bobbyroberts99 Posted October 20, 2014 Share Posted October 20, 2014 (edited) I'm a noob and loving Alfred 2. I've imported a bunch of workflows and am wondering if they pose any security risks. Can malware, viruses or keystroke loggers be added to my system by way of an imported workflow? Are workflows safe? Does running anti-virus on them before import do any good? What precautions does Alfred 2 take to make sure that no malevolent code gets added to my mac? Thanks for the app. It's really well done! Edited October 20, 2014 by bobbyroberts99 Link to comment
vitor Posted October 20, 2014 Share Posted October 20, 2014 Importing workflows does not pose a risk. That said, running them might. Running an anti-virus on them should be pretty much useless; workflows can run arbitrary code, much more than an anti-virus could detect.It’s on you to make sure you trust the source of a workflow (or any app, for that matter). Alfred itself does not make any precautions, as that’d be self defeating — its power comes from its flexibility. The vast majority of workflows are built with scripting languages, which means they can be easily audited, so if you’re worried, stuck to popular workflows and the ones made by trustworthy users. These forums are a great way to get a feel for what those are. Link to comment
bobbyroberts99 Posted October 20, 2014 Author Share Posted October 20, 2014 (edited) That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response. Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums. Edited October 20, 2014 by bobbyroberts99 Link to comment
jdfwarrior Posted October 20, 2014 Share Posted October 20, 2014 That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response. Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums. We've n ever heard of anything malicious being spread via extensions or workflows. Hopefully we never will. So far, the community of workflow developers and creators have been a great asset and continue to help Alfred grow. Link to comment
Vero Posted October 21, 2014 Share Posted October 21, 2014 That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response. Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums. If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing Link to comment
bobbyroberts99 Posted October 23, 2014 Author Share Posted October 23, 2014 If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing That's good to know. Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password? Link to comment
Florian Posted October 23, 2014 Share Posted October 23, 2014 I personally install a backdoor into each of my workflows so that I can trojan horse you all, mouahahaha (just kidding of course) I don't have the numbers but I believe alfred users are a relatively small community and there would be little to no point in making it a target of any sort of attack, be it against their privacy or their machines. But as I said, I don't have the numbers. I have no idea how many people are using alfred with the powerpack nor how many times my workflows were downloaded or used, so i might be wrong. Link to comment
vitor Posted October 23, 2014 Share Posted October 23, 2014 Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password? Alfred workflows don’t have any type of special privilegies on your machine. Anything that requires a password to do should also require one when called via a workflow. Link to comment
taylor Posted November 30, 2015 Share Posted November 30, 2015 (edited) Would anyone mind taking a look at this one? Just purchased the power pack.https://github.com/gampleman/alfred-find-my-iphone Thanks Edited November 30, 2015 by taylor Link to comment
deanishe Posted November 30, 2015 Share Posted November 30, 2015 It stores your Apple ID and password in a plain text file, which is not good security-wise, but also far from malicious. Apart from that, it doesn't appear to do anything sinister. Link to comment
thisisb Posted August 23, 2019 Share Posted August 23, 2019 Does this workflow seem to pose any threat? It's beyond my skill to know what I'm seeing. Any help would be most welcomed, as this is a GREAT looking workflow for writers. Thanks! Brian Link to comment
deanishe Posted August 23, 2019 Share Posted August 23, 2019 3 hours ago, thisisb said: Does this workflow seem to pose any threat? No. Workflows are pretty safe in practice. If you wanted to distribute nasty software, an Alfred workflow would be a very poor way to do it, as you’re typically not going to reach more than a few hundred people. It’s far more likely you’ll have an issue due to a bug than deliberate enemy action. Link to comment
thisisb Posted August 23, 2019 Share Posted August 23, 2019 Thanks for the quick reply! So looking under the hood, the scripts included in the package seem harmless? Link to comment
deanishe Posted August 23, 2019 Share Posted August 23, 2019 It's based on my library, so I wrote 90% of the code. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now