McAfee knocks Microsoft over Vista roadblocks

TalkBack 40 of 124:: Next »; « Previous

Thread View
Flat View

Umm actually: that's where OpenSuSE's AppArmor comes to play...

AppArmor Linux Application Security
Overview
As an open source offering from Novell, AppArmor Linux application security has no licensing fees. AppArmor is included in the SUSE Linux Enterprise 10 products and in openSUSE.
Novell now offers maintenance and support for AppArmor as you ensure its optimal implementation in your environment. You can access the world-class Novell support infrastructure 24x7x365; Novell support technicians are trained in AppArmor to ensure expertise in the technology.
Software flaws in complex applications open the way for attackers to compromise systems that host critical enterprise data. Perimeter security solves only part of the problem because global business requirements mandate open network access for mobile employees, customers and partners. Besides, firewalls do little to protect against the growing number of threats originating internally. IT organizations do much to keep their machines patched to protect against the latest threats, but this reactive security strategy still leaves businesses dangerously exposed. With experienced hackers becoming faster at exploiting vulnerabilities (zero-day attacks are increasingly common), businesses often have little or no time to download, test and apply patches to their systems.
Novell AppArmor is the most effective and easy-to-use Linux network application security system on the market. Novell AppArmor provides enterprise-class, host-intrusion prevention and protects the operating system and applications from the harmful side effects of internal or external attacks, malicious applications and viruses. As a result, businesses can protect mission-critical data, reduce system administration costs and ensure compliance with government regulations.
No Chinks in the Armor
Comprehensive enterprise-wide network application security requires attention to both users and applications. Novell is the only Linux vendor that provides market-leading identity-management solutions to protect data from unauthorized users and an enterprise Linux-application security solution to protect systems from applications whose flaws are exploited.
Unlike other application security solutions, AppArmor does not require heavy investments in training, resources or expertise. Rather, a comprehensive console and YaST-based toolset largely automate security-policy development. AppArmor tools identify the programs that need containment, capture application behavior in a "learning mode" and turn that behavior into security policy?all from a single graphical interface.
Simple to Use
Many network application security solutions never meet the purposes for which they were designed because they are too complex or require too much maintenance. AppArmor, on the other hand, is designed to get you started quickly with minimal investment in time and resources. Its name-based access-control method does not require relabeling of the file system as other methods do, and applications don't have to be modified to benefit from AppArmor protection. In addition, the default configuration of AppArmor includes a number of predefined profiles for common Linux programs like Web, e-mail and remote-login servers that can be deployed immediately. Security profiles for custom or third-party applications can be developed using the included wizard-based tools, which also make policy updates simple as your environment change.
Easy to Audit
AppArmor profiles completely define which system resources an application can access and with which privileges it can do so. Because they are written in standard UNIX syntax with no new jargon, the profiles can be audited quickly for the security implications of a profiled application. Further, AppArmor has built-in reporting capabilities so that system administrators can quickly view AppArmor related events, schedule reports and aggregate events from multiple systems into a common report.
Precise Controls
Many Web applications are written in interpreted scripting languages such as Perl, PHP or Python. AppArmor provides a powerful capability to confine individual Web applications even though they are executed inside Apache using modules such as mod_perl, mod_php or mod_python. AppArmor allows Apache to change context and apply a specific security profile to the script about to be executed. This tight confinement keeps individual scripts from tampering with the larger application, which typically has a wider set of privileges.
Prevents Emergencies
Because vulnerable software is the culprit in many network attacks, organizations spend considerable time and resources trying to keep their servers up-to-date with patches. However, frenzied patching is rarely a sound approach. The increasing occurrence of zero-day attacks means that exploits are often developed before patches become available, and the rush to patch may cause new problems with other software running on the system. AppArmor reduces urgent system patching by stopping attacks before they impact your system. Patching becomes a scheduled maintenance activity instead of an emergency, resulting in greater IT productivity.
No Licensing Fees
As an open source offering from Novell, AppArmor Linux application security has no licensing fees. AppArmor is included in the SUSE Linux Enterprise 10 products and in openSUSE.
Novell now offers maintenance and support for AppArmor as you ensure its optimal implementation in your environment. You can access the world-class Novell support infrastructure 24x7x365; Novell support technicians are trained in AppArmor to ensure expertise in the technology.

[url=http://www.novell.com/linux/security/apparmor/]Source[/url]

Thing is AppArmor can be used with the desktop, there are several of us here in this forum using it. Why pay for something we get with our OS in the first place?; Posted by: Linux User 147560 Posted on: 10/02/06 You are currently: a Guest | Members login | Terms of Use