A question of trust

 

How secure is the BOINC client for volunteer's personal computers?

After 2 airport transfers and 16 hours of flying, I finally made it to Taipei for the ISGC conference in Academia Sinica. Incidentally, this is the furthest east I’ve ever travelled. I was subsequently greeted by valleys of tree-covered mountains, the Taipei 101 tower (one of the tallest buildings in the world) and a warm reception by the ISGC organizing committee.

My first day was spent sitting in on the Asia@home Hackfest which had some interesting highlights that I mention here. It’s now my second day in Taipei and I’m still jet-lagged. More importantly, today is the official opening of the International Symposium on Grids and Clouds and the Open Grid Forum; both events are running in parallel.

One of the main themes I picked up this morning was about the question of security within the BOINC framework, in volunteer computing projects. BOINC is the software client that enables scientific applications to run on a volunteer’s computer. In the IDGF (International Desktop Grid Federation) session, concerns were raised about the spread of malware through BOINC. The speaker explained that if a hacker does break in, then the system prevents this by making them sign in with a digital signature. This process is a major stumbling block for hackers.

At the Quake Catcher Network session, Carl Christensen explained that as BOINC like a web browser such as Firefox. This is because it sends information via ‘http’ requests to the University of Stanford’s website. Therefore, the software client does not have any open ‘sockets’ for hackers to exploit. Additionally, BOINC also works well on computers with both anti-virus software and a firewall installed. Do these examples go some way in alleviating peoples’ concerns?