@Chip

Yeap...I know...thats why I said i was using MiamiDX..

_________________
AmigaOne G4 800Mhz, A1200TPPC 040/33 240Mhz, 2 A2000, A600,A600HD
A500,A500+ and so on.....AmigaOS4.1....1500-2000 games!?
And yeap, it's my dog...16 years old in 2015

@takemehomegrandma

Quote:

While the router brings an outer perimeter to the LAN and shuts off (or regulates) access from the outside, that kind of software mainly shuts off (or regulates) access from the *inside* (on individual computers in the LAN), ie network connections opened up by virus/worms, evil software with various hidden "call home" functions, and generally gives you the possibility to simply deny network access to software you *don't want* to go out on the net. Maybe even software you weren't even aware of doing so

Just close all ports with the built in firewall of roadshow (and open only the few that you need eg. 80 and others) and then you don't had any problems with such programs...

Last edited by cHaOs667 on 26-Jul-2006 at 10:25 AM.

_________________
Ei gude wie!
I love my AMIGA Collection...
2x A500 (1x 1MB) OS1.3
1x A600 (40MB HDD) OS2.05 (broken joyport)
1x A1200 (68030/50, 32 MB Fast RAM) OS3.1
1x A4000D 040/40 (48 MB Fast), OS3.9, Fastlane Z3, CV64, Deneb, Indi AGA
1x CD³²
1x µAOn

@takemehomegrandma

Yep. I'm using a software firewall + router to protect my Windows system. All kind of programs want to "phone home".

I don't agree about easiness...kids and older people may misconfigure the sw firewall just by clicking away the annoying popups...who the heck anyway can always tell which cryptic component belongs to what application.

@Mark

Quote:

Mark wrote: @JurassicC Even a personal firewall wouldnt necessarily stop this, because if yuo've got the port open, it would need to be open of the firewall as well. Mark

But since a software firewall á la ZoneAlarm has perfect knowledge about network connections to/from each and every *individual program/process* on a computer, it can exclusively open up a port on an *application level*. A port may be open for communication, but only to/from a defined application. The webbrowser may get permission to access the network using port 80, but not an Elbox USB driver ( ). Your FTP client may use port 21 for in/out communication when it's up and running, but not that game you just downloaded to try (for example), at least not without your explicit permission.

AFAIK, this is not possible when using an external hardware firewall/router alone?

@Chip

Quote:

Chip wrote: @Tuxedo I suppose you want some kind of application like ZoneAlarm on windows. Right? Well, on AmigaOS you don't need it. Why? Because Amiga OS is fully controllable while windows isn't. What do I mean? On windows there are lot of ways to hide viruses/adware's and so on from user. It's even hard to remove them while you are the administrator of that machine. Windows still able to deny to remove non wanted tasks/etc. On AmigaOS you can kill even the kernel process if you want. So your freedom is not limited. Of course, you must know what and how to do, but AmigaOS wasn't a stupid proof OS ever and it is well known.

I know that we have no virus problem on Amiga today, but it has been a problem in the past, and it *could* be again. Sure, if the process "***VIRUS***" shows up on your task list (and you are looking for it), you could terminate that, and with vicious software of that level, maybe you are home safe then ...

But when the checksum of your IRC program suddenly has changed, without you have been updating it, will the hardware router/firewall react at all? ZoneAlarm (for example) *will* recognize this, and put up a warning requester and ask permission before allowing network access from that particular application.

You say you want a fully controllable network envireonment, and this is all about bringing full control over your network. And also making you aware of what's happening behind the scenes, what applications opens what connections, etc ...

You should of course still be using that hardware router/firewall, since they don't replace each other, but *complement* each other just fine!

@Mr_Capehill

Quote:

Mr_Capehill wrote: @takemehomegrandma Yep. I'm using a software firewall + router to protect my Windows system. All kind of programs want to "phone home". I don't agree about easiness...kids and older people may misconfigure the sw firewall just by clicking away the annoying popups...who the heck anyway can always tell which cryptic component belongs to what application.

Yes, that is a problem, even if the situation has improved through better "standard configurations".

But in the end, enlightment is the only cure to cluelessness ...

@takemehomegrandma

Quote:

I know that we have no virus problem on Amiga today, but it has been a problem in the past, and it *could* be again.

No doubt, but currently we don't need such a tool. Of course it's a "nice to have" one, but IMHO it's more important to have a finished OS4 and a usable browser/office suit and while our developer number is limited, developing a tool like "zonealarm" is waste of time at the moment.

@All

Why not ask the Hyperion guys about this for OS4? I'm sure they can tell us

_________________
Helge K. Leaving the Amiga in favour of a PC..

@all

I think that a "firewall" program that will bring up a requester if a new program tries to access the internet would be useful. Right now, any program can open a port and start transmitting data. True, on the Amiga these things are less likely to be automatically installed like they are on windows. However, it's still a good idea to add the extra protection.

Even with this, remember that there's no such thing as a 100% secure system. A trojan could always use atach itself to an existing server running on your machine and use that.

Hans

_________________
http://hdrlab.org.nz/ - Amiga OS 4 projects, programming articles and more. Home of the RadeonHD driver for Amiga OS 4.x project.
https://keasigmadelta.com/ - More of my work.

@Chip

Quote:

Chip wrote: @JurassicC Quote: How can you say we dont need it. Because most people don't need it. Quote: I can't speak for your ISP but I regularly see people port sniffing on my subnet. If they see you have port 2500 open with amiganetfs, then its a free for all for them and goodbye to your files. If you have a personal firewall it will not protect you from these kind of attacks either. Quote: Not everybody has the luxury of being behind a router. What luxury? A 25-30 euro device??? Where are you living?

Most ISPs here still give out modems be it adsl or cable in the UK, rather than routers. You can usually updrage to a routers but it cost you more. Basic broadband which most people go for doesn't come with these. You can't expect joe public to go out and by extra hardware just because its only 30Euros.
We are only a small %age and generally have a good understanding of technical issues and hardware. It because of this knowledge short fall in the windows world thats why customers are encouraged to buy an internet security suite or the setup CD's have a free firewall on them.

_________________
A1200T 603e 330Mhz - Mediator TX OS4.1 F.E.
CDTV 8MB Fast, OS3.1, SCSI, MicroSD SCSI & CD32 FMV
X5000, X1000, A1XE with OS4.1F.E.

@All

Let me rephrase it
When we have more important tools, when we have a bigger user base (and coder base), we'll have it.

My wording wasn't correct. What I mean is that it's not as easy as just asking for it. A firewall with a nice GUI and nice features like automatic recognition of an attack will require a lot of work.
We are certainly not ready for that.

Last edited by elwood on 26-Jul-2006 at 05:35 PM.

_________________
Philippe 'Elwood' Ferrucci
Sam460 1.10 Ghz
AmigaOS 4 betatester
Amiga Translator Organisation

@elwood

Quote:

Let me rephrase it When we have more important tools, when we have a bigger user base (and coder base), we'll have it.

Ok i know that...

But, to improve our user base we need to present to that users an usable and secure system, not only a nice and usable system...
I think that security was a GREAT issue in these days...
And ASAP we got an usable browser (maybe mozilla/khtml based) we surely need at the same time a tool to prevent attacks or similar things.

However at those regards I(and many other people here seems) like to read something wrote directly from Hyperion's guys to konw if was a planned feature or if someone must do all work alone or etc etc...

Tuxedo.

Last edited by Tuxedo on 26-Jul-2006 at 06:08 PM.

_________________
Simone"Tuxedo"Monsignori, Perugia, ITALY.

@Tuxedo

I always wanted to ask Olaf Barthel if Roadshow could close all ports by default.
Maybe it's time to ask

_________________
Philippe 'Elwood' Ferrucci
Sam460 1.10 Ghz
AmigaOS 4 betatester
Amiga Translator Organisation

Hi,

@elwood

This is the ONLY change that i see as usefull on the actual Amiga TCP/IP
pakages! [per default on AmiTCP/Genesis a few ports open.. but easy closed]

The discussion over a "personal" firewall on Amiga IS NONSENS !

Pleas list me ONE prg on AmigaOS [3.x or 4] that connect from selfe to the internet !!
This is not a PC ! No prg connect without a init from the user to the internet !
No prg is startet if you click on an e-mail attachment [is this an amiga exe] and
connect hiden to the internet !

It is purely NONSENS !
Have running many Net prg [print daemon/Apache+MySQL/NFS] and no ONE connect over hiden
and mysterious lines to the net i dont know .......

If you have not a "advantage" OS that have tha ability to start self programms and take action
without the user [very clever] .. you need NO "personal" firewall nonsens ..
A clear firewall that is inbuilt in AmiTCP/Genesis and maybe roadshow [have ATM no OS4] is
enough !

R-TEAM

_________________
My Hardware Config and GFX-Work on my HomePage



Long Live T H E [|D|A|R|K^><^E|M|P|I|R|E|]

@elwood

Quote:

elwood wrote: @Tuxedo I always wanted to ask Olaf Barthel if Roadshow could close all ports by default. Maybe it's time to ask

All ports are closed by default in the standard installation. In order to open a port you either have to run a program which starts listening to incoming traffic on a specific port, or you need to activate/add an entry in the DEVS:Internet/servers file.

AmigaOS is not like Windows, where you have services you'll never need or don't even know listening by default for incoming traffic. These days even most Linux and BSD installations are secure by default in that they don't have any services attached to the ports (well, maybe except for secure shell, but that's arguably a tolerable exception).

So much for inbound traffic. It's a different story for outbound traffic, which is notoriously difficult to filter if you want to maintain a working system at the same time. The need to filter outbound traffic for security reasons is valid and established practice. But just with all other matters of security, you need to know what exactly it is you are protecting and what you want to sacrifice for it. As far as the Amiga is concerned we're still unaffected by the major threats which may make outbound traffic filtering necessary elsewhere (no worms). Besides, the outbound traffic filtering works best if you do it in a dedicated server which enforces the local network access policy.

Last edited by olsen on 27-Jul-2006 at 09:59 AM.

@olsen

Quote:

All ports are closed by default in the standard installation

Good to hear. I suspected that but always forgot to scan the port to check

Then OS4 is secure.

Thanks.

_________________
Philippe 'Elwood' Ferrucci
Sam460 1.10 Ghz
AmigaOS 4 betatester
Amiga Translator Organisation

@olsen

Never forget, though, that security-through-obscurity only works while we're still relatively obscure. If/when Amiga OS4 becomes popular, we may well see some trojans and other malware show up on our platform, if only because some of the new Amigans might themselves decide to write a trojan on the Amiga just because they can...

Somewhere along the line, we will need a system to alert us to strange programs trying to access the Net, or to altered versions of existing programs trying to access the Net.

Thankfully we don't need it right this second, but let's not get complacent about it either. Time passes quicker than we expect sometimes...

_________________
"I love peacenicks, they're so easy to conquer." --Ivan J Ironfist, the Dictator

@NomadOfNorad

Quote:

NomadOfNorad wrote: @olsen Never forget, though, that security-through-obscurity only works while we're still relatively obscure.

Of course. But the problem isn't so much that there would be security through obscurity in AmigaOS, the problem is that there is no security at all. We have an operating system design which has no separation between user processes and the operating system. The shared library model shares data and executable code. We don't have any methods for enforcing that a user program stays within its user mode bounds.

Quote:

If/when Amiga OS4 becomes popular, we may well see some trojans and other malware show up on our platform, if only because some of the new Amigans might themselves decide to write a trojan on the Amiga just because they can...

I daresay that the lack of working security measures is what limits the domain in which AmigaOS could be used. You won't ever see it compete against Microsoft's offering of the day, or the other mainstream operating systems.

I also expect that there will be no further operating system to compete with the malware platform Microsoft's product represents. It's just too good. To become equally effective as a malware vector, you have to have both widespread deployment (and Microsoft owns upwards of 90% of the market) and exploitable weaknesses. If you don't have both, your platform is not worth exploiting.

Hence AmigaOS is not in any respectable danger. Not because of security by obscurity, but because it's not worth the effort by a very long shot.

@olsen

That's NO good news at all...

Then we have NO security...really BAD!
No matter if we dont need it now...



Tuxedo.

_________________
Simone"Tuxedo"Monsignori, Perugia, ITALY.

@olsen

Quote:

We have an operating system design which has no separation between user processes and the operating system

But this has nothing to do with a firewall and the level of security we have with Roadshow.
You are talking now about memory protection, right? This (I hope) will come later.

Edit: not in 4.0, i.e not before 2 or 3 years from now.

Last edited by elwood on 20-Aug-2006 at 10:51 PM.

_________________
Philippe 'Elwood' Ferrucci
Sam460 1.10 Ghz
AmigaOS 4 betatester
Amiga Translator Organisation