[gregw2]

I dunno, I used to use ISO linux images because they were write-once and assuming I had a trusted source of the ISO or system writing the ISO, I didn't have to worry about the Linux system getting compromised and I could just run Linux off a CD/DVD.

I'm surprised that didn't come up in the original article or comments here on HN.

(I am aware of course of non-persistent in-memory worms, and the fact things can persist in places other than the filesystem, but I presume they are much rarer.)

[bastawhiz]

If you write an ISO to a flash drive is it read only? Obviously optical media is inherently read only, but I haven't owned a machine with an optical drive in almost fifteen years and I don't have confidence any way of running an image (aside from a hypervisor) would preserve that property.

[smaudet]

Hmm I don't think they are cryptographically protected, it's a security by difficulty thing (obscurity?) - iso is not a "simple" format so corrupting is not simple, either.

On the other hand as you said, physical media can have a strong(er) security guarantee (write once at the physical layer), and iso's are easier to burn than disk images...

Optical media can still be bought and drives still work fine...and there are other advantages to optical media (such as longevity) that as of yet drives can't replicate.

[eptcyka]

The bytes can still be overwritten, you dont need to change the structure of the image's filesystem to do that.