sep-2003 Posts: 3428
From: Lyon, France | | |
|
| @olsen
Quote:
All ports are closed by default in the standard installation |
Good to hear. I suspected that but always forgot to scan the port to check
Then OS4 is secure.
Thanks.
_________________ Philippe 'Elwood' Ferrucci Sam460 1.10 Ghz AmigaOS 4 betatester Amiga Translator Organisation |
|
Status: Offline |
|
|
NomadOfNorad
| |
Re: A Firewall under AmigaOS? Posted on 20-Aug-2006 20:03:55
| | [ #37 ] |
|
|
|
Cult Member |
Joined: 2-Jun-2003 Posts: 746
From: Jacksonville, Florida, USA, Earth, Sol system, Milky Way galaxy | | |
|
| @olsen
Never forget, though, that security-through-obscurity only works while we're still relatively obscure. If/when Amiga OS4 becomes popular, we may well see some trojans and other malware show up on our platform, if only because some of the new Amigans might themselves decide to write a trojan on the Amiga just because they can...
Somewhere along the line, we will need a system to alert us to strange programs trying to access the Net, or to altered versions of existing programs trying to access the Net.
Thankfully we don't need it right this second, but let's not get complacent about it either. Time passes quicker than we expect sometimes...
_________________ "I love peacenicks, they're so easy to conquer." --Ivan J Ironfist, the Dictator |
|
Status: Offline |
|
|
olsen
| |
Re: A Firewall under AmigaOS? Posted on 20-Aug-2006 21:00:28
| | [ #38 ] |
|
|
|
Cult Member |
Joined: 15-Aug-2004 Posts: 774
From: Germany | | |
|
| @NomadOfNorad
Quote:
NomadOfNorad wrote: @olsen
Never forget, though, that security-through-obscurity only works while we're still relatively obscure.
|
Of course. But the problem isn't so much that there would be security through obscurity in AmigaOS, the problem is that there is no security at all. We have an operating system design which has no separation between user processes and the operating system. The shared library model shares data and executable code. We don't have any methods for enforcing that a user program stays within its user mode bounds.
Quote:
If/when Amiga OS4 becomes popular, we may well see some trojans and other malware show up on our platform, if only because some of the new Amigans might themselves decide to write a trojan on the Amiga just because they can...
|
I daresay that the lack of working security measures is what limits the domain in which AmigaOS could be used. You won't ever see it compete against Microsoft's offering of the day, or the other mainstream operating systems.
I also expect that there will be no further operating system to compete with the malware platform Microsoft's product represents. It's just too good. To become equally effective as a malware vector, you have to have both widespread deployment (and Microsoft owns upwards of 90% of the market) and exploitable weaknesses. If you don't have both, your platform is not worth exploiting.
Hence AmigaOS is not in any respectable danger. Not because of security by obscurity, but because it's not worth the effort by a very long shot.
|
|
Status: Offline |
|
|
Tuxedo
| |
Re: A Firewall under AmigaOS? Posted on 20-Aug-2006 21:12:14
| | [ #39 ] |
|
|
|
Elite Member |
Joined: 28-Nov-2003 Posts: 2341
From: Perugia, ITALY | | |
|
| @olsen
That's NO good news at all...
Then we have NO security...really BAD! No matter if we dont need it now...
Tuxedo. _________________ Simone"Tuxedo"Monsignori, Perugia, ITALY. |
|
Status: Offline |
|
|
elwood
| |
Re: A Firewall under AmigaOS? Posted on 20-Aug-2006 22:50:55
| | [ #40 ] |
|
|
|
Elite Member |
Joined: 17-Sep-2003 Posts: 3428
From: Lyon, France | | |
|
| @olsen
Quote:
We have an operating system design which has no separation between user processes and the operating system |
But this has nothing to do with a firewall and the level of security we have with Roadshow. You are talking now about memory protection, right? This (I hope) will come later.
Edit: not in 4.0, i.e not before 2 or 3 years from now.Last edited by elwood on 20-Aug-2006 at 10:51 PM.
_________________ Philippe 'Elwood' Ferrucci Sam460 1.10 Ghz AmigaOS 4 betatester Amiga Translator Organisation |
|
Status: Offline |
|
|