Control Program Access To Internet

[helpmhost]

Is there are program/firewall that would allow me to control what programs/commands can access the internet? Sort of like ZoneAlarm for Windows.

I keep hearing about scripts that replace the ls (or other) command so that it accesses the internet like adware. I would like to be able to configure a system to (for example) only allow firefox, evolution, gaim, and some other programs to access the internet.

I know that I could use IPTABLES to allow only certain destination ports (like 80,110, etc), but that would not necessarily block the spyware.

Any tips or pointers or program name or links for further reading would be greatly appreciated.

[loft306]

well for the most part adaware and other spyware wont run on linux boxen though some will run under wine ...but only if you set them up to do so!!!

so dont worry about it!

[Workaphobia]

I think he's referring to root kits, although if the malicious software gets installed on your machine, it can do plenty of things to screw up the contaminated account without using the internet. And if that account is root, then your system is in serious trouble and no after-the-fact precaution will work - root can rewrite whatever you do, after all.

[debian]

You don't have to worry about linux spyware. I'm using Knoppix 3.7 and Xandros 3 without any firewall/antivirus and I have no problem. The best thing to do is to use a LIMITED USER account without root privileges and you're safe.

[awdac]

I keep hearing about scripts that replace the ls (or other) command so that it accesses the internet like adware. I would like to be able to configure a system to (for example) only allow firefox, evolution, gaim, and some other programs to access the internet.

Any tips or pointers or program name or links for further reading would be greatly appreciated.

There is a program to check for rootkits (what you describe above) called chkrootkit (at http://www.chkrootkit.org) that you can run. Running programs like tripwire can also help you see when files have been altered. If you run an unpriveleged user as described above, you should be fairly secure from these sorts of things, barring unpatched vulnerabilities.

Using iptables as you describe above could help, or if you're really paranoid about what's going back and forth over the wire, you could install an IDS system like Snort that will alert you to suspicious traffic.

Another thing that may help more than any of the above and is easy to do is not to install any software that you have not verified through checksums from an independent trusted source. If you download rpms from a mirror, get the checksum for the software from redhat's secure repository (or some other verifiably trusted source) and compare it to your download from the mirror. This is one way to avoid software that has been trojaned. It's a good habit to get into.

[martinh_tech]

Yes there is, it's called TuxGuardian
http://tuxguardian.sourceforge.net/

There may be more out there, but this is the only one I've heard of.

[awdac]

You don't have to worry about linux spyware. I'm using Knoppix 3.7 and Xandros 3 without any firewall/antivirus and I have no problem. The best thing to do is to use a LIMITED USER account without root privileges and you're safe.

While this is kind of true at the moment, as Linux gains more market share, spyware and viruses will become more prevalent. It is still somewhat harder to make viruses for Linux because most downloaded files etc. are still not set executable by default, but it does happen and will probably become even more common as users start requesting ease of use and convenience features more vehemently.

I know that if I get a virus that deletes all my user files, I am going to be just as upset as a user as I would be if someone had rooted my box. All of the files that are important to me are owned by me as user. That means if something did affect my lowly user acount only, it would still take most everything I hold dear with it. Not being root helps save *other users* on the macine (probably) and may prevent a worm from using the box to spread but it won't help userland viruses from a user's perspective. It's good advice to run the box as a non-priveleged user, but it is not the salvation that many think.