[Gllug] p2p programs

Rich Walker rw at shadow.org.uk
Mon Nov 14 19:11:14 UTC 2005


Henry Gilbert <henry.gilbert at gmail.com> writes:

>> 5. Don't download plugins for your browser.
>
> Hi Rich,
>
> Genuine concern here.
>
> I've installed Flash, Mplayer (DivX,WMV,AVI,QuickTime), JRE, Real
> Plugins on those Linux boxes.
> Any way to mitigate any possible exploit via those?
> (ie some way of sandboxing)

Yes: don't run a browser as root!

Personally, nothing gets installed here unless it is
(1) a debian package from a sanre repositiory
(2) compiled from source.

(Sometimes I go so far as to check the md5sums of downloaded tar files,
but not always).

If the plugins you are using are "vendor-supplied" then the vendor will
do security management; as long as you get the security updates in a
timely manner, you'll be fine.

cheers, Rich.

> -- 
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug

-- 
rich walker         |  Shadow Robot Company | rw at shadow.org.uk
technical director     251 Liverpool Road   |
need a Hand?           London  N1 1LX       | +UK 20 7700 2487
www.shadow.org.uk/products/newhand.shtml
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list