Re: Security on Nits?
 

There is the built in linux firewall which is controlled by /sbin/iptables. Very powerful, and very difficult to configure, if you have never used it before. It is an excellent way to block tcp/udp ports.

I hope this helps,

Craig...

Re: Security on Nits?
 

A keylogger trojan would just push the data out through the email program. Can't block that in any easy way.

I know Windows firewalls (at least the good ones) can specify not only port, but also application, and say "the browser can go out to port 80, any other app can't". And so on. This isn't easy to do on Linux or Unix. It wouldn't be that useful either, even if iptables could do it, because on Windows it's much more common that every application do their input/output directly, while on *nix you can often just communicate through the daemon or service that usually handles that kind of traffic (e.g. for sending email you almost never try to send data directly on port 25, instead you use the sendmail (or equivalent) program)).

Out of the box there's almost nothing listening to any TCP/IP or UDP port on the NIT, so someone breaking their way into your NIT isn't much of an issue. However, if you install something that happens to be a trojan there's very little you can do to avoid it doing whatever harm it wants. This is such a serious situation that the only thing that helps is "don't do that". On any platform.

Re: Security on Nits?
 

Lets also look at it this way.

Coding is complex. The internet tablet is a custom kernel on an armel processor. A very very very very small nitch of the linux users out there. Some one would have to write, or compile the app to run, you would have to install it... its actually a much rarer thing than most people imagine.

Re: Security on Nits?
 

I would say it's a lot easier than people say. All I need to do is make a new build of pidgin or firefox and post them here. I would have several hundred installs within a few days.

That said it's all about risk. I have a pre-school daughter. Do I fret about "sexual predators"? Not really, day to day I'm more worried about her falling down the stairs or running into the street. In the case of the NIT's there are much bigger fish to fry before I'm going to become worried about malware.

Oh and iptables can block by process, uid, gid, and other criteria. If it's blocking is not good enough it can shunt the connections through a userspace daemon to do more complex actions.

Re: Security on Nits?
 

iptables can do that, yes, but if you send your emails through sendmail/exim/whatever, as is easiest anyway, it won't help..

Re: Security on Nits?
 

Installing packages is done as root; no matter what you set up (other than rejecting packages before installation), a malicious package can disable or circumvent the firewall. Same as on any UNIX system; if you don't trust the software, don't do a system-wide install.

After installing, you can check sudoers, as it's reasonably likely that malware would put itself in there to permit any malicious activities that require root. All depends on the payload, of course. A keylogger can get by quite fine by itself, as long as some usable process (ssh, mail, etc.) is able to access the outside world.

Things you can do to check software you're considering installing:
Check the file-list.
Check the install scripts.
That should make the scope of things it can do clear; but even with no SUID or sudoers entries, you can do a lot.

Re: Security on Nits?
 

Yep, if malicious software gets installed, no firewall or anything else would help. So, this is what must be avoided.

Re: Security on Nits?
 

No, that's just wrong. A decent firewall will stop applications sending data (your passwords, credit card numbers, confidential email) outside your machine without your permission.

Wait: TA's post makes MUCH more sense when I look at one of his earlier ones too:

Very useful. Thanks.

Re: Security on Nits?
 

If was a Linux programmer in a low wage economy, with the connections to use credit card numbers and paypal, I'd see the Nit's as a god send. Three months programming would get the machine the decent PIM it lacks; 2000 downloads (the most any Nit app seems to get) might get me 1000 compromised individuals. Say I get $1000 from each, of which I keep $500 - I don't have to work again for the rest of my life.

I'm tempted to do it myself.

This is true. As I said in my first post, I think the platform is reasonably safe through obscurity. However, speaking personally, I'd find it undignified to rely on luck for my computer security strategy. (Plus it would be professionally embarrassing to me if anyone realized I was doing this.) So I'll make a minor effort and set up and an extra mail account.

That's good information - thanks. I don't think it would do the average user much good though.

Nokia do seem have to have designed an inherently insecure device, unfitted for most users. If I was them, I'd have firewalled the machine and given it a virtual machine with a sandbox mode, and required special effort and passwords to install apps that bypassed this.

Btw, is there a mode that stops users from being able to install apps?

Re: Security on Nits?
 

Wait - there IS a firewall??? All they had to do was add a GUI???

Anyway, very useful - or at least very interesting, as I don't know if I'll make that much effort. Might be much simpler to carry out my extra email account plan and limit my use of the N800 to fun stuff.