Jump to content

Does importing workflows pose any security risks?


Recommended Posts

I'm a noob and loving Alfred 2. I've imported a bunch of workflows and am wondering if they pose any security risks.

  • Can malware, viruses or keystroke loggers be added to my system by way of an imported workflow?
  • Are workflows safe?
  • Does running anti-virus on them before import do any good?
  • What precautions does Alfred 2 take to make sure that no malevolent code gets added to my mac?

Thanks for the app. It's really well done!

Edited by bobbyroberts99
Link to post

Importing workflows does not pose a risk. That said, running them might. Running an anti-virus on them should be pretty much useless; workflows can run arbitrary code, much more than an anti-virus could detect.

It’s on you to make sure you trust the source of a workflow (or any app, for that matter). Alfred itself does not make any precautions, as that’d be self defeating — its power comes from its flexibility. The vast majority of workflows are built with scripting languages, which means they can be easily audited, so if you’re worried, stuck to popular workflows and the ones made by trustworthy users. These forums are a great way to get a feel for what those are.

Link to post

That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response.

 

Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums.

 

We've n ever heard of anything malicious being spread via extensions or workflows. Hopefully we never will. So far, the community of workflow developers and creators have been a great asset and continue to help Alfred grow.

Link to post

That's what I thought. That's what I did. Hope I guessed right! Good to have my suspicions confirmed. Thanks for the quick response.

 

Have you ever heard of any malicious code problems from workflows? I got most (if not all) from Packal or these forums.

 

If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing :)

Link to post

If you ever have doubts, you can always post a link to the workflow before running it and fellow workflow creators and code-savvy forum members can take a look and help you decipher what a workflow is doing :)

 

That's good to know.

 

Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password?

Link to post

I personally install a backdoor into each of my workflows so that I can trojan horse you all, mouahahaha  :ph34r: (just kidding of course)

 

I don't have the numbers but I believe alfred users are a relatively small community and there would be little to no point in making it a target of any sort of attack, be it against their privacy or their machines.

 

But as I said, I don't have the numbers. I have no idea how many people are using alfred with the powerpack nor how many times my workflows were downloaded or used, so i might be wrong.

Link to post

Let me ask a more specific question: Would it be possible for a workflow to install 3rd party software without me entering my admin password?

Alfred workflows don’t have any type of special privilegies on your machine. Anything that requires a password to do should also require one when called via a workflow.

Link to post
  • 1 year later...
  • 3 years later...
3 hours ago, thisisb said:

Does this workflow seem to pose any threat?

 

No.

 

Workflows are pretty safe in practice. If you wanted to distribute nasty software, an Alfred workflow would be a very poor way to do it, as you’re typically not going to reach more than a few hundred people.

 

It’s far more likely you’ll have an issue due to a bug than deliberate enemy action.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...