Using a virus scanner or end-point protection tools such as Cylance, Webroot or SentinelOne can help. Using the web app as a browser will allow you to choose which files to write, although you still need to be careful you don't download and execute anything malicious. However, if this is the case then you're already partially compromised.
It could be conceivable that an attacker who has the ability to execute files on a system, but not write them, could use Dropbox in order to get the files they need there. That way, Dropbox will not be able to write to your file system. If you're concerned about running malicious files on a certain machine, then it would be better not to run the Dropbox client at all and simply use the web application to browse your Dropbox and shared folders. Of course, if there were any directory traversal vulnerabilities in the client then this wouldn't hold true, but of the time of writing none have been discovered.
Then doing controls before syncing would be rather paranoid, but as paranoia is a good rule in security, my advice would be to still do.Īs CodesInChaos notes, it will not be able to write outside of the Dropbox folder unless you execute it.
if you have to use office documents (Libre-, Open- or Microsoft-), be sure to disable all macro executionīut as I already said, the problem is the problem of the group, and all members that share the dropbox folder should apply security practices to remove the malwares before copying a file to the dropbox and not after. feature poor, but I do not know attacks on pdf files either - provided script execution if disabled (thanks to for the comment), more refs here if possible, use only file formats that cannot carry malwares: simple text files are a good example of that - unfortunately this format is hmm. Then only copy files for which you can be sure that they are not infected with malware - clamav can help here to test files in that kind of DMZ - beware if a malware is not detected here and if you copy it on your main disk, you will be infected so it is far from a rock solid solution Either use a Linux or BSD machine that will be immune to most malwares, or take snapshots of the machine before syncing and restore the clean snapshot if something goes wrong. At least that should not allow synchronization of the majority of infected files Be sure to have a strong anti-virus solution to protect your own machine. It it is not, or if the risk is still to high, you will have to use worarounds to limit the effects of the unavoidable malwares. Depending on which you share your dropbox with, this can be or not reachable. The real solution would be to educate your co-workers so that they use good security practices in order to not to write worms or malware in the dropbox. Once you share a dropbox folder with someone, you allow him to write any file there, and if you synchronize a local folder with the dropbox to also write locally in the synchronized folder.
0 kommentar(er)
