I propose that a system/application (which I've chosen to call Critical Defense Daemon) be developed and integrated into Pfc.
Such a system have the following properties: - be installed by default, but could be disabled during Anaconda installer - kick into action as soon as the presence of Internet connectivity is detected - reference a central server (group of servers) sending it's distro version - accept of packages vulnerable to attack over the Internet - check this list against installed package list - request iptable rules to block such an attack(s) if any installed packages are vulnerable - alert the user that said rules were about to be entered into their firewall, giving the user an opportunity to Cancel - implement said rules - if rule implementation failed alert user of failure and give user option to block all packets except packets outgoing to port 80 - forward user to a detailed or simplified advisory online which would, among other things give instructions on how to prevent attack, etc. - would reverse rules once package version has been upgrade to a non affected version, or user requests that rules be reversed - check for update advisories at user defined intervals for users permanently connected to the Internet, and for dial up users do check on Internet connection
The reason I propose such a system is because over the past up I've installed a few fresh installs of Windows, and without service packs installed from cdrom, the machines last approx 20 mins on the net before they are bogged down my malaware. Such a system would serve as a simple preemptive move that would protect a Linux desktop from such problems now, and in the future.
Just an idea Arturo