How safe is eddie?

[gfdgfdgfd454asaakhj 0]

Im always hesitant to run additional software, especially one that is always on but I might have to give Eddie a try. (on linux)

 

However how safe is it? Has it been audited?

 

It is something that will always be on on the system and i need to be 100% sure it doesn't do anything that it isnt supposed to.

 

I know it's open source but I'm not a programmer so...

[nick75 25]

You don't have to use Eddie, you can just run openvpn.

[zhang888 1066]

i need to be 100% sure it doesn't do anything that it isnt supposed to.

It doesn't do anything it's not supposed to do. In some cases, it doesn't even do things it is supposed to do.

This is why there are constant bug reports and frequent updates.

 

You are mixing some infosec terms in a case that doesn't really apply here. Usually auditing means a review of

an entirely new infrastructure, protocol, or a low level program for the absense of vulnerabilities such as buffer/stack/integer overflow,

which could eventually lead to dangerous code execution and other unwanted behavior.

Eddie is just a wrapper for OpenVPN, written in .NET, so this entire class of memory corruption vulnerabilities does not apply in this case.

.NET is a memory safe intermediate language that does not suffer from those types of vulnerabilities, same as Java, Python, just to name a few.

The only thing you can worry about is a slightly higher resource usage, because of the .NET framework and Mono on other platforms,  but

this is so negligible on modern <10 year old PCs that the difference is barely noticeable. However if you plan to run it in a Linux VM with less

than ~1GB of RAM you might see some GUI performance issues.

 

If you trust Air as your ISP, which will eventually be true if you plan to route your packets with any of the available servers, you can trust Eddie.

[wintermute1912 6]

A client executable will never be as safe as managing your VPN connections manually using openvpn and ovpn files. This can only be done successfully in Linux. You can try using the openvpn executable in a Windows command window but you just run a netstat and you'll see your LAN IP address constantly connected to the Microsoft telemetry server...