Page 2 of 3 1 2 3
Reply
Thread Tools
systemcrash's Avatar
systemcrash is offline systemcrash
2010-09-03 , 08:28
Posts: 74 | Thanked: 27 times | Joined on Jun 2010 @ France
#11
Originally Posted by ste-phan View Post
I second that security wise a good firewall software is more useful than an Antivirus software.
I want to see what application is phoning home whereto!

Does anybody know how to block N900 Maemo out of the box connection to mail.lotuslive.com?

IP:8.12.152.72
Port: 993
State: ESTABLISHED

Reverse DNS: 8-12-152-72.mail.lotuslive.com
Add an entry to /etc/hosts:

127.0.0.1 mail.lotuslive.com
Last edited by systemcrash; 2010-09-03 at 08:31.
 

The Following User Says Thank You to systemcrash For This Useful Post:
nebel is offline nebel
2010-09-03 , 08:51
Posts: 20 | Thanked: 3 times | Joined on Jun 2010
#12
Originally Posted by danramos View Post
So, once again, you have to basically do a root-like flash to replace the kernel with a more feature-packed one with more security too? Maemo's kinda lookin' a little more like everyone else here. Except, at least I think Android has iptables already compiled in (mine does, anyway--I played with it a bit). Not sure about WebOS.

But anyway, yeah. I would generally tend to agree as far as priorities go. Is that true that only the Titan kernel has iptables on the N900?
As far as i know the stock-kernel comes with out the netfilter modules, anyway i read somewhere around the forum that basic filtering is supported just by installing the iptables (userland-tools) package.
 

The Following User Says Thank You to nebel For This Useful Post:
ME2g's Avatar
ME2g is offline ME2g
2010-09-03 , 12:41
Posts: 168 | Thanked: 58 times | Joined on Aug 2010 @ Vienna
#13
Originally Posted by danramos View Post
Actually, there are a number of exploits for Linux that are worth scanning for (and of course, the ones we're not aware of) so it's always worth being at least a little paranoid. The chances of getting infected/hacked on Linux in this way is pretty low because it's just simply not a common enough target and, even if it were, it's still harder to exploit generally because of all the variations of the kernel, drivers, distributions, etc. Operating system monoculture is bad... the very thing Microsoft tried to attack about Linux (maybe you remember the MS ads with the penguin bodies and other animal heads, poking fun at the Linux mutations and kernel customization!) is, in fact, a strength.

That being said, it's still a good thing to use a scanner even though the chances are low that you'll get infected--but you're mainly just trusting that someone isn't targeting your platform, not that it's just that strong.
The point with firewall issue made in this thread is a good one.

I also found this one interesting:
http://www.h-online.com/open/news/it...e-1061563.html

Btw. which Kernel is used for Maemo 5?
I only found
"Maemo 5 is based on Linux 2.6 operating system."
here:
http://maemo.org/intro/platform/
and
"~/maemo_kernel/kernel-2.6.28"
here:
http://wiki.maemo.org/Documentation/...o_Kernel_Guide
?
 

The Following User Says Thank You to ME2g For This Useful Post:
rambo is offline rambo
2010-09-03 , 12:49
Posts: 540 | Thanked: 288 times | Joined on Sep 2009
#14
For incoming connections the N900 as stock doesn't run any network facing services and thus in that sense things are rather good.

Due to the nature of the device a simple user-level-privileges trojan will totally ruin the users day and I don't think you can scan for all of them (at least without running everything in sandbox and doing behaviour scanning, not exactly usable with these resources).

Stock kernel should be able to do basic iptables filtering, haven't tried it personally (I run titans kernel), but some of the modules exist; it's just the more advanced netfilter features (like NAT) that are not supported.

Local privilege escalation exploits (most of the linux kernel exploits are in this class) are moot on the device when one can get root anyway with a single package install.

Outgoing connections are a good point, however from general usability perspective blocking them by default and asking user for confirmation would really suck (users are much less likely to install random crap that hasn't been at least on some level vetted by the community)

So, yes "There is nothing to worry" is "lies to children" but discussing the real risk cases gets too technical to those who "ask for AV/FW just because their Windows PC needs it" rather quickly.
__________________
  • Live near Helsinki, Finland & interested in electronics ? Check this out.
  • Want anti-virus/firewall ? Read this (and follow the links, also: use the search, there are way too many threads asking the same questions over and over and over again).
  • I'm experimenting with BitCoins, if you want to tip me send some to: 1CAEy7PYptSasN67TiMYM74ELDVGZS6cCB
 

The Following 3 Users Say Thank You to rambo For This Useful Post:
Patroclo is offline Patroclo
2010-09-03 , 13:01
Posts: 275 | Thanked: 46 times | Joined on Feb 2010
#15
I would like if someone could port to n900 a simple to use firewall.
 
volt's Avatar
volt is offline volt
2010-09-03 , 13:04
Posts: 1,309 | Thanked: 1,187 times | Joined on Nov 2008
#16
I fear the use of the word "virus" these days are a threat in itself, as it makes people relax their overall security sense. Even on Windows, the real threat isn't viruses any more.

There are lots of exploits to worry about on Linux as well as on Windows. Server logs are full of probes for weaknesses in PhpMyAdmin, Gallery2, PhpBB. Probes on SSH exploits are also common. And where does the term "root kit" come from, you might ask yourself, as there is no root user in Windows? While Windows is easier to infect, Linux machines are more attractive because they're often servers, internet hubs, where you want to use their resources, take over their services, has more interesting content, whatnot.

At home, I have a Linux based router. It is old now, and I worry that the outdated linux packages have known issues.

Thankfully, IPTables seems to do a commendable job on Linux, but even so, for a desktop Linux machine I would have liked a ZoneAlarm-like GUI on top, to set rules and see activity. And yes, Antivirus. Although there aren't many Linux viruses running around yet, I'd still like to notice if there were other machines on my network sending out infected traffic.

But on any Linux desktop as well as on any Windows desktop, I'd really feel better if there was a hardware firewall (ie. router modem) between me and the internet.

I haven't been bothered with what-actually-is-viruses on my computers since, well honestly not since MS DOS disk swapping. But other malware, that's always a real threat.
Last edited by volt; 2010-09-03 at 13:06.
 

The Following 2 Users Say Thank You to volt For This Useful Post:
gmuslera is offline gmuslera
2010-09-03 , 13:26
Posts: 45 | Thanked: 25 times | Joined on Apr 2010 @ Montevideo
#17
Originally Posted by ME2g View Post
What about security on the N900?

As this is a Linux system is it possible to use some intrusion
detection software?
How about the Linux versions of antivirus software like AVG,
Avast, F-Prot, Clamav, Avira AntiVir ?
Is worse than just "antivirus are not needed in Linux", even if existed a binary virus on the wild for linux (traditional virus have troubles running on it anyway), it will surely be for intel processors, would not run in the N900's ARM.

But security is more than just antivirus. Trojans are malware too. When you are downloading a program (even a .deb) from an untrusted private repository you are not open just to potential bugs of that program that could render the device unusable, it could eventually have some evil code in. At least the normal repositories apps are somewhat peer reviewed (not saying that any programmer of the community, specially the ones that put links to download their apps for testing before putting in the repositories doing that, but just don't discard that someone new jumps in and post a link to something that could not be exactly clean)

Firewalls are to protect people to access services running in your computer using services not intended for others. You can see with netstat which services are your device listening, if you install a web server, or i.e. irreco that listen in port 8765, you have something that potentially could be accessed by the outside world and you may or may not want that, or that have a remotely explotable vulnerability.

There are more things that "listen", i.e. bluetooth, that by default should be secure, but how you use it could be insecure. Or connections that you open that could turn things insecure, like using untrusted/open wifi that could enable people to peek at your traffic or redirect you to rogue sites.
 

The Following User Says Thank You to gmuslera For This Useful Post:
arkanoid is offline arkanoid
2010-09-03 , 14:53
Posts: 251 | Thanked: 70 times | Joined on Nov 2009
#18
Actually we have almost no security at all. Our system has vulnerable flash player capable of remote code execution and no one is going to bother to fix it.
 

The Following User Says Thank You to arkanoid For This Useful Post:
danramos's Avatar
danramos is offline danramos
2010-09-03 , 17:00
Posts: 4,672 | Thanked: 5,455 times | Joined on Jul 2008 @ Springfield, MA, USA
#19
Originally Posted by arkanoid View Post
Actually we have almost no security at all. Our system has vulnerable flash player capable of remote code execution and no one is going to bother to fix it.
And that's a particularly valid point. Nokia's lack of frequent updates and significant closed-minded source code helps make exploits more likely.
 
Patroclo is offline Patroclo
2010-09-05 , 12:19
Posts: 275 | Thanked: 46 times | Joined on Feb 2010
#20
Is there a way to look at the running processes like the Windows Task Manager, in order to check if something "strange" is running?
 
Reply
Page 2 of 3 1 2 3

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 05:50.

Contact Us - Home - Archive - Top