[Qgis-user] QGIS and Computer Security (Windows)

Nathan Woodrow madmanwoo at gmail.com
Sat Feb 18 18:20:44 PST 2012 

Hey Richard,

On Sun, Feb 19, 2012 at 2:08 AM, Richard Males <rbmales at gmail.com> wrote:

> I am interested in promoting the use of QGIS, but some users have
> expressed concern about computer security issues, particularly in
> respect to the use of plug-ins.  The concern is that a downloaded
> plugin may contain malware, activate malicious code, etc.  I don't
> know if there is any innate protection within QGIS or python against
> bad behavior on the part of plugins, or if this is a "trust" issue.
>
>
While I understand their concerns I do think it is over worrying.  Can QGIS
be used to download and run malicious code? Yes, but so can any non closed
system (living behind Apples Iron Garden Wall is the exception).
 Ultimately it does come down to trust but there a few levels where there
is protection.


   - Python:  Python, like any good programming language, provides no
   protection against malware or malicious code.  It's job is not to care, and
   nor should it try and stop me.  People can write malicious code in
   any language.

   - The QGIS plugin system has a line of defense when the user uploads a
   plugin to plugins.qgis.org.  All plugins, when uploaded by a new user,
   are by default unapproved. They have to be approved by an admin (there are
   a hand full of us around) before it will be publicly available to all QGIS
   users. However we don't normally check the code as the chance of something
   bad happening is low and we don't have the man power to check over
   everything.  Plugins can also be unapproved if it does turn out something
   was bad, once unapproved it is no longer downloadable within QGIS via the
   Pluign Installer.

   - OS level protection.  Most good operating systems these days have
   password protection for anything that is try to do something in a area it
   normally shouldn't, but if QGIS is run with elevated permissions it will
   have access to everything.

   - Open source.  As QGIS, all its plugins, and components are open source
   there is nothing stopping the users (or IT) having a look over the code to
   make sure that it does what it says it does.  However you still need to
   understand what you are looking for.


I have seen the "it's open source, therefore it is a security risk (or is
less secure)" card played many times before   I have always strongly
disagreed.  The fact that open source by design is open, everything
is view-able by the outside user. Every time you download a Python plugin
for QGIS you also get the source code, nothing is hidden, little trust
needed.  Compare this with other closed systems where it is impossible to
tell what something is doing, you have to give full trust that the
programmer and program no what they are doing.

Example:

I used to be a big user of MapInfo. MapInfo has its own
programming language called MapBasic which is complied into a
binary executable and run inside the MapInfo environment.  I can ship a
MapBasic app as a binary file without the need to give you the source code
so you can see what I am doing.  As MapBasic can access lower lever windows
APIs I can do all sorts of damage to the users computer with no way of them
checking before hand.  If I can get the users to run MapInfo with admin
rights (which it normally has to be in order for things to work right) I
now have access to your systems32 or program files folder and can nuke them
pretty easily (or mess with screen savers, install key loggers).  What
makes it worse it that MapBasic can call a C or C++ lib, so if I need more
power I can create a C lib and just call that from MapBasic.

- Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20120219/9c8df0c3/attachment.html>

More information about the Qgis-user mailing list