Linux with interface of Windows XP ( Site )
Hilarious!
(:TNG)
That’s a neat idea. I do think more emphasis needs to be placed on that transition from Win to Lin; that’s the obstacle to be overcome. If XPde could be integrated as an optional desktop environment for a distro, that would probably help.
LM
PS: What’s hilarious is your danasoft sig block…
I agree total to its opinion!!!
I love Linux! 
Yes indeed. If only CFP worked in Linux…
i run ubuntu 7.04 only put firestarter firewall on it thats it seames to run very well indeed ordered my ubuntu 7.10 disks to day not released till i think the 20 oct carnt wait ubuntu just gets better and better wtg woosh we gone rock on LINUX :BNC
Hey LM, although discontinued (someone is thinking of picking it up, but this is the present status), you might want to look at FireFlier (just to look at it, not to use it as it’s discontinued). It’s a bit like CFP in that there’s the packet filter rules (the wording is the same as iptables but in GUI), and has app control (not properly implemented in terms of security i’ve read) etc.
It’s a nice project, in pics at least ( FireFlier - A Project For Interactive Firewall Administration )
Interesting. I wonder why it seems that there’s little interest in Linux in controlling applications’ connectivity. Must be related to the presumed security of the OS, I guess.
LM
It’s probably more complicated than that. There are several advanced security tools, boy do i got bookmarks! But in general, they are mostly for the paranoid, curious or servers.
In this case, it seems that it’s not easy to implement app control. I had a link… here it is:
http://projects.emerge.upt.ro/Kernel-Dev/wiki/fireflier
This link is better than wasting my fingers on a poor excuse for an explanation
Have you read anything about Injoy firewall? It has a Linux version, and a similar architecture/process to CFP - in that it is not a part of the system, does not use iptables, has its own driver, and intercepts traffic before it reaches iptables. So you can still use iptables on top of it. Possible limited distro compatibility, though, and also it’s commercial.
I note that Fireflier seems built around SEL, which has a cool security approach (from what I’ve read), but if I understand correctly, the non-distro version of it went commercial. Could be I didn’t understand correctly, or have mis-remembered.
LM
No, the guy on the link is working on that
This second method is the one I am currently working on. The iptables filtering part can be done using the skfilter patches from James Morris.What is available it seems, is this
The problem is that multiple programs can have access to the same socket (example: master creates a socket, and childs inherit file descriptor, other example: file descriptor sharing via IPC). Fireflier only checks the first that has access to the socket, and grants access based on that. Checking all programs that have access would be too slow, since fireflier finds programs by walking /proc, and it needs to do this on every packet. Currently it has a cache, but it can't be used in this situation anymore.
Now i re-read the start, and it seems he was on the team already. So if the project is dead, perhaps his work is too … ■■■■
Perhaps it’s just dead. 
Now that Injoy, wow, i had looked at the website before when it was mentioned at Wilders. Stem used it in the past i think. Just looking at the pics makes me dizzy ;D
I’m going to look at the demos, maybe a trial next week… what an addiction trialing programs!
I didn’t know it was GNU/Linux compatible. But it doesn’t seem to have app control. Or does it? ???
No, I don’t think it has app control; but it does a lot of other stuff - traffic shaping, VPN, port-binding, complex custom rules, traffic monitoring & reporting. Ahh, where’s the app control? 
LM
the best practice if you need better security is to learn to write your own sripts using iptables ( I think)
then you know what you are doing and you are not stuck to a certain Gui. And most of these GUIs are a higher level interface for IPtables.
just go through the Iptables tutorial…there’s a lot to learn.
regards,
Dam
Hey Damitha,
That’s what i said before. I was just showing LM this project.
I use iptables. Although no scripts (i saved the rule in a folder, then i set /etc/network/interfaces to call my rules when eth0 goes up).
I personally do not run a firewall in my linux environment, I do not see a need to :-\
Umm, why? Unless you mean you use iptables instead of a GUI-based firewall to do the iptables for you…
LM
Nope, no Firewall at all ;D
Why? Because I don’t find a need to, I am behind a router at home so I am safe. On my notebook however that is another story, but still whenever I do a port scan, the results are that all my ports are stealthed.
Also a bit off subject, but Ubuntu 7.10 was released yesterday.
Really? What’s your IP? Lemme see what I can do… Just kidding - I don’t do that stuff! ;D
Have you ever looked at any buffer overrun protection for Linux? Seems that’s one of the chief weaknesses.
LM
So iptables on a dedicated machine ;D
lol ok ok, i will look into a Firewall…
Although this IP is from a machine running Vista, which is protected with Comodo Firewall 3 ;D so try getting through that!
This new Ubuntu seems interesting. I can’t see though, that it would change anything for me. I still need AutoCAD, Photoshop and Illustrator to work flawless… not sure that they would do that if they ran in Linux.
Also, I’ll never switch to Linux until I get outbound firewall control - as simple as with Comodo. I hated the IPTables GUI - Firestarter.
Finally, as I discussed with LM, fonts are pretty ugly (funny expression, pretty ugly, that’s a paradox!) in Linux. I’ve heard that there is something like ClearType available, but it’s called FreeType. Don’t know if it’s beautiful.
LA