Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is GIMP safe?


  • Please log in to reply
20 replies to this topic

#1 Hermesx

Hermesx

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 03:58 PM

Since it is open source, doesn't that mean that anyone could edit it? I would of course download it from the official site but I'm just curious and being cautious, thanks!


I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 04:03 PM

Take a look here: http://www.bleepingcomputer.com/forums/t/513554/gimp-leaves-sourceforge/

I would say they are safer now than when they were at sourceforge. So yes as long as you download from their new home it's as safe as you can be with downloads.

http://www.gimp.org/

Downloads: http://www.gimp.org/downloads/

For extra verification make sure you match the hash sums.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 04:07 PM

Wow, that does seem alot safer now! Just seeking clarification on your last line...

 

"For extra verification make sure you match the hash sums."


Edited by Hermesx, 06 December 2013 - 04:07 PM.

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 04:22 PM

This explains it a lot better than I can and I really hate reinventing the wheel. :)

http://www.techrepublic.com/blog/it-security/use-md5-hashes-to-verify-software-downloads/

EDIT: myrti's was better.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 AM

Posted 06 December 2013 - 04:24 PM

Hi,

hashes are a way to make sure that the file you have downloaded is identical with the one that the author uploaded. This can be important, for example, if your download was corrupted. Or, in a more malicious scenario, when someone hacked the server and is modifying the files on the server.

What is usually offered are the SHA1 or MD5 hashes. These hashes are calculated from the file itself, the binary code defines how the final hash looks. If you change just a single byte the hash will change dramatically, so they are usually a good way to ensure that you have the right version.
If you look here: ftp://ftp.gimp.org/pub/gimp/help/ you can see that for each file, for example gimp-help-2.4.0.tar.bz2, there's also a file with the same name and the extension md5: gimp-help-2.4.0.tar.bz2.md5.
The second file is a textfile and just contains the hash and the file name: fb4402aabce1d7f4eccc1a8739cc7e56 gimp-help-2.4.0.tar.bz2. Now all you need is a program that creates the md5sum of the file for you and it will allow you to check that your version is unaltered.

Open-source, btw, doesn't usually mean that just anybody can add code, it means anybody can look at the code. But many of the major projects have quite rigurous selection criteria and checks before admitting new code into the project, especially if it is from unknown people. In addition, if you upload new code your pseudonym is stored, so it will always be trackable who added which function and if you add something malicious once, you can be sure to not be allowed back in once it is noticed. It may however go unnoticed for a while, if people don't see what you're doing.

To my knowledge there hasn't been a case where there was a rogue submitter, that was adding malware to such open source projects. However there have been cases where the server got hacked and the legit file replaced by a malicious one.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 04:32 PM

Thank you both for reassuring me of it's safety and further introducing me to hashes! One last question about programs in general. If I chose to download an older version of the program (if they even have an archive section or something like that), would it pose any security risks just like using an outdated browser? I understand that you should update programs regularly, but is it just as stern with photo editing software?


Edited by Hermesx, 06 December 2013 - 04:33 PM.

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#7 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 04:43 PM

I would suggest reading all the change logs between versions to see if newer versions made the application more secure. This will tell you if it's performance and or functionality updates or security has been improved.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#8 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 04:48 PM

Thank you Animal and myrti for your help on this subject, I really appreciate it. :)

 

This topic can now be closed if you wish.  :P


I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 04:56 PM

You're quite welcome on behalf of the Bleeping Computer community.

For others reading, As a general rule BleepingComputer does not normally close topics as others at some point may wish to contribute. Additionally things may change within a short time frame and we can update the information. However the exception to that general rule is malware related topics. As a new topic needs to be started with new logs as we need to monitor the system changes that malware may have made.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#10 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 06:14 PM

Hi again! Has anybody heard anything of a program called inkscape? I've heard that it is much more geared towards creating logos and vector graphics which is what I'm interested in. Thought it unnecessary to create a new thread. :) 


I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 06:50 PM

Since you are not discussing security but wanting know about the functionality of a product you should start a new topic.

I would suggest in this forum: http://www.bleepingcomputer.com/forums/f/37/graphics-design-and-photo-editing/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#12 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 06 December 2013 - 06:51 PM

Thank, sir. :)


I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#13 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:42 PM

Posted 06 December 2013 - 07:11 PM

You're quite welcome.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#14 slgrieb

slgrieb

  • Members
  • 270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas Panhandle
  • Local time:07:42 PM

Posted 11 December 2013 - 08:36 PM

A big issue with popular open source software is it is becoming harder and harder to find a trustworthy site for downloads. A few months ago SourceForge tried to slap me with the Babylon Toolbar when I tried to download some file converters for Audacity. Let's say you like Paint.net. If you do a search, you're going to find that the highest ranked hits are really dubious sites. Just to take a random example, why would anyone set up a site called getpaint.net to provide downloads of a free, open source program? Hey! Nothing suspicious there, right? Frequently, you run into sites that claim to be "the official website of What Ever Software", but may have site names that are just a character or two different than the genuine site. Sometimes it's .com vs. .net, when the correct site has a .org extension.

 

I'd like to stress that this isn't simply an issue with open source software; if you do a search for any popular program, say Microsoft Security Essentials, you'll find the same sort of issues. I like MBAM Pro for it's strong site blocking, and there are also good AV programs with decent site blocking.  All the same, you have to use a lot of judgement about any site you use for downloads. Frankly, I certainly don't have a simple answer to the problem.


Edited by slgrieb, 11 December 2013 - 08:43 PM.

Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is... 
WIFFLEBALL!

 


#15 jonuk76

jonuk76

  • Members
  • 2,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:02:42 AM

Posted 11 December 2013 - 08:49 PM

I agree.  It's also an issue on some sites working out what is the *actual* download link and what is an advert to download some junk you don't want.  Some download sites have several "download now" buttons which look alike, but only one is real and the rest are ads which will lead you to a junkware download.  Adblock Plus in Firefox or Chrome does a decent job of blocking some of them, but you really need to be on your guard.


7sbvuf-6.png





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users