Security risks of removable media (was: Offline Search?)
Ben Scott
dragonhawk at gmail.com
Thu Jun 5 16:18:09 EDT 2008
On Thu, Jun 5, 2008 at 2:46 PM, Thomas Charron <twaffle at gmail.com> wrote:
>> Well, if we assume the computer is offline (which we've been asked
>> to do)... and the software isn't on the drive... what good is having
>> the search engine data going to do? :)
>
> Umm, I don't see that requirement anywhere in the thread. Did I
> miss something?
Well, the subject line, and the first sentence of the original post,
both mention "offline search". I finda figured that meant it needed
to work offline. I suppose one could insist on an offline search
despite being online, though that seems somewhat masochistic.
> Any sort of end user controlled exchange of files and/or data is
> also a big security risk.
I would think the OP can presumably trust himself to not steal his
own data from himself. In contrast, there actually *is* a huge
malware problem. It's not hypothetical. It also causes real damage.
(Example: Reportedly, the vast majority of spam comes from
malware-compromised machines.)
>>> ... generally network attacks are exponentially more effective.
>> And even when the drives
>> themselves are clean, many people still expose themselves to
>> significant risk by using them on PCs that are already compromised.
>
> They put themselves at even greater risk just USING the compromised
> PC.
You're missing the point. The very scenario under discussion is
carrying around removable media to use in arbitrary PCs[1]. If you
want to state flat out that you shouldn't use untrusted PCs -- and to
me, that's an extremely smart idea -- then why are you carrying
removable media to use with the untrusted PCs?
[1] If the PCs were all trusted and under one's own control, one could
presumably just install the damn software and dispense with the
removable media.
-- Ben
More information about the gnhlug-discuss
mailing list