by Hooray » Sat Mar 24, 2018 4:22 pm
if in doubt, you can set up a dedicated "fgfs" user account on your computer for anything involving FlightGear - this is what I'd recommend to do anyway, because that way, there's no way for any of your private/work related stuff (documents etc) to be compromised while tinkering with FlightGear. Alternatively, you could dual-boot into fgfs and/or install fgfs on a separate flash drive or USB drive.
Speaking in general, it's much more likely that your usual internet software (browser, mail client etc) would contribute to a compromised system than fgfs itself.
However, there's admittedly an increasing number of features added to fgfs that can definitely be considered potential attack vectors (networking, multiplayer, terrasync, fgcom, package manager, aircraft center, new Qt5 launcher or tiled maps).
If you're concerned about any of these, my suggestion would be to run fgfs in an isolated environment (separate hard disk/computer), without providing any network/internet access at all.
Personally, I am not overly concerned actually, but I would agree that it's very unfortunate that more and more "live" functionality is added, i.e. features that introduce more and more hard-coded assumptions about a fgfs process always being "online" automatically, and often also on a broadband connection.
Thus, it would probably not be such a bad idea to introduce a dedicated "offline mode" that would disable such functionality for good (at least for the duration of the session).