Hello,
Sorry if this is the wrong place but I couldn't find a forum that seemed like it was quite right. This is more or less a firewall question so I am trying here.
When possible, I have always used application execution management software.
If you haven't used this, in it's simplest form, this is just software that requests permission for any file to execute. A whitelist is kept of files that have been authorized with various methods of determining if the file has changed since permission was authorized. There is generally also a blacklist and any unclassified file is on the asklist. Pay internet security packages like ZoneAlarm and Comodo and even free Privatefirewall always contained some version of these functions.
I have always thought that this was one of the simplest and most effective ways of preventing infections. Any software that is new has to ask for permission to execute. That same goes for software that has changed. Anything can be defeated but I think this is a simple baseline that I have found to be very effective over the years.
All of the above mentioned tools are for windows. Are there any such applications available for Linux?
A search shows the package, fapolicyd,
https://github.com/linux-application-wh ... /fapolicyd
but I have never used this. The package comes up under RHEL so I don't know if there is a Debian friendly version or not.
Thank you for the advice,
LMHmedchem
Sorry if this is the wrong place but I couldn't find a forum that seemed like it was quite right. This is more or less a firewall question so I am trying here.
When possible, I have always used application execution management software.
If you haven't used this, in it's simplest form, this is just software that requests permission for any file to execute. A whitelist is kept of files that have been authorized with various methods of determining if the file has changed since permission was authorized. There is generally also a blacklist and any unclassified file is on the asklist. Pay internet security packages like ZoneAlarm and Comodo and even free Privatefirewall always contained some version of these functions.
I have always thought that this was one of the simplest and most effective ways of preventing infections. Any software that is new has to ask for permission to execute. That same goes for software that has changed. Anything can be defeated but I think this is a simple baseline that I have found to be very effective over the years.
All of the above mentioned tools are for windows. Are there any such applications available for Linux?
A search shows the package, fapolicyd,
https://github.com/linux-application-wh ... /fapolicyd
but I have never used this. The package comes up under RHEL so I don't know if there is a Debian friendly version or not.
Thank you for the advice,
LMHmedchem
Statistics: Posted by LMHmedchem — 2024-07-06 16:47 — Replies 2 — Views 76