undefined | Better HN

0 pointsbtown8y ago0 comments

To that point, all user submitted content has a new and unseen hash, and could become executable in the face of a zero day in otherwise trusted code that is processing it. This is equally true of web applications and Excel attachments to emails.

People who think the top level poster’s approach to security is sufficient are gravely mistaken.

0 comments

1 comments · 1 top-level

P388y ago

No claims that it is sufficient - what is does do it prevent any non-trusted file based executable etc from running.

Doesn't do fileless, memory-based or rootkit but does prevent any untrusted and therefore unknown executable from running.

Does that have value - of course, a true default deny approach.

j / k navigate · click thread line to collapse