English Subforum > ReHIPS

Isolate desktop versions of web apps?

(1/1)

shmu26:
What about the desktop versions of Slack, Wavebox, Toggl, etc?
Should they be isolated? What are the security risks?
And what if I run them from Program Files, instead of from Appdata?
I am particularly interested in Toggldesktop, because that's the one I actually use.
https://toggl.com
https://toggl.com/toggl-desktop/
Toggldesktop works when isolated, but it does not respond to keyboard shortcuts to start and stop the timer.

fixer:
There was a blogpost about what programs should be isolated here https://forum.rehips.com/index.php?topic=9542.0
From this blogpost and from the official site description of what this program does, I personally wouldn't isolate Toggl.

shmu26:
Thanks fixer.
Since apps of this type display content from a remote server, I thought they might be similar to a browser. Some apps, such as Slack, display what you would see if you logged on to the website.
Toggl used to be like that, but now it has a very different GUI from the webpage, although the data it presents is essentially the same.

fixer:
This software is active and updated.
It doesn't work with files (like Word for example).
I haven't heard of any critical exploits.
While it's internet-facing, it doesn't work as a server (allowing any client to connect and interact with it) and it usually connects to relatively trusted servers (like pool of servers mantained by developers).

Yeah, I know, it's just an approximate and not 100% precise info. But I wouldn't isolate them as I consider them a low-risk programs.

shmu26:
That's an interesting analysis.
More knowledge = less paranoia.

Navigation

[0] Message Index

Go to full version