There is no doubt that there are risks with both, no argument there, but if i had to choose trust between an open source program and a closed source program if they each do the same thing MOST of the time I am going to trust the open source one as long as I am getting it from a trusted source. Without access to the source static analysis needs to be done and it will have to be picked apart by debuggers and someone skilled at RE. The closed source program - we need to trust the creator that it does what they say it does and nothing more. The advantage that the open source one has is that the community has access to the source and if there is any doubt about its functionality it can be checked with much greater ease than the closed source one. but I think it really comes down to being smart with where you are getting your files from.Īn open source program downloaded from source forge is relatively safeĪ closed source program (that does the same thing as the open source program) downloaded from bleepingcomputer is going to be relatively safe as well.īoth have the possibility that they may have been tampered with, but the likely hood of this is pretty low, given that they both are reputable websites. not to say that a joiner program couldnt join an already compiled exe of a open source program to a malicious exe either. Modification of legit executables by using 'joiner' programs I would think is more trivial to accomplish VS modifying source code with malicious code and then compiling it successfully. The same can be said about closed source programs. I dont know if I would agree with saying open source is more prone to having malicious software in it because open source allows anyone to put whatever they want in it. I am not against open source programs but there are hazards associated with it too. But Open source programs are more prone to these activities as they provide a room for anyone to put up whatever they want, and may be promote it. Yes I do agree there with all the points you made out there. veracrypt would not have any cookies in it A cookie is like a note in your web browser that can tell websites things about your browsing history. Im not sure what you mean by leaving cookies. If in doubt, ask someone who is knowledgeable whom you know in person for advice on what programs they would suggest and where to download them from. Open source programs are generally safer to download, but nothing is 100%. Just because a program doesnt have a hidden miner in it doesnt mean that it can be any less malicious.Īs a general rule, download well known, vetted programs and download them from the program creators website, or from a trusted website. Using your computer for spamming, or renting your computer out as part of a botnet are other ways that the bad guys can use your computer to make money. It has only become popular in the last few years because it can bring a quick and direct route to money. I wouldn't say that cryptomining has made software less trustworthy any type of malicious code can pose as legitimate software, and it has going back to the earliest days of Trojans.Ĭrypto mining is just one way malicious software can utilize your computer. I wonder how marketing of a single app can push users to download and atleast use once which would leave cookies and hence long term crypto mining. Oh well since crypto mining is a thing now, we really cannot trust anything. Veracrypt is open source and has recently gone through a code audit There never was cryptominning software bundled with veracrypt. I have been using veracrypt since it was called truecrypt, and well before crypto mining was ever a thing. No not really, why would you say it ? have you. Have you noticed Cryptomining software bundled in with VeraCrypt? But do your research before using one of them as some might contain malwares or even mining cookies which could run over your PC. In particular, if an attacker tries to recover the volume header (of the weak password) from the start and end of the partition, they can use either the complex password ( Zdbze5CVPFTPUrPbxzM4GG3N8sTnAktRRcFyYftkdWsUg) or the weak password ( 123456) to unlock the Veracrypt container.I am unsure about many but I am using Veracrypt but there are some more suggested over the web. I am concerned that by initially using a weak password then changing it to a sufficiently strong password, the security is reduced. from 123456 to Zdbze5CVPFTPUrPbxzM4GG3N8sTnAktRRcFyYftkdWsUg). after a few days or a week), I change the volume password (eg. I then easily mount and dismount the Veracrypt container adding files. no one obtains the volume header during this time (while the weak password is in use).it contains only a standard volume (no hidden volume).not a "file", but using the USB as the storage container) Is it safe to create a Veracrypt partition (on a USB) such that
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |