On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote: > On 03/14/2017 01:55 PM, evo wrote: > >hmm.. this is also a good point, thanks! > >so if i do not use openoffice in my bankingVM, there is no practical > >vulnerability in it. > > > > Yes and no. Off the top of my head, there are two things to be concerned > about with the (regular, distro) software you install: > > 1. Does it cause an additional service to start accepting connections? > > 2. Does it have a MIMEtype or similar mapping, so that clicking on a > mislabeled file could cause it to open in an unwanted/risky app. > Unfortunately, nautilus doesn't seem to have a setting for always asking > before starting an app. But at least it defaults to double-click instead of > single-click. >
3. Installing some programs, like libre/openoffice, brings with it numerous libraries and attendant programs which may widen the attack surface of your qube considerably. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170315001755.GA13981%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
