[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 9 Jun 2018, at 09:30, Tom via list <list@xxxxxxxxxxxxx> wrote: > > I'd better get up to date with current AV state of play. Still mainly a Windows issue by many orders of magnitude in terms of malware around. AV will spot a minority of malware you encounter in practice, inevitable since the stuff picked up by AV is not spread by people with AV so it is not widespread. That said USB is a disaster waiting to happen on Linux (and I mean Linux not just GNU/Linux). Fundamentally plugging in untrusted USB devices breeches the integrity of the hardware, since it can pretend to be anything, so basically the same as giving an attacker keyboard & mouse on your system - what could possibly go wrong.... In general stick it on a website, use code signing or other signature if the stuff is executable and there is a concern itâll be maliciously altered (and there often is), is pretty good way of stopping folk using dodgier approaches (USB drives, SMB/CIFS, other network filesystems). Browsers typically have a developed sandbox, and good bounties for sandbox escape... Chrome even started running its own AV on downloads on Windows... If you are keen make that web-server a repository and use a signing key ;) -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq