I recently sent a request to my employer's IT department asking for access to Python 3.6.3. The request was denied with the justification "Python is dangerous to have on a pc. It is a useful attack vector."
Can anyone provide insight on what this might mean? Does simply having Python installed on your computer make you more susceptible to attacks? I can't tell if my employer has a valid concern here or if they are just taking the easy route.
EDIT: Spelling
No, there is nothing inherently insecure about python.
However Python can be used to make a vulnerability. For instance it would be easy to make a web portal that executes anything that is typed in. This is true for any programming language, but python makes it extra easy.
And I know, you would know better, but IT departments see all their users as idiots (often with good reason).
Every Macintosh and a lot of Linux distributions for desktop have Python installed by default. I don't think they are unsafe.
Videos
Hey everyone so I brought a book teaching to programme in python for absolute beginners and it says you have to download python 3 but also warns that windows os systems can get glitchy and confused by it. I have windows 11 and just got the computer a few months ago so was wondering if it was safe to download without messing my computer up? I'm totally new to programming so sorry if this is a stupid question
It is not "safe" in the meaning of "no risk at all" to install any kind of software on the same device you use for online banking since you don't know what the software is actually doing. This does not matter if this is open source or closed source software.
But, it is also not "safe" in the same "no risk" meaning to use online banking at all or to use a laptop, because you cannot fully trust the online banking, the browser you use, the operating system or the hardware and firmware of the laptop. Additionally you cannot fully trust your internet provider, the vendor of the router etc.
This means, that there is no such thing as "safe" in the meaning of "no risk". There is always some risk and the question is if this risk can be accepted. In the case of installing a widely used software from a well known source and keeping the software up-to-date the risk is probably acceptable. But, if you got the software on an USB stick from a suspicious person I would probably not trust it even if the person claims that this is the well known and widely used software you can also download. And, if the download was not done from the original site I would be suspicious too.
But, even if the download was done from the official site it still might be malicious in case the download site was infected. Thus, again, the risk is not zero. But, this is true not only for open source software but also for closed source.
In summary: the risk is never zero and the more software you install your on your system the larger the attack surface gets. You have to decide yourself if the risk is acceptable or not based on various factors. Closed source vs open source software might be such a factor but there are way more relevant ones, like download source or reputation of the vendor or author of the software.
I taught a CSE course 'Introduction to Programming' and we used Python programming to teach the class. We always recommend that students install Anaconda Spyder for the purposes of the class -- both on their personal computers and on the university lab computers.
There is no such thing as 100% guarantees of security, but over the years we have never had 'trojan' or 'spyware' or any malware related issues with Anaconda and neither has anyone else (no known reported cases to the best of my knowledge).
So the answer to your question is: yes, it is safe. Go ahead and install it from the official source/website.
So I wanted to install Python, download Selenium library on it, and combine it with Webdriver to access web-driven accounting software to automate some stuff; mainly downloading reports from the accounting software since there are tones of reports to download every month, which the software does not have automation function for. I don't want to deal with any data.
Senior director and I went to IT for the request to download Python and they declined; they said there is a security risk.
Does anyone know what potential security risks they are referring to? I don't have cs background so I'm not very sure. And is there a way to mitigate those risks?