D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] AV state of play

 

On 9 Jun 2018, at 09:30, Tom via list <list@xxxxxxxxxxxxx> wrote:
> 
> I'd better get up to date with current AV state of play.

Still mainly a Windows issue by many orders of magnitude in terms of malware around.

AV will spot a minority of malware you encounter in practice, inevitable since the 
stuff picked up by AV is not spread by people with AV so it is not widespread.

That said USB is a disaster waiting to happen on Linux (and I mean Linux not just 
GNU/Linux).

Fundamentally plugging in untrusted USB devices breeches the integrity of the 
hardware, since it can pretend to be anything, so basically the same as giving an 
attacker keyboard & mouse on your system - what could possibly go wrong....

In general stick it on a website, use code signing or other signature if the stuff 
is executable and there is a concern itâll be maliciously altered (and there often 
is), is pretty good way of stopping folk using dodgier approaches (USB drives, 
SMB/CIFS, other network filesystems).

Browsers typically have a developed sandbox, and good bounties for sandbox escape... 
Chrome even started running its own AV on downloads on Windows...

If you are keen make that web-server a repository and use a signing key ;)

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq