From owner-freebsd-questions@FreeBSD.ORG Tue Apr 3 11:30:53 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5269F106566B for ; Tue, 3 Apr 2012 11:30:53 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id 2F0228FC20 for ; Tue, 3 Apr 2012 11:30:53 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id q33BUqNQ046711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 3 Apr 2012 04:30:52 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.14.2/Submit) with UUCP id q33BUqiC046710 for freebsd-questions@freebsd.org; Tue, 3 Apr 2012 04:30:52 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: from fbsd81 ([192.168.200.81]) by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA21821; Tue, 3 Apr 12 04:23:19 PDT Date: Tue, 03 Apr 2012 11:22:24 -0700 From: perryh@pluto.rain.com To: freebsd-questions@freebsd.org Message-Id: <4f7b3fe0.PWM597T4KrLqJxhq%perryh@pluto.rain.com> References: <4F75D37C.2020203@lovetemple.net> <20120330232307.41e420b1.freebsd@edvax.de> <4f7770b7.BkVKquuSmumStBb/%perryh@pluto.rain.com> <20120401112923.47e6c8a7.freebsd@edvax.de> <4f79c113.4NFuCWPOnCnPln6u%perryh@pluto.rain.com> <20120402073303.1ae0ea96@scorpio> In-Reply-To: <20120402073303.1ae0ea96@scorpio> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Printer recommendation please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2012 11:30:53 -0000 Jerry wrote: > Obviously you are not aware of the latest trend towards the > movement to standardize PDF as the standard print format. I would > recommend you start by reading the documentation located at: > > and continue on from there. That page seems to be concerned with using PDF, rather than PS, as a common intermediate print language in CUPS. I see nothing there relevant to sending PDF directly to a printer. > While there might be some rational for your security concerns on > a business network in regards to wireless networks, they are not > really relevant on a home networks. The simple ease of use that a > wireless network gives a user on a home network far outweigh any > pseudo claims of espionage. Following that line of reasoning to its logical conclusion would lead one to believe that home networks have no need of any malware protection, e.g. anti-virus. Any ISP which has had to deal with incidents precipitated by customers' infected machines -- including but likely not limited to DDoS and spambots -- would likely disagree. > Furthermore, there are means of encrypting print data ... Utterly irrelevant to the topic under discussion, which is the additional malware exposure that a PDF-accepting printer has relative to a printer that accepts only PCL and/or PS. I maintain that an attacker can more easily trick a less-than- paranoid user into sending a malware "print file" to a PDF-accepting printer than to a non-PDF-accepting printer, simply because PDF is such a commonly used distribution format. If someone prints a malware "PDF" file that they have downloaded, and the process of printing it does not require that it be transformed in any way (such as conversion to PS) before being sent to the printer, their only protection from disaster is whatever validation may be built into the printer itself. (Keep in mind that what started the malware discussion was Poly's link to a report stating that some printers do not sufficiently validate an "update firmware" job.) Granted the identical exposure exists for a PS printer if the downloaded malware file is identified as a PS file, however the risk is much less in practice because distribution of PS files is sufficiently uncommon that most unsophisticated users would have no idea what to do with one if they were to come across it. > By the way, since you seem so concerned over your printers security, > I assume that you all ready have it at least password protected. No need. I have no wireless at all -- everything is hardwired -- and I trust my firewall. There's no way for anyone to either sniff or inject anything from outside (i.e. without physical access to the network on the secure side of the firewall).