Here's an idea:
Why not develop a feature into personal firewalls that tracks active tcp sessions (via netstat) but with some intelligence. The idea behind intelligence is to not spam the poor user every single time an application wants to talk on the NIC. How would that work?
Well, it could associate keystrokes / clicks with network events. If there is a new tcp session established or new listening local port, challenge the user with the application name associated with said session or listening port.
It sounds so simple it just might work. Do you see any false-positive scenarios?
No comments:
Post a Comment