Quote:
Originally Posted by Dave_S
My antivirus software scans every download as a matter of course, but what possible effect could spyware or a virus have on standalone ARM processor firmware for a device with no Internet connectivity?
|
What does the Internet connectivity or lack thereof matter?
Anyone who uses Calibre connects their PC to the unit via a USB cable. If somehow the files unpacked from the .BIN contained a virus or other kind of spyware/malware, and you connected your reader to your PC via a USB cable, then at least in Windows you are subject to all kinds of potential infections.
The fact that the unit is Linux based doesn't even necessary stop the risk. The important thing is that when you hook up to the unit it reads it from Windows as just another file system, and can autorun stuff. It's exactly the same thing as people getting "autorun"-based malware from USB memory sticks. Something which happens all the time these days.
It's unlikely, true, but certainly far from impossible.
That said, thinking more about it I simply took the precaution of temporarily disabling the autorun on my Win box, installed the firmware, then did scanning virus/spyware scanning of the unit. Its clean. But it wasn't the stupid question its being posed as.