Advice Request How safe open source projects really are?

Please provide comments and solutions that are helpful to the author of this topic.

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Theres game called runescape, they have official game client but theres like 20-30k people online throught 3rd party game client, thats open source project in github.
You login to game via that client.
1. Is it possible to run malicious code in and infect / 'keylog' peoples account that way?
2. isnt it security issue for company that owns the game?

I doubt theres zero people that really can / bother read the code before they run client
 
  • Like
Reactions: vtqhtr413 and Cast

redsworn

Level 4
Verified
Well-known
Dec 6, 2017
191
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
Yeah true, thanks for post
Theres some chrome extensions like ublock origin have millions of users, when nanoblock have like 30k users. Always bit unsure should i trust something with few users, same with the privacy badger against privacy possum.

The main thing i was thinkin was that if someone could take over the owner of this project and run malicious code in, since the game have money currency that can be sold on blackmarket
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
At first jagex ( company) were against this project, but community voted against it and now like half player base is using it
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,672
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure.
You do not have to argue, just say OpenSSL. It was vulnerable for years and it was found out only by an accident and that DLL is used for everything, emails, IMs, some banking, etc. OS creates a false sense of security. People do not randomly review codes. The bigger they are ...
 
  • Like
Reactions: Moonhorse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top