I've just found it and uploaded it to github. Looking at the code, I can see my horrible C style of the time. There's probably bugs galore.
https://github.com/JetSetIlly/Direwall
If I remember correctly, it runs as a commodity and patches the socket library. Interestingly, the socket library was not re-entrant (unusual for Amiga libraries) so I had to patch the Exec OpenLibrary() function to monitor the loading of new copies of the socket library. But it's been a long time so memories are hazy.
It'll be interesting to see if it is still compiles and runs for modern AmigaOS, if any active Amiga programmers are around to see.
It was quite insistent on the fact that it would be "noisy" at first as it queried all the programs you ran, but would then quieten down once it had been "trained". It got that across in clear, simple language.
I think it was so successful because it got the soft side of its security job right as well as the hard part. It's certainly why I recommended it to anyone at the time...
My personal computer had ZoneAlarm on it. It became ground zero for reporting about infected systems. They ignored systems they thought were save; CISCO phone system running on Windows server and other backend devices. The company then bought a few licenses to run their own laptops.
It is such a same that Microsoft destroyed _ERD Commander_ and other quality tools which assisted in the clean up.
There was simply no need for it. GNU provided most of the software, spyware was unknown.
Only since comercial vendors package for linux and bring their spyware along, the desire to inspect network rose.
Also with the number of remote code execution exploits that have occurred in Web browsers over the years it's hard to know for sure if what you installed hasn't been hijacked unless you spent all your time on gnu.org
- GNOME Shell (extension updates without a way to disable this, weather),
- GNOME Calculator (currency exchange rates),
- NetworkManager (periodic hotspot portal checks in most configurations),
- GDB (debuginfod enabled by default),
- Firefox (extension updates, push notifications, feature flags, telemetry, ..., some parts cannot be disabled),
- VSCodium (Open VSX callbacks even when installing extensions from disk with updates disabled, JSON schema auto-downloads, extensions making their own unsolicited requests, ...),
- Electron (dictionary updates from Google servers, no way of disabling; includes any application running on top of upstream Electron, such as Signal, Discord, etc.),
- GoldenDict (audio samples fetched from the Internet on word look-up, no way to disable)
Of course, this is nothing compared to Windows [0] and macOS [1], but the malpractice of making Internet connections without asking, by default, has unfortunately been finding its way everywhere since modems stopped making audible sounds.
Having read about PRISM and seen the leaked dashboards of Paragon Graphite (said to be used by ICE), and with LLMs bridging the gap between mass and targeted surveillance, I don't want any of this.
[0] https://github.com/microsoft/calculator/blob/ffd0519676019a0...
Which would crash (technically hang) if you blocked it. [0]
And let’s not pretend that kde wouldn’t have an extension system if it could - but it’ll never have one because implanting one in that c++ spaghetti nightmare will never happen.
But if not, I'm not criticizing GNOME in isolation here. It's just what I use and what I'm most familiar with. KDE has the same issues and it does have an extension system too. It's called KNewStuff.
Maybe some middleground of having the tool OP sent built-in would be a good option.
But it wasn't always this way, and so, I don't think it has to be. People just need to start paying attention to this.
The impact of a lot of those vulnerabilities would be mitigated if the affected programs didn't connect to the network in the first place.
As for updates in general, I really like the model adopted by Linux update managers and BSD port systems. The entire repository metadata is downloaded from a mirror and cached locally, so the search terms never leave your machine. Downloads happen from the nearest mirrors, there's no "standard" mirror software (unless rsync and Apache count?) so they don't report what was downloaded by whom back to any central system and you can always host your own. Everything is verified via GPG. And most importantly, nothing happens on its own; you're expected to run `apt/dnf update` yourself. It won't randomly eat your bandwidth on a metered connection or reveal your OS details to a public hotspot.
Simple, non-invasive, transparent, (almost) all-encompassing, and centrally configurable.
Quote from LittleSnitch:
> Little Snitch for Linux is built for privacy, not security
What's your definion of malware in this context?
Note that LibreWolf still leaves some of the stuff on for you to manually disable (dom.push.connection.enabled, extension updates).
[0] https://support.mozilla.org/en-US/kb/how-stop-firefox-making...
You're welcome.
Yeah...
It mostly worked exactly as you would want a desktop firewall to, and integrated nicely with Cisco VPN tech, so you could ensure Integrity was operating correctly before fully opening up the tunnel for access to corporate assets.
Simpler times.
ZoneAlarm otoh, was snakeoil. Programs that ran at the same privilege level (typically everything) could bypass it in various ways.
Back when people would try to winnuke others on IRC, the Linux guys would know who sent them the packet and call them out in the channel (and then usually ban them)
Also that seems irrelevant because it seems this was implemented in eBPF so no kernel modules are required.
OpenSnitch must be like ten years old by now. I think also portmaster is somewhat similar too.
Back then there was also a nice ~$15 program called Net Limiter which allowed one to cap network speeds individually per program.
Shooting yourself in the foot really helps to built intuition!
Playing with your router is still a pain though, especially if you don't have a device with an Ethernet port. You learn all sorts of fun things like "If you change your router's IP address you get logged out of its management at the old IP address" and "Oh, that's what subnet mask means, weird."
Most definitely. The old lessons were hard learned, and they stayed with you. Going through everything, trying all the combinations, and reading obscure materials for any hints.
I don't want to glorify the old hard way of spending perhaps days on problems that ended up being trivial, but it's obviously different now when one can get all the answers and helpful scripts directly from LLMs. Much less is retained.
A simpler time lol.
Used to use Outpost Firewall Pro, too.
It can be manually configured with very detailed policies, but you have to know where to go to find those controls.
It's been a while since I used ZoneAlarm or Little Snitch, but the last time I used either one the default behavior was instead that any connection attempt or attempt to listen for which there was not a policy would result in a dialog showing all the details about what application is looking to connect to or receive connections from what as well as a variety of options for creating a policy or even not creating a policy and just deciding whether that one connection would be allowed.
Also back when I used ZoneAlarm I had dialup so the taskbar addon they had which showed realtime bandwidth usage and what applications had active connections was really useful. It also had a big red "Stop" button that would immediately disable all connections, which thinking about it in retrospect really makes me miss the more innocent days of the internet.
Default allows everything though but you could even set outbound blocking rules. Cumbersome UI and no really good visibility though.
Don't open it.
@dang