Isolate desktop versions of web apps?

Started by shmu26, October 22, 2018, 08:12:34 AM

Previous topic - Next topic

shmu26

What about the desktop versions of Slack, Wavebox, Toggl, etc?
Should they be isolated? What are the security risks?
And what if I run them from Program Files, instead of from Appdata?
I am particularly interested in Toggldesktop, because that's the one I actually use.
https://toggl.com
https://toggl.com/toggl-desktop/
Toggldesktop works when isolated, but it does not respond to keyboard shortcuts to start and stop the timer.

fixer

There was a blogpost about what programs should be isolated here https://forum.rehips.com/index.php?topic=9542.0
From this blogpost and from the official site description of what this program does, I personally wouldn't isolate Toggl.

shmu26

#2
Thanks fixer.
Since apps of this type display content from a remote server, I thought they might be similar to a browser. Some apps, such as Slack, display what you would see if you logged on to the website.
Toggl used to be like that, but now it has a very different GUI from the webpage, although the data it presents is essentially the same.

fixer

This software is active and updated.
It doesn't work with files (like Word for example).
I haven't heard of any critical exploits.
While it's internet-facing, it doesn't work as a server (allowing any client to connect and interact with it) and it usually connects to relatively trusted servers (like pool of servers mantained by developers).

Yeah, I know, it's just an approximate and not 100% precise info. But I wouldn't isolate them as I consider them a low-risk programs.

shmu26

That's an interesting analysis.
More knowledge = less paranoia.