Security category

I think that the System > Preferences > Sessions dialog should have a password lock on it, similar to the network dialog.

It would greatly increase security, after all. Any nasty softwares first port of call is to register itself in the startup list.

download security updates from the other server when is current server (selected in Software sources) unavailable

It would be great to have a program to have a synchronized copy of a folder transparently.

The user would have a daemon that when detects the conection of a USB device it will look for a backup synchronization folder. If the device has got one of these, this program would copy the new content of the hard-disk folder to the backup disk.

My idea is like having an *repository* with a copy in a pendrive. Thus, making the updates to the backup device in a seamless way.

Some improvements of this software could be: adding support for encryption, adding support for commit to the hard drive, setting folder size limits, viewing which files has been changed.

It would be very interesting for people that has got important data in their hard-drives.

With the popularity of the pendrives (it's easy to have some of 16GB), and the needed of "backuping" data, this software could be a seriosly advantage for Ubuntu.

Currently, the Firestarter program requires that the user specifies an "Internet connected network device" and a "Local network connected device." Should the user happen to start the GUI whilst connected to the internet via an alternate device: For example, say that in Firestarter, your default connection is set to 'Ethernet Device (eth0)', but you one day happen to connect to the Internet via, say, 'Wireless Device (wlan0)', Firestarter GUI will display the error message: "Failed to start firewall. The device eth0 is not ready..." and shows a red circle and square indicating that it is not running, when it is ran after making the change to the network connection.

I think Firestarter should be monitoring all network connections automatically, so that the user doesn't have to change the setting each time they change the method by which they connect to the internet.

Also, is it not a bit of a security issue that the firewall fails to start on the basis that the program is not yet able to monitor all connections simultaneously?

NOTE: Please refer to comments for a semi-detailed overview on how the attack exactly works.

A rogue DHCP server is where a hacker sets up a second DHCP server on a network, so that they can read a users traffic if their DHCP server responds faster then the legal one. Detecting and warning against Rogue DHCP servers is EASY. Ubuntu simply needs to ensure that when multiple DHCP responses are received by a client before the normal timeout, that the routing/gateway address is the same on all of them.

The gateway address is where all the traffic goes if you are trying to access another network subnet (like the internet). Hackers change the address to be their address, so that all traffic from the targets goes to their computers (and they can read it). Afterwards, they forward it on to the real places, so the user doesn't know that their traffic is being read (and maybe even modified).

IF a rogue server was detected (ie, multiple DHCP leases with different gateways), warn the user that a rogue DHCP was been located and tell them to contact the admin. Whilst the user and ubuntu cant tell which one is the fake, and therefore cant safely ignore one of them and continue working, at least their traffic wont be compromised.

while it is the great help on support it is also in causing trouble - bad trouble.
its a security issue, very heavy.

please make that with install it will get password protection by admin/user password.

plus: to prevent grub boot options to be edited it also shall be protected by password

now u are only granted to click to get to the passwords. and to finger around. this app should be hardened by policykit or any other good way.

guest session is not the solution.

The goal: to be able to differentiate packages that cause systemwide changes from "harmless programs"
Why: To increase security when an unexperienced user decides to try new packages

Users very often get package recommendations from places which are not 100% worthy of trust, like internet foruns. A malicious (or poorly informed) suggestion can cause a users computer to became an open relay to send spam, or an ssh server for a hacker to bruteforce his way in.

To avoid that, it would be nice to have a "safe packages" list, of programs that

* dont use suid
* dont open network ports
* dont change the boot sequence
* dont affect any user of the computer that does not call the program in any way

in other words: can be installed without creating any security concerns

The problem with form submissions in web browsers is that there is no easy way of knowing if when you click "submit", your data will be sent securely! Even though the webpage requesting your login details is HTTPS, the form might be submitted to an insecure webpage.

I propose that when the user hovers their mouse pointer over a submit icon/button, a semi-transparent padlock emblem is over-layed showing the level of security, and maybe even if the data is being submitted to the same website or another (helps protect against cross-site scripting).

A mockup is available here. (Keep in mind it is a guide, there may be better ways to portray the information.)

If some dangerous command ( e.g. rm -rf / ) going to be executed, then a small alert message appears, just like the one for New Updates, also the command execution be held till user click on a button ( on the alert window ) to allow the code execution.
Sure to allow that code execution, user required to enter his password for sudo.

And, let there an option on that Alert message to keep Allowing execution of that code by the same process ( and show the user the process name and ID ) for "y" time ( Ask user for time in seconds ).

Also, let there an option on the Alert message to keep Allowing execution of Any code by the same process ( and show the user the process name and ID ).

in the two previous paragraphs, i considered the code executed by a process, but if the code executed by the user ( using terminal or .. ), the same thing happen but instead of Process name and id, it would be "YOU".

there would be some level of very very dangerous codes, in case of execution on of these codes, System check:

1-if the current user is "root" ( or in the group "root" ), then show him all Alerts for any another users alive on that Ubuntu.
Sure for all Root users ( or in group "root" ) to have an option to hide these messages.
Root can mark some users as "Safe", to allow them to do what they want.

2-if no "root" alive here, don't execute that command even the user allowed that, but if that user is marked as "safe", let him decide, and leave an alert appears for any root login.

Sure to have an option in the Control Panel to turn OFF/ON that protection system.

i got an little idea to get the add/remove program up-to-date

just add an button like "add your program" in it.

that should open an program asking: are you an advanced user?

if yes, then the program will present an page where you can add the an program.

if no, the user will be presented with an page where he needs to fill in the details of the program ( name, website, linux source( if possible ), ect... )

if this is to dangerous, then consider an voting-website for programs. that way, an program will not get added before there are enough votes.

Most applications dont need full acces to your home and removable media (+ whatever you have write access to), in fact they dont need to be reading that stuff either, like any app you run can read your unencrypted firefox and pidgin passwords. There are sane ways to fix this problem.

For server applications the AppArmor (and not in ubuntu SELinux) try to define what a app needs to do and the minimum privileges it needs to do that. This is important for desktop applications for many doing solely this would be limiting. There needs to be some other way of setting permissions.

What do applications need to do? most have a configuration file, either ~/.application and/or /etc/application. and then most read a audio file, and then they create a odt with that audio file embedded. However unlike most server applications both these files can come and go from anywhere the user has access. In order to not limit users activities most removvable drives are fully accessable to users, even if they do have uid/gid awareness they are usually fully writable and accessable, but applications dont really need this uaually.

These apps allready pull up a system file menu, (nautilus, konquerer, or thunar) for both reading files and saving them. why not have the option to run these applications as unprivileged, (with access your X of course) and then have them access ability to read and/or write only with permission given by the action of selecting these files. (use security profiles and preferences to fine-tune)

Programs would only get access to set default config/profile files (rw), files you select for opening (r or rw depending on how it opens the file--intent shown in dialog), and files to save/modify, and folders to have full permissions over.

This could be tunable, designed to not get in peoples way, but all the same would greatly increase the security of many applications. firefox could access anything outside its profile or create files unless you told it to ( you already tell it, and creating files to default directories could be always allowed, just through group permissions.)

once i have seen page of switching videodriver on. there i have seen that were written that driver's are checked. i have just opened that again but it is not written now. may be i misremember somehow, may be that is written in other description in other place. now there is only written that that closed driver decreases stability and ubuntu developers cannot improve it, as i remember.
that time i thought "what means checking"? and searched for checking against spy activity and vulnerabilities and have not found, only about checking that they work stable i.e. not crashing and not incorrect somehow visible.

as i heard there are some antivirus software [in the world] that can check binaries not searching virus signatures, but analysing binary program directly against bad activity, i think may be it is indeed possible to check whether binary program sends information from keyboard to the internet for example (i.e. i want to say about keyboard spy). but though this type antiviruses are closed source theyself i think. so this post will probably be downvoted i think, because that is impossible to do well nowadays.

what closed source binaries used in ubuntu i can say for example: nvidia, flash, opera, skype, google earth, vmware.

Is it possible to turn the multitouch display into a fingerprint device. That would allow the OS to demand the fingerprint instead a password for authorisation.