Apparmor: Against Zero Day Attacks

I have my feed on Ubuntu Forum yesterday. I'm in the security discussion threads and I happen to come across the sticky for apparmor by the ubuntuguru. I like what I'm reading and the article is enjoining ubuntu users to take advantage of apparmor.

Apparmor is an alternative to Selinux. What it does is use application profiles to confine applications to only do what those profiles allow. It can run in complain mode or enforce mode. In complain mode, it basically learns to abide by the profile. The profile itself can be modified when running in complain mode. The user can allow or deny a particular behavior and incorporate that into the new profile. In the enforce mode, applications may proceed as before or be restricted to do a function according to the set profile. What apparmor does is prevent rogue applications from getting increased priveleges and thereby wreak havoc to the system.

Apparmor protects against zero-day attacks. Zero-day attacks are dangerous because the malware is as yet unknown and unclassified. We don't know what they are going to do. There is simply no patch for it. The vulnerability might be known but not fixed yet. Or it is unknown entirely. If an attacker uses an unknown malware to take over an application, that application is prevented by its apparmor profile from doing something worse to the system.

It is a very nice security discussion.

Comments

Mailvelope, Encryption for Webmail

Encryption is the topic of week. I wrote about it in a related post here. While encryption is a very good idea, doing it and doing it every day as part of your work flow is another thing. My view is that if you're already using an email client then it is easier, simpler and more convenient to adopt encryption. That is not the case if you're using a webmail service. If you are using the browser to check, compose and send your email, what are your options? The answer is: it's complicated. Looking for a way to do encryption with Google Chrome and Gmail, I found this. I also read that Google just released code for email encryption as open source. But it's a long way to being used by end users. The extension for Google Chrome works fine if the recipient also uses Google Chrome. But I went ahead and check this on Evolution.

Donald Trump Is The 45th President of the United States

and he is preparing to move with his transition team into the Oval Office. His election is a shock to many political observers and the world in general. Donald Trump, the president-elect, ran against Hillary Clinton, former Secretary of State and for many the most qualified candidate for the presidency in many years. This has led to many post election analysis of how this upset happened. The numbers of votes for each candidate and the comparisons with previous presidential elections point to the fact that the white vote for Mr. Trump is solid all throughout but the minority and black votes did not come for Mrs. Clinton. This is what happened in crucial States like Michigan and Florida. The Republicans kept Congress and the Senate. It is quite notable that Russia and in particular, Vladimir Putin, is happy that they are going to talk to Mr. Trump rather than Mrs. Clinton. It is also a ...

Remembering Sesame Street

I was around seven years old when I saw Big Bird and her yellow feathers on tv the first time. Channel 9 airs Sesame Street twice a day for the kids who are having classes in the morning there's the afternoon schedule. The show is a hit. It captured us kids. We would shut up and sit on the floor once the familiar theme music starts. I wonder about the american street scene of course. It felt alien to me but the people and the muppets just made their home in my imagination. It didn't matter if we had muddy streets instead of the cobblestones. Years will pass and the locals will produce their own version of this show called Batibot. Why not? It's time we take back television for our kids. Who would have guessed that fast forward to 2012, Sesame Street will be mentioned prominently in a US presidential debate. One candidate was questioning the source of funding for these kind of shows. Try explaining money to a five year old and why he can't ...

Danny's Space

Search This Blog