The recent security issue involving the popular VS Code extension, Material Theme, has made me rethink the security of my development environment. While I primarily use JetBrains, but I had installed and used this extension before, which makes the incident feel even more relevant.
I’m generally very cautious when using my computer—I mainly work on a Mac and only use Windows when necessary. I also try to avoid installing new software or experimenting with unfamiliar extensions. Even so, security risks still exist.
Some development tasks require higher hardware resources, making a VM an impractical solution. A better approach might be to purchase an additional Mac Mini or Windows PC dedicated to work, isolating higher-risk activities (such as working with existing codebases).
Additionally, for assets like online banking and Web3 wallets, it’s best to use a separate computer to minimize risk.
Today, I spent some time assessing the impact of this vulnerability on my current machines. It seems that Microsoft will forcibly remove the compromised extension from VSCode automatically, and manually deleting any leftover files should be sufficient. However, I can’t help but feel a bit uneasy.
Even if it takes a lot of time, it’s crucial to prepare as thoroughly as possible and anticipate potential issues. Only by doing so can we move forward without unnecessary worries.
Top comments (0)