Executable Documents
many modern documents contains macros or scripts -- that have to execute -- in order to produce the desired presentation. Simple examples would include Java Script in Web Pages and VBS scripting or macros in office documents; more complex examples could include discussion of Adobe/Flash or other similar widgets that can be fed raw data off the net;
What these documents effect is unpredictable;
One of the current problems is "ransom ware"
Ransomware Report
Ransomware is often distributed via e/Mail "Phishing" campaigns; These e/Mails are made to appear to be legitimate messages from known and/or important parties -- but actually contain un-authorized programs -- that run -- or are interpreted -- when the message is opened;
In the case of Ransomware -- the un-authorized program or script* can encrypt the victim's entire hard-drive(s),-- PLUS -- all other accessible network drives;
Paying the ransom is a poor idea: you have no guarantee your data will be decrypted -- or -- even if it is -- that the decrypt will be accurate;
The direction here is to underscore the need for effective security practices -- not just snake oil band-aids;
One of the items we have discussed is the need to authenticate e/Mail messages -- Fred alluded to our discussions of PGP/GPG on this topic;
But, for some time now, I've wondered -- what to do with these executable documents;
Running them is this "firejail" will likely help; particularly if the FireJail will report back any attempts by the suspect document at un-authorized access; While we are thinking about this it is important to remember: hackers are known to test their environments for "honey pot traps" -- i.e. virtual environments -- before launching their evils;
I'm going to continue working with Firejail -- I think it's a huge step in the right direction -- regarding Computer Security: here we can address mis-direction of a script-interpreter -- a step beyond simply preventing execution of an un-authorized binary,-- (which Linux is already pretty good at ) ;
~~~
*script: remember: we all have tools like GPG2 and ZIP -- available on our hard-drives---