[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 09/06/18 10:14, Simon Waters wrote:
I was hoping to wield the USB myself - it is going to contain as much useful stuff as I can get on it and I was hoping to pop it back in my machine for a quick av check between installs on peoples machines.On 9 Jun 2018, at 09:30, Tom via list <list@xxxxxxxxxxxxx> wrote:I'd better get up to date with current AV state of play.Still mainly a Windows issue by many orders of magnitude in terms of malware around. AV will spot a minority of malware you encounter in practice, inevitable since the stuff picked up by AV is not spread by people with AV so it is not widespread. That said USB is a disaster waiting to happen on Linux (and I mean Linux not just GNU/Linux). Fundamentally plugging in untrusted USB devices breeches the integrity of the hardware, since it can pretend to be anything, so basically the same as giving an attacker keyboard & mouse on your system - what could possibly go wrong.... In general stick it on a website, use code signing or other signature if the stuff is executable and there is a concern itâll be maliciously altered (and there often is), is pretty good way of stopping folk using dodgier approaches (USB drives, SMB/CIFS, other network filesystems). Browsers typically have a developed sandbox, and good bounties for sandbox escape... Chrome even started running its own AV on downloads on Windows... If you are keen make that web-server a repository and use a signing key ;)
One reason for this is a lot of useful stuff on the Pi magazines but downloading them is an absolute nightmare!
I did consider setting up a SMB share of the same but I want to get this info to them asap and not spend all the session debugging stuff
Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq