Security

How safe is i-Installer?

i-Installer provides the following safety mechanisms:

You
(Weak) GPG signatures and MD5 checksums

You

i-Installer lets you inspect everything that is in a package. Especially for packages that need administrator access, this is important for security-minded people. Note: other installers often have the same weaknesses, but none of them offers the amount of inspection that i-Installer does (as far as I know).

One special remark. Any archive in the package (files ending on .tar.gz or .tar.bz2) can be inspected in two ways. The normal inspect will not inspect the archive itself, but it will display a separate listing. The advantage is that you may inspect the listing of an archive without having to download that archive. However, there is no guarantuee that the listing is indeed what is in the actual archive. So you can inspect the actual archive. For this, you need to keep the Alt-button depressed while clicking on the inspect button. It's title will change to reflect the different status.

(Weak) GPG Signatures

i-Installer supports a weak form of GPG-signatures. The signatures are checked against a key in a known key server of your own choice. If you trust the connection to that keyserver, that is a plus for the signature. The signature itself will be 'plain', it will not be part of any 'web of trust', in other words, apart from calling the signature provider over the phone, there is no way for you to check that the signature actually belongs to the package provider. Note that this can be called `weak', but for most users of GPG, this web-of-trust thing is too much trouble to use anyway.

Safety during installation

When packages are installed, everything is normally done with normal user permissions. However, package may require administrator access to be installed. When this happens, i-Installer tries to minimize the amount of processes that are run with administrator privileges. When a package requires administrator access, the following actions are run with administrator privileges:

Creating the install location directory
Running the prepare script
Unarchiving
Running the configuration script
Running the removal script

The rest (e.g. selecting, downloading, uncompressing) is run with normal privileges. i-installer goes so far that for instance installing a compressed archive is split into the uncompress process (which runs without privileges) and the unarchive process (which runs with privileges). Though unlikely, a security problem with the uncompress software will therefore not harm your system.

All output of processes running with privileges, and their display in the Activity Window is in red.

Note

As a matter of fact, people feel more secure when you do not mention security than when you have (the oistrich method, it works with Windows as well). So, reading this, you might be triggered to think that i-Installer is more unsafe then other packaging systems. Most packaging systems, however, can easily be misused to damage your system. It is just something that not many people are aware of, and that also happens so seldomly that it is not a big deal (mostly because it is a system closely watched by many and warnings go around pretty quickly). But even when it is not a big deal, i-Installer has been designed with security in mind. There is of course no way I can guarantuee that the system cannot be misused.