-
Notifications
You must be signed in to change notification settings - Fork 452
BoincSecurity
This is user-facing security information. The tone should be reassuring but cautious.
Good security is multi-layered. The BOINC system attempts to maintain good security practices at all levels.
The BOINC system requires that you run executables provided by a third party — the company or institution running the project. Each project typically publishes their own security and privacy policy. Measures may include:
- Regular security audits of project code.
- Enabling or requiring SSL communication with project servers.
- Virus scanning of project files.
BOINC has its own usage and privacy policy.
Official builds of the BOINC client software are digitally signed with the University of California, Berkeley code signing key. Use an official build, or build from source yourself. Only use third party builds of the BOINC software if you trust the third party.
BOINC uses digital signatures to allow the core client to authenticate project executable files. Hashes of downloaded files guard against accidental corruption.
You can limit the risk from malicious or insecure project code by running BOINC with reduced permissions. This technique is called sandboxing. Some BOINC platforms (currently Mac OS X and some Linux ports) provide sandboxing by default. However, you should check that your exposure is limited and reduce it if necessary.