Plugins & Security ?

[eph1v3t8]

I've been wondering about how safe it is to download and install Paint.NET plugins created by people I don't know. Are there some security features in Paint.NET that restrict what a plugin can do and what it can access?

Thanks,

--Paul

[csm725]

Any 'pinned' plugin topic is guaranteed safe.

[Rick Brewster]

There are no security features.

And no, there is no guarantee of safety with respect to pinned plugins. Just popularity, and a higher likelihood that since they are popular they will be safe.

[eph1v3t8]

There are no security features.

And no, there is no guarantee of safety with respect to pinned plugins. Just popularity, and a higher likelihood that since they are popular they will be safe.

If there are no security features, then I would think that someone could write a plugin that waited a couple of months to infect your computer, and you would probably never know where the infection came from. Or, whenever Paint.NET was running, it could look for interesting files and send them off to Russia. I'm not sure how that would be detected, and if the plugin were good, it would get good reviews, become popular, and maybe even get pinned. So, the situation is a little worrisome. (It didn't stop me from installing two plugins, but it does make me nervous.)

--Paul

[PineappleQc]

It's simple to prevent any damage, simply sandbox your paintdotnet application to a specific folder, and block it from sending communication or altering files outside that folder.

I believe a number of antivirus and firewalls offer that feature, I know the lastest version of Comodo Free Firewall does.

Edited June 30, 2010 by PineappleQc

[eph1v3t8]

It's simple to prevent any damage, simply sandbox your paintdotnet application to a specific folder, and block it from sending communication or altering files outside that folder.

I believe a number of antivirus and firewalls offer that feature, I know the lastest version of Comodo Free Firewall does.

I'll look into that-- thanks for the tip.

[PineappleQc]

No problem, but just for the record, I have a whole bunch of plugins and have never had any problems.

I regularly check my outgoing / ingoing connections and absolutely nothing even remotely suspicious. And anyhow, I do believe any antivirus would detect such behaviour fairly quickly, as any unallowed access of memory can be detected easily.

[Rick Brewster]

If a plugin was found to be malware, it'd be removed immediately and the author would be permanently banned from the forum. No questions, zero tolerance.

[pyrochild]

If you're on Windows 7 or Vista, there's not much harm a plugin could do anyway, unless you're running Paint.NET as an admin (which there is no reason at all to do).

There's not much incentive to target Paint.NET either. Like Windows vs. Mac, a good deal of security just comes from being a smaller target than Photoshop or GIMP. Assuming there's some dude out there that, for some reason, wants to give viruses to image editors...

[Ego Eram Reputo]

And we are a fairly tight-knit bunch. Not many plugin authors are strangers around here.

As suggested above, stick with the pinned plugins and you can't go far wrong.