Offline Search?

Thomas Charron twaffle at gmail.com
Thu Jun 5 14:46:31 EDT 2008 

On Thu, Jun 5, 2008 at 2:31 PM, Ben Scott <dragonhawk at gmail.com> wrote:
> On Thu, Jun 5, 2008 at 1:51 PM, Thomas Charron <twaffle at gmail.com> wrote:
>>  I don't believe he's talking about toting the app itself around,
>> just the data files.
>  Well, if we assume the computer is offline (which we've been asked
> to do)... and the software isn't on the drive... what good is having
> the search engine data going to do?  :)

  Umm, I don't see that requirement anywhere in the thread.  Did I
miss something?

>> In reality, this is no different then what most people do with
>> standard USB drives.
>  Yup.  And they're a big security risk in that very way.  Most
> computer users have horrible security habits.  Film at eleven.

  Any sort of end user controlled exchange of files and/or data is
also a big security risk.  Most Linux systems also mount a standard
USB drive on insertion with permissions that could be a potential
security risk..  Not managing the capability is the security risk.

>> ... generally network attacks are exponentially more effective.
>  Certainly the spam botherders go more after drive-by downloads and
> Trojan horses, since so many lusers are willing to run whatever a web
> page or email tells them to.  But there are traditional viruses and
> hybrid worms out there, too, and they can "infect" the software on a
> USB drive.  Attackers don't stand still, and not all of them are going
> after the low-hanging fruit these days.  And even when the drives
> themselves are clean, many people still expose themselves to
> significant risk by using them on PCs that are already compromised.

  They put themselves at even greater risk just USING the compromised
PC.  Certainly, a PC is actually going to be used to *do* something
worthwhile, and not as an over glorified calculator.  That PC that's
compromised on a network is just as dangerous, USB drive or not.  And
a PC that isn't on a network for security reasons probably should have
the removable drive capabilities either disabled, or certainly locked
down like there's no tomorrow.

>  You may be willing to take that risk.  Indeed, many apparently are
> willing to do so, or (more likely) are unaware of the risk they take.
> I, however, am not so comfortable.  Maybe I'm paranoid, but then, on
> today's Internet, there really are people out to get you...

  Yup, perfectly good to be paranoid, but managing it is based on management.

  "Doctor, it hurts when I do this.."
  "Don't do that.  Here's your bill"

-- 
-- Thomas

More information about the gnhlug-discuss mailing list