Marlinspike's Droid Firewall Kills Tracking

mask.of.sanity writes "The first dynamic Android firewall, dubbed WhisperMonitor, has been released by respected security researcher Moxie Marlinspike. The firewall will allow users to stop location-tracking apps and restrict connection attempts by applications. Marlinspike, whose company created the application, designed WhisperMonitor in response to the incidence of location tracking and malware on Android platforms. It monitors all outbound connection attempts by applications and the operating system, and asks users to permit or block any URLs and port numbers that are accessed."

Please port this to Linux A.S.A.P.

[TractorBarry]

> "It monitors all outbound connection attempts by applications and the operating system, and asks users to permit or block any URLs and port numbers that are accessed."

Excellent. + 100 this is the way things should be !!!

I've been yammering on about this for ages now without being able to get any Linux devs interested. As far as I'm concerned without such a feature Linux is a dead duck as far as being an operating system suitable for the home user. I've stopped putting Ubuntu on peoples machines due to the complete lack of such a firewall. And no. IP tables and Firestarter etc. are not the same thing *at all*.

The end user should always be given the final decision before *ANYTHING* on the computer is allowed internet access. This single feature of the Zone Alarm firewall on Windows has allowed numerous "non computer savvy" friends and relatives to realise they have a problem well before malware has been able to phone home. Not to mention blocking all the crappy "auto updaters" and other such crap that idiots have started putting in their Windows apps.

1 The people who write Zone Alarm for Windows get it.

2 Moxie Marlinspike gets it.

3 The Linux devs simply do not get it. They seem to believe we live in Magic Fairyland where no program would ever do anything malicious and anything should be able to connect out without the user knowing about it. "But we're only fetching cover art/some other stuff". No you're reporting information to a third party that I do not wish sent thank you very much.

Without this simple feature your computer is simply a digital spy silently allowing any program to send any information it wants anywhere in the world.

Totally unacceptable in 2011. All machines should have firewalls that allow the user full control of what applications are allowed to talk to the local network and/or the internet.

Re:Please port this to Linux A.S.A.P.

[clang_jangle]

There's a reason the CLI remains the first choice of admins and coders, too -- it's the most powerful interface. It won't be going away in the next fifty years, and may still be with us in a thousand. Users who think "the computer needs to learn me" rather than the other way around will always have a low ceiling on their competence level and will always be frustrated.

As far as the "not usable" BS, really who cares? Competent people use *nix, most people are not competent. It's old news, and I really don't care what you use, frankly. Just trying to be helpful...

Only works for Nexus. Need desktop, too

[Kamiza Ikioi]

FTA, only has installs for Nexus One and Nexus X, and installer comes in Windows, OSX, and Linux... and it looks like they're all 64bit installs only. Very limited. And there is DroidWall, which is available on the market, but I believe you need a rooted phone (which is probably true for any decent firewall). I use DroidWall and it's fantastic. It let's you choose to allow not just an app, but how it connects. You can, for instance, block Pandora on 3G, but not Wifi.