That's true. Also I guess domain names in most ideogram-based languages cannot be meaningfully converted to ASCII. The best detection method I'm aware of is detecting a mix of different alphabets in the domain, but I imagine even this has a lot of false positives

This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. "This phishing trick works on all major browsers except Firefox" would be great publicity material.

This strategy is actually really good in VSH

Hop on 2fort and get spawn camped by a pocket demo

Since Google makes money off of you using Maps, and makes third-party apps pay a fee for using their API, I don't think they have an incentive to let you download navigation data to use it into another company's software

If you aren't starting your container with the -it options (for docker run), try setting them so that it allocates a tty. The fact that it works with SSH however makes me think that perhaps the Synology task runner can't run interactive commands like docker attach because it has no stdin. In that case you'll need to do something like this: https://serverfault.com/questions/885765/how-to-send-text-to-stdin-of-docker-container/947763#947763 to pipe the stop command into the stdin of the bedrock server.

If you aren't starting your container with the -it options, try setting it so that it allocates a tty. The fact that it works with SSH however makes me think that perhaps the Synology task runner can't run interactive commands like docker attach because it has no stdin. In that case you'll need to do something like this: https://serverfault.com/questions/885765/how-to-send-text-to-stdin-of-docker-container/947763#947763 to pipe the stop command into the stdin of the bedrock server.

Are you able to docker attach to the container?

I basically agree with all the points you are making. Only scan downloads, email attachments and whatnot. Don't try to play cat and mouse with sophisticated malware because that's a waste of resources. I don't think software like this exists?

Perhaps SELinux on desktop is the way to go as other posts are suggesting, although I heard that it has some usability problems and can break some programs.

You might be legitimately annoyed by the amount of free antivirus software on Windows that don't offer good protection, on top of being filled with ads. But I don't agree that scanning for malicious files and preventing dangerous commands (regardless of how good the implementation is) can be labelled as snake oil.