0

Before anything, please excuse my clear confusion over what is probably a non-issue. Computer security is definitely not my expertise, so any and all help is appreciated.

I recently installed a Python package through pip that does not have many github stars and from a relatively unknown author (https://github.com/realiti4/pip-upgrade). Through its execution I got an user access error, so I ran the command on a CMD with admin privileges to try to fix the problem. I then realized I just ran code from an unknown source with admin privileges, which really is not a good idea.

Because I am not proficient enough at programming to really understand the github source, I can't tell if the code is "clean" or if it might have done something to my computer. Please note I have nothing against this specific package or its author; if anything, their package seems very useful, which is why I tried to use it in the first place. The burden lies on me for messing with things that I do not understand.

My question is: is there anything I can do to check that my computer isn't compromised (e.g., would a whole-system scan with Windows Defender be enough)? I am almost certain that the package I mentioned is safe and I'm making a storm out of a glass of water, but I'm worried since I would not be able to identify any suspicious source code by looking at it due to my lack of knowledge.

In summary: I'd be thankful for any indication that the package is indeed safe, or for a method by which I may check I'm not compromised. Furthermore, any advice on "staying safe" when installing and using python packages is appreciated.

rare-quorum
  • 3
  • 1
  • Your Python maybe installed in admin directory instead of user directory so it asked admin privileges to update global python modules. – defalt Sep 16 '22 at 09:54
  • Python is installed in a folder in the root of my C drive, so even though it's not in a user directory I don't think that is the issue. Also, the package didn't really ask me to run as admin; I ran it as admin to troubleshoot the issue. – rare-quorum Sep 16 '22 at 09:57
  • I'm not worried about getting the package to work, but rather knowing if the package is safe to use and would not cause issues even if executed as an admin as I did – rare-quorum Sep 16 '22 at 09:58
  • I don't see any malicious activity with it. It just updates modules all at once like poetry update does. – defalt Sep 16 '22 at 10:20
  • 1
    We can't assess or analyse code or a library. So, the question would boil down to "how can I check if my system is compromised?" The general answer to that is to run an anti-virus on the system by booting it from an external drive. – schroeder Sep 16 '22 at 10:34
  • @defalt thank you for your input, this puts me more at ease – rare-quorum Sep 16 '22 at 11:03
  • Still, I’ll look for an antivirus that can boot from usb as @schroeder suggests, since I can’t seem to find such an option in Windows Defender – rare-quorum Sep 16 '22 at 11:03

1 Answers1

0

There is a cool tool called loki. It is a IoC scanner (indicator of compromise) that could help you, to determine if you are compromised or not. It is more responsible then a antivirus scanner.

I don't see any malicious activity in your python program.

w3ich3rt
  • 16
  • 1
  • What do you mean by "more responsible" in this context? – multithr3at3d Sep 18 '22 at 22:58
  • Loki is built only to determine whether you are compromised or not. It checks various parameters like hashes and file contents and others. Therefore, it is more responsible and accurate than some virus scanners. – w3ich3rt Sep 19 '22 at 06:14