| ▲ | Gigachad 2 hours ago | |||||||
The problem extends far beyond VS code. All extensions and executable code has the same problem. There was a case where Disney was hacked because an employee installed a BeamNG mod that had bundled malware. A company that wants to remain secure would have to employ strict restrictions on installing software. Only installing npm packages and plugins from an internal preapproved repo for example. | ||||||||
| ▲ | miki123211 18 minutes ago | parent | next [-] | |||||||
Running code isn't the problem. The fact that (almost) all code runs at the same security level is. You regularly run tons of untrusted code when visiting websites. That code can't wreak havoc on your machine because it's well-sandboxed. Yet, if we advocate for sandboxing in more places, the "gun nuts of tech" scream about monopolistic practices and taking away user control. | ||||||||
| ▲ | charlieyu1 an hour ago | parent | prev [-] | |||||||
I don’t understand why we don’t just sandbox everything. We have done it for web browsers, we can definitely do it for VSCode extensions. | ||||||||
| ||||||||