Highest Voted 'install' Questions - IT Security Stack Exchange

133

votes

14 answers

Is a Windows installer that doesn't require admin rights dangerous?

I use Atlassian SourceTree on Windows, and one thing I like about it is that it doesn't require admin privileges to install or update. I happened to mention this to our ISSO (Information System Security Officer), and he was not a fan. He said that…

windows install

asked Jan 31 '18 at 16:06

David K

1,317
2
7
9

51

votes

6 answers

Is `curl {something} | sudo bash -` a reasonably safe installation method?

The most straightforward way to install NodeJS on Ubuntu or Debian seems to be Nodesource, whose installation instructions say to run: curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - This clashes with some basic security rules I…

curl sudo install

asked Jul 12 '19 at 18:13

Krubo

789
5
9

12

votes

1 answer

Is it safe to use Python package managers like pip, easy_install or conda?

I know it is unsafe to install software (including Python packages) from not trusted or compromised sources. However I wonder how safe I am when I am installing a trusted package from Python Package Index or from Anaconda repository (which I also…

man-in-the-middle python package-manager install

asked Feb 05 '18 at 10:46

abukaj

273
2
7

11

votes

3 answers

How to determine if it is safe to install apk files from alternative android app stores?

Several sites offer APK downloads (1, 2, 3). Is there a way to determine if a given website/apk is safe to install?

android install

asked Aug 03 '15 at 15:15

Sparkler

795
4
7
19

7

votes

1 answer

Is installing Debian package safe?

If I understand correctly, the maintainer scripts in Debian packages are executed with root privileges. I assume that this means that, contrary to my expectation, installing a malicious package can not only lead to compromising the user that runs…

linux privilege-escalation install

asked Jul 24 '15 at 14:26

Boris Bukh

181
5

7

votes

4 answers

Does the new Fedora package manager allow unauthorized installations?

I just upgraded to Fedora 22. The biggest change from the previous version is that the yum package manager is now replaced with dnf. One change I've noticed is that if you try to execute a command that comes from a common package which is not yet…

linux privilege-escalation sudo install

asked Jun 16 '15 at 01:01

Woodrow Barlow

143
11

5

votes

1 answer

Are Ubuntu Snaps more secure than the classic installation method from the official repos?

Today Ubuntu (and some other distros) offer a new way to install software, which is snaps. It's software packaged with all its dependencies, run with some kind of containerization, and auto-updated. This might make it sound like it's definitely a…

ubuntu container install

asked Jun 14 '21 at 09:38

reed

15,398
6
43
64

4

votes

2 answers

Can I rely on anti-virus scanning "data" objects in installer?

When I run an anti-virus scan (Kaspersky in this case) on an (InnoSetup) installer, it scans multiple "data" objects which seem to be the files within the installer: This gives the impression that it would detect a malicious program even before…

antivirus install

asked Sep 23 '16 at 09:14

Ignitor

141
4

3

votes

1 answer

MacBookPro's OSX install.log has entries that predate the initial unboxing

Basically what the title says. I recently had a look at my /var/log/install.log and the earliest entries are from about 2 full months prior to me unboxing the computer. The packaging had cellophane, no indication it was secondhand, and nothing…

macos spyware log-analysis install macbookpro

asked Sep 01 '18 at 21:06

Adelmar

151
5

2

votes

1 answer

Is it safe to ask users to curl a raw file from GitHub?

I have a command line tool (ngi) I made, and currently the process of installation requires 2 steps. First step is to clone the repo into usr/local/ngi. Second step is to manually set the $PATH in ~/.bash_profile (or wherever they set their…

curl install

asked Apr 05 '15 at 19:12

Josh Beam

135
9

1

vote

1 answer

Should I verify installer file PGP hash?

Let's say that I'll download an installer for a program on Windows and the publisher has released PGP Signature for the file. The installer file does not have any code signing certificates. If I connect to the publisher's website with https and…

hash pgp digital-signature install

asked Feb 20 '15 at 15:44

Emre Kenci

163
1
1
5

1

vote

1 answer

Add Cipher Suite support to Chrome/ Chromoium?

I would like to know how to add Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA support to the new versions of Chrome? Since Chrome v25/26 Google stopped the support of Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA. Unfortunately, I am…

cipher-selection install

asked Oct 15 '14 at 16:23

Xtreme

11
1
2

1

vote

1 answer

macapps.link - possible attack vector - could you pipe through some security script

I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place. A work colleague said she is using…

install bash-scripting

asked Aug 17 '22 at 03:17

HankCa

113
4

1

vote

3 answers

How can I have my process detect if antivirus injected a module or DLL to it?

I am writing an installer process (.exe). My installer deploys different components. It will add registry entries, copy files, copy files over the network, remote execute, remote PowerShell, local Powershell, etc. Sometimes, antivirus DLLs are…

antivirus antimalware detection install

asked Nov 22 '21 at 18:29

ilansch

113
5

1

vote

0 answers

When file hash not available, how to best check authenticity of a file?

Normally, The Document Foundation (TDF) publishes the SHA-256 and SHA-1 hashes, along with the MD5 checksum, for all LibreOffice releases. For example, see this. However, for their current release (v7.1.4), TDF did not publish any hashes or even a…

hash validation office install checksum

asked Jun 11 '21 at 06:28

RockPaperLz- Mask it or Casket

3,114
21
50

Questions tagged [install]