| ▲ | mmis1000 5 hours ago | |
Like… browser? Or anything with script loading capabilities like script engine in games. Executing remote script is almost unavoidable nowadays. And there isn't really a way to confirm if it is configured in a secure way. You either trust the developer or not. | ||
| ▲ | einr 4 hours ago | parent | next [-] | |
At least JS code in a browser is sandboxed. A Notepad++ update is just rawdogging an executable on your bare metal, perhaps with admin privs even, and hoping for the best. | ||
| ▲ | g-b-r 3 hours ago | parent | prev [-] | |
First, it wasn't even the developer who compromised people, here; second, scripts in most cases are orders of magnitude less dangerous than a windows executable. And, in many cases you can get some protection from a developer going rogue (or not writing perfect code), it's not an all or nothing. | ||