On Fri, 13 Jul 2012 13:09:42 -0400 David Ohlemacher <ohlemac...@gmail.com> wrote:
> Any recommended solutions for risk reduction? > > 0. How about running your browser as a different user? That's one of the things. (One of the things you *have* to do.(*)) Also a different user for your e-mail client. "Users" are cheap.(**) That's what I've been doing, for the last few years, anyway.(***) YMMV, Bill _______ Sent from my virusproofed Linux PC (*) I used to think a browser could be made "safe" with NoScript, whitelists, and so on. I was forced to give up on that, finally discovering that the problem becomes easier to solve if you just assume the browser is poisoned code/TRYING to do its worst, and throw away everything it had write access to after each use. (E.g., its home directory; OF COURSE it doesn't have write access to "your" home directory, or to any other users's stuff, including root's.) (**) Almost forgot: your PDF reader. (Especially if it's the Adobe one.) And Java, yet another case -- if there ever turns out to be a reason to have Java installed. Basically, any executable which doesn't come from Debian and/or any executable which pulls things from the Internet. Or which "phones home". (Other users don't have READ access to your home directory either.) (***) I suppose I ought to give a talk on it someday. Kinda got discouraged, though, back when I started, after observing on this list that other *cough* operating systems don't help with security techiques in some of the ways which Linux makes easy, such as separate user accounts for separate applications. Got yelled at... :) _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/