Jump to content
bobbyroberts99

Does importing workflows pose any security risks?

Recommended Posts

I'm a noob and loving Alfred 2. I've imported a bunch of workflows and am wondering if they pose any security risks.

  • Can malware, viruses or keystroke loggers be added to my system by way of an imported workflow?
  • Are workflows safe?
  • Does running anti-virus on them before import do any good?
  • What precautions does Alfred 2 take to make sure that no malevolent code gets added to my mac?

Thanks for the app. It's really well done!

Edited by bobbyroberts99

Share this post


Link to post

Importing workflows does not pose a risk. That said, running them might. Running an anti-virus on them should be pretty much useless; workflows can run arbitrary code, much more than an anti-virus could detect.

It’s on you to make sure you trust the source of a workflow (or any app, for that matter). Alfred itself does not make any precautions, as that’d be self defeating — its power comes from its flexibility. The vast majority of workflows are built with scripting languages, which means they can be easily audited, so if you’re worried, stuck to popular workflows and the ones made by trustworthy users. These forums are a great way to get a feel for what those are.

Share this post


Link to post

That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response.

 

Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums.

Edited by bobbyroberts99

Share this post


Link to post

That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response.

 

Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums.

 

We've n ever heard of anything malicious being spread via extensions or workflows. Hopefully we never will. So far, the community of workflow developers and creators have been a great asset and continue to help Alfred grow.

Share this post


Link to post

That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response.

 

Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums.

 

If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing :)

Share this post


Link to post

If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing :)

 

That's good to know.

 

Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password?

Share this post


Link to post

I personally install a backdoor into each of my workflows so that I can trojan horse you all, mouahahaha  :ph34r: (just kidding of course)

 

I don't have the numbers but I believe alfred users are a relatively small community and there would be little to no point in making it a target of any sort of attack, be it against their privacy or their machines.

 

But as I said, I don't have the numbers. I have no idea how many people are using alfred with the powerpack nor how many times my workflows were downloaded or used, so i might be wrong.

Share this post


Link to post

Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password?

Alfred workflows don’t have any type of special privilegies on your machine. Anything that requires a password to do should also require one when called via a workflow.

Share this post


Link to post

It stores your Apple ID and password in a plain text file, which is not good security-wise, but also far from malicious. Apart from that, it doesn't appear to do anything sinister.

Share this post


Link to post

Does this workflow seem to pose any threat? It's beyond my skill to know what I'm seeing. Any help would be most welcomed, as this is a GREAT looking workflow for writers. 

 

Thanks!

Brian

 

Share this post


Link to post
3 hours ago, thisisb said:

Does this workflow seem to pose any threat?

 

No.

 

Workflows are pretty safe in practice. If you wanted to distribute nasty software, an Alfred workflow would be a very poor way to do it, as you’re typically not going to reach more than a few hundred people.

 

It’s far more likely you’ll have an issue due to a bug than deliberate enemy action.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...