You are here

Vetting the developers

8 posts / 0 new
Last post
Houston
Offline
Last seen: 7 years 7 months ago
Joined: 2013-02-22 11:25
Vetting the developers

Is there a procedure used to vet the developers who create apps to download from here? Especially I am interested to know whether these apps are thoroughly checked for security against backdoors and such. What is to keep a nefarious person from creating a stealthy vulnerability into one of these programs, to which anyone downloading it would then fall victim? Thanks.

vf2nsr
vf2nsr's picture
Offline
Last seen: 6 years 3 months ago
Developer
Joined: 2010-02-13 17:10
Offcial apps

Are digitally signed by John Haller and Microsoft. Developmental apps are just that under development. If a user wishes to test them they should take all normal internet safety and security steps as you would with any download. Personally I wouldnot even be on the internet withou a strong anti-virus and firewall.

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

Houston
Offline
Last seen: 7 years 7 months ago
Joined: 2013-02-22 11:25
Vetting the developers

>> Offcial apps Are digitally signed by John Haller and Microsoft

Where can I get the signature of John Haller in order to check one of these apps after downloading it? Thanks.

"The pen is mightier than the sword." True enough, but only if you get in the first stroke.

vf2nsr
vf2nsr's picture
Offline
Last seen: 6 years 3 months ago
Developer
Joined: 2010-02-13 17:10
Download

the ap you want then scan it and right click and choose properties
and then digital signature like this one here http://imgur.com/Zqo1Z9b

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

richo
richo's picture
Offline
Last seen: 5 days 19 hours ago
Joined: 2007-01-31 22:03
RE: Vetting the developers

I'm sure that if anyone tried to put backdoors and such into their apps here the links would be removed by the moderators as long as anyone that discovers such vulnerability reports it.

The community is pretty good here, so if such a thing happens, the reputability of any app developers that attempt such poor behaviour will go down very quickly (again, provided such behaviour is reported)

And even then, only official apps make it onto the applist and into the updater; and alot of testing and checking goes into that. Plus, official apps get the PortableApps.com Digital Signature added to the installer and launcher(s)

Of course, there are others here who will know more about this (such as John and anyone else that is involved in the process)

depp.jones
Offline
Last seen: 2 hours 58 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
What has been said - and a good ammount of trust.

This is an open community and in a large part based on contributions of interested users - most have the best intentions afaikt. You cannot eliminate the last possibility of mischief, but with such a large userbase, someone should notice it. If you don't trust this, you still have the option to use open source apps, check the code and build them yourself (the source code for the tools used is available just as it is for the open source apps packaged here).
I for myself trust this coumminity very much, but still have my security options in place (antivirus+ firewall). I fetch the apps I package from the original developers websites and run a antivirus test against them, just in case, their download site might have been compromised. It's just a habit - I never got a true positive in the last twenty years, though.

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 3 days 6 hours ago
DeveloperModerator
Joined: 2008-07-24 18:46
Source Availability, Virus Scans

depp.jones said:

If you don't trust this, you still have the option to use open source apps, check the code and build them yourself (the source code for the tools used is available just as it is for the open source apps packaged here).

I feel it is important to reiterate what's been mentioned here — The source code is availble for all of our tools: the PortableApps.com Platform itself (the "menu", if you prefer that term); the PortableApps.com AppCompactor, which is used to shrink app sizes; the PortableApps.com Installer, used to build the paf.exe installer files; and the PortableApps.com Launcher, which is used for many of the apps to create the AppNamePortable.exe file and through it, control how the app runs and saves settings, etc.

In addition to all of our tools having source code available, all of the open source apps we release have the source code available as well, which you can find linked from the "Download Details" section of each app's page. For example, here are the download details for Notepad++ Portable.

Finally, along with the installers being digitally scanned, the apps we release get virus scanned using, IIRC, two different multiple-vendor virus scan tools prior to being uploaded.

Wm ...
Offline
Last seen: 6 years 1 month ago
Joined: 2010-07-17 12:37
in addition to other sensible comments

in addition to other sensible comments already made and *specifically* regarding *people* (developers are people), I think the answer you want is "no".

to be clear, what gets vetted is bits of software rather than the man or woman that pressed the compile button.

For what might be regarded as top level official apps (FF browser, TB mail, so on) the chances of you getting a bum d/l are remote. However, as others have said, I habitually, d/l and scan because that is the sort of person I am.

Plus it is a good habit to have, costs little in time and means when I use something elsewhere I've had a look at it myself. I call it hygeine, heck, I'm not old enough for someone to have to wash me so I clean myself ... Smile

Wm

Log in or register to post comments