Security risks of removable media (was: Offline Search?)

Ben Scott dragonhawk at
Thu Jun 5 16:18:09 EDT 2008

On Thu, Jun 5, 2008 at 2:46 PM, Thomas Charron <twaffle at> wrote:
>>  Well, if we assume the computer is offline (which we've been asked
>> to do)... and the software isn't on the drive... what good is having
>> the search engine data going to do?  :)
>  Umm, I don't see that requirement anywhere in the thread.  Did I
> miss something?

  Well, the subject line, and the first sentence of the original post,
both mention "offline search".  I finda figured that meant it needed
to work offline.  I suppose one could insist on an offline search
despite being online, though that seems somewhat masochistic.

>  Any sort of end user controlled exchange of files and/or data is
> also a big security risk.

  I would think the OP can presumably trust himself to not steal his
own data from himself.  In contrast, there actually *is* a huge
malware problem.  It's not hypothetical.  It also causes real damage.
(Example: Reportedly, the vast majority of spam comes from
malware-compromised machines.)

>>> ... generally network attacks are exponentially more effective.

>> And even when the drives
>> themselves are clean, many people still expose themselves to
>> significant risk by using them on PCs that are already compromised.
>  They put themselves at even greater risk just USING the compromised
> PC.

  You're missing the point.  The very scenario under discussion is
carrying around removable media to use in arbitrary PCs[1].  If you
want to state flat out that you shouldn't use untrusted PCs -- and to
me, that's an extremely smart idea -- then why are you carrying
removable media to use with the untrusted PCs?

[1] If the PCs were all trusted and under one's own control, one could
presumably just install the damn software and dispense with the
removable media.

-- Ben

More information about the gnhlug-discuss mailing list