maemo.org - Talk - View Single Post

meanwhile	2008-04-14 , 21:06
Posts: 66 \| Thanked: 17 times \| Joined on Apr 2008	#26

Originally Posted by mwiktowy

A firewall is not a magic bullet. Even if it is properly configured, it is not the end all of security. It will do very little against random third-party apps that are installed as root that want to do bad things.

Based on the posts above, I'm astonished by how potentially ineffective Linux firewalls are, as opposed to Windows ones.

Your best bet against something like that is SELinux but that is *a lot* of work to do right and it frequently gets in the way of random third-party apps that you might want to run. It also would be a bit heavy on a limited-resource mobile platform.

Likely the most bang for the buck will come from organizing a central repository of software that is simple to submit code to, where the source code is actually audited...

Depends what you mean by "audited". I'm unaware of any process that can give a reasonable assurance of security without a lot of expense or donated free eyeball, which probably wouldn't be given.

Sandbox execution, otoh, can make the engineering effort for an attacker very high to impossible: that's the way I'd go. It's what Google are doing with Android, and it seems pretty bloody obvious as a solution.

Edit to add:
Nokia seem to going for a form of sandboxing on Symbian:
http://www.forum.nokia.com/main/plat.../security.html

Last edited by meanwhile; 2008-04-14 at 22:17.

Quote & Reply |