On 09/10/17 21:14, Stefan Claas wrote: > So i thought maybe i buy one, let's say with Windows 10, never update > or upgrade it due to it's permanent offline state
Whether I would consider this sane or not depends a lot on the type of data you'll be handling on the offline machine. If it's just checking signatures on plain text, it sounds somewhat reasonable though I would never consider Windows 10 for it. You don't know all the ways in which it is trying to be user-friendly by interpreting data. So for all I know even a short file stored as .txt might be checked to see if perhaps it can be interpreted as an icon to show in the file manager. Add a buffer overflow in the icon image parser, and you have an attack vector. At least with free software, you can inspect the way it works, and probably isolate all the services that are trying too hard to be helpful. If, on the other hand, you are using rich file formats like images or marked up documents, it sounds like a really bad idea to not patch security vulnerabilities. Same for Certificate Requests you are going to sign with an X.509 Certificate Authority on the offline system. A much too rich format (ASN.1!) to not update security issues, but it would be a very common use case for an offline system. It would be really helpful if all you needed to transfer to the offline system were secure data rather than software updates. But if that secure data is anything more than trivial, I think you really do need updates, unfortunately. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
