MuseHub - What does it do and can it really cause harm? In search of facts.
This topic is an invitation to share information on MuseHub and how it works. The aim is to assess whether it is safe to use, and to take action should there be cause for concern.
In several topics on this forum, doubts have been expressed whether MuseHub is safe.
The main reason is the apparent installation of a service with "root" permissions, that is a service that can access and change many or all of the files on the computer, and perform arbitrary actions.
Permissions that allegedly go way above what normal programs can and do.
This has been reported several times, at least for MacOS and Linux. If affirmed, it might open the computer to attacks from the outside, and also make it vulnerable to possible programming errors in the service itself.
If there really is cause for concern, this should be reported to MuseHub development to be fixed as soon as possible.
This topic results from a discussion on "MuseScore 4 Multiple Tabs" (https://musescore.org/en/node/338084). Its purpose is to objectively establish the facts.
I would like to invite all who can contribute to come forward with facts and observations that can make clear whether there really is a problem. And if so, what exactly is its nature and what can and should be done about it.
And that for each of the three operating systems (Windows, MacOS, Linux), since the situation may differ per OS.
To kick the discussion off, a small list of questions that might be addressed:
- Is it true that MuseHub installs a service with root permissions and on which platforms? Please provide details.
- If so, is there a need for such power in view of its apparent function?
- Are such powers excessive compared to what other programs is given? How can you tell?
- Could such powers lead to damage to the system or its users? What sort of damage, and how?
More in technical depth (some examples, not meant to be limitative):
- What ports (TCP/UDP) has the service open and what would be their function? Could they present a possible attack route?
- What can be said about files and services accessed by it, with the same question?
- What other issues could be investigated to assess the possible harm the service could cause?
When we have a clear picture we can make a well argued proposal to MuseHub. Or lay the issue to rest once and for all.
So please, if you feel you have something to contribute don't hesitate! All contributions welcome, in full detail where possible.