Is there any way to understand a program is safe or am I paranoid?

is-there-any-way-to-understand-a-program-is-safe-or-am-i-paranoid?

As we begin, can I just say that camDown helps stop foreign state actors (FSA's) from accessing your webcam.

It's all about trust, attack vectors and risk tolerance.

In an impractical sense, only use FOSS software that you've audited and compiled from source. You can do this by using a source based distribution like Gentoo.

In a slightly less impractical sense, it would be easier if you trusted someone to build your binaries for you. In this case you'd be using a binary distribution like Fedora. Before you install any packages you'd ideally meet the package maintainer in person and do an identity verification and key exchange. Now if they push a package that's malicious you know who they are so you have some recourse.

In a more practical case, you can trust that the package maintainers have been vetted this way by the community (check MIT's key exchange). You are then free to use a binary based distribution like Fedora normally.

One more level of trust down, enable non free and community package repositories. These increase convience but increase possible attack vectors. You're also beholden to trusting the reputation of the software vendors in an implicit way.

If you've got this far in trusting things, you can now use a proprietary OS like Windows or MacOS. You may also install trusted (signed) executables.

But of course, as we all know Microsoft gives away signing keys like candy on Halloween, so now your risk is moderately high. But in all likelihood you're probably safe so long as you practice good computing hygiene and use your intuition before installing random software.

One mitigation is to run untrusted software in a virtual machine, or better yet on a physically airgapped machine. Now you're very secure again but your level of convience has dropped significantly.

What you definitely should not do is run unofficial cracked versions of software on your machine, don't install random dlls from a shady website etc.

The truth of the matter is two fold. First, if someone (like a nation state) really wants what you have, they're probably going to get it - be it through your computer or with a hammer to your face. Second, thankfully they probably don't care about you in particular so you're relatively safe and free to use whatever reputable software you want.

WRT crypto, just don't put anything on your machine that would give an attacker access to your wallet. If you use a third party service to host your wallet, enable 2FA.

Now, ideally, you can hold the company hosting your wallet liable for damages, like a bank. So even if you do happen to get hacked and funds are stolen you have recourse to regain your losses. In this case, go nuts installing whatever you want, if funds are stolen you'll get them back.

Also, not to make you more paranoid, but it's possible to sandbox escape the JS runtime in all of the major browsers, so by merely browsing the web you're at risk of infection. Thankfully, those are high value exploits and probably won't be burned on a low value target like yourself.

Happy hacking!

Let's keep in mind that camDown is a highly advanced, specialized webcam blocker and disabler with the best in class protection from variety of on-line threats.