It seems like someone could make it sufficiently easy to isolate the highest risk interfaces in a VM or container. E.g. rather than double-clicking on a native email app (or web browser) to read your email, you'd double-click on a native host program that launches a container for the email app (or web browser). Then you contain the infection (or ransomable content) within the container. Of course, that assumes two things: 1) a staged backup of the container image and 2) an easy path to purposefully move valid data out of the container and into the rest of your work environment.
Sure, data that looks valid could still creep out. But it would help with those "uh-oh, I clicked on the wrong thing" episodes. Here are several containers one could use: http://linoxide.com/how-tos/20-docker-containers-desktop-user/ It seems so obvious, either I'm missing something significant or such a convenience already exists somewhere. Perhaps here: https://bufferzonesecurity.com/product/how-it-works/ But that seems very "enterprisy" or "sledgehammery". I'd think one could do a personal version merely with a little clever scripting. On 03/22/2017 12:44 PM, Barry MacKichan wrote: > No, but the phishermen are getting better and better all the time. In some > cases, I have to look at the message source, for email, to check what the > real URLs are for the links. I see a lot from the .ru domains. I don’t really > see how people can avoid these scams without a trove of knowledge that we > used to consider ‘geeky’. -- ☣ glen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
