Advice Request How safe open source projects really are?

Please provide comments and solutions that are helpful to the author of this topic.

Moonhorse

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,605
Theres game called runescape, they have official game client but theres like 20-30k people online throught 3rd party game client, thats open source project in github.
You login to game via that client.
1. Is it possible to run malicious code in and infect / 'keylog' peoples account that way?
2. isnt it security issue for company that owns the game?

I doubt theres zero people that really can / bother read the code before they run client
 
  • Like
Reactions: vtqhtr413 and Cast
redsworn

redsworn

Level 4
Verified
Well-known
Dec 6, 2017
191
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
 
  • Like
Reactions: lancer502, roger_m, upnorth and 3 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
 
  • Like
Reactions: lancer502, roger_m, upnorth and 2 others
Moonhorse

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,605
redsworn said:
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
Click to expand...
Yeah true, thanks for post
Theres some chrome extensions like ublock origin have millions of users, when nanoblock have like 30k users. Always bit unsure should i trust something with few users, same with the privacy badger against privacy possum.

The main thing i was thinkin was that if someone could take over the owner of this project and run malicious code in, since the game have money currency that can be sold on blackmarket
 
Moonhorse

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,605
Arequire said:
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
Click to expand...
At first jagex ( company) were against this project, but community voted against it and now like half player base is using it
 
TairikuOkami

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,479
redsworn said:
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure.
Click to expand...
You do not have to argue, just say OpenSSL. It was vulnerable for years and it was found out only by an accident and that DLL is used for everything, emails, IMs, some banking, etc. OS creates a false sense of security. People do not randomly review codes. The bigger they are ...
 
  • Like
Reactions: Moonhorse

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Online ransomware decryptor helps recover partially encrypted files
Replies
0
Views
792
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • Applause
    • Thanks
New Update FreeTube is an open source private YouTube client
Replies
0
Views
920
Social media
silversurfer
silversurfer
upnorth
    • +Reputation
    • Like
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
Replies
0
Views
515
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top