Malware in ComfyUI? Stay Safe with Custom Nodes in 2025!

Рет қаралды 3,249

Code Crafters Corner

Күн бұрын

Пікірлер: 30

@ArrowKnow 28 күн бұрын

Another very important video! thank you for the info! Looking forward to your new videos this year! let's go!😀

@RaphaelRema 29 күн бұрын

That's a great topic. Thanks for putting that together. 👍

@donclair4100 29 күн бұрын

Thank you and Happy New Year to all...

@CodeCraftersCorner 28 күн бұрын

Thank you for watching! Wishing you a Happy New Year!

@marcihuppi 28 күн бұрын

so important! thank you!

@devicenotfound 29 күн бұрын

Thanks for pointing this out

@goshniiAI 28 күн бұрын

We appreciate the heads-up. How can we install a custom node into a virtual environment? a guide will be helpful.

@salmonskinlover2365 29 күн бұрын

I really wish "air gapped" or sandboxed support existed in Windows. A native Docker type system would be amazing where you could choose when to let it access the internet, certain files, etc. without the performance hit of running a full fledged virtual machine. It's not just a comfyui thing, it's just a computer thing that is only going to get worse I feel like. I do understand why ComfyUI is an issue though, the nature of the program, the nature of how nodes are run and how much they have access to, and the wide variance of its userbase is a deadly combo for sure.

@testales 27 күн бұрын

On Windows I'm using Sandboxie for browsers and mail clients for years now. Especially browsers are inherently unsecure and according tp all these "critical" bugfixes even after so many years of development there are still vulnerabilities now and then which may allow the installation of viruses.

@Larimuss 27 күн бұрын

Yup. This is why we need to move it all to docker. Pinokio and conda etc still have some access to system especially if run as admin.

@thenextension9160 28 күн бұрын

hey great topic here, i wish that there was a community validation program for 'certified' nodes

@CodeCraftersCorner 27 күн бұрын

It would be great to have a community validation program for custom nodes. It's a good idea.

@JustFor-dq5wc 28 күн бұрын

ComfyUI front end runs in web browser sandbox, but server runs outside chrome. Container like docker can isolate process. Not sure about performance cost considering CUDA drivers etc.

@moonliqht999 25 күн бұрын

I'm new to this whole ComfyUI thing, will it be safe to run flux.1 or stable diffusion on it?

@CodeCraftersCorner 24 күн бұрын

Hello, yes it is safe. Custom nodes by unverified developers are not recommended. As long as you don't download random workflows and blindly install all missing custom nodes, you should be good. Always check which missing custom nodes you are installing (the author, the github repo, number of stars...)

@moonliqht999 24 күн бұрын

@@CodeCraftersCorner Thank you for the reply. Also great video, keep up the amazing work.

@timothycook 28 күн бұрын

How big of a risk are random models/checkpoints like from Civitai?

@CodeCraftersCorner 28 күн бұрын

Safetensors file are usually safe to use. Below the download button, there is a verified tag. These ones should be good. If you find a new model which has not been verified yet, I do not recommend downloading just yet. Also, although safetensors are better than ckpt files, it's possible to have zero day exploitation. I will generally avoid downloading new models.

@yngeneer 29 күн бұрын

was the llm_vision the only case?

@dreamstate5047 29 күн бұрын

there can be more

@CodeCraftersCorner 28 күн бұрын

So far, only this and ultralytics which have been reported. There are so many custom nodes project on GitHub, many are not even in the Manager.

@dreamstate5047 28 күн бұрын

@@CodeCraftersCorner Gotta catch em all. 😏

@dreamstate5047 29 күн бұрын

Thank you so mch, we all have been haphazardly , moving to new workflows and nodes, not a single time , mind concludes that this could be virus too. Great video

@CodeCraftersCorner 28 күн бұрын

Thank you! Even I am guilty of downloading a workflow, go into the manager, install missing custom nodes and clicking on install all without checking which custom nodes are getting install.

@dreamstate5047 28 күн бұрын

@@CodeCraftersCorner Thank you for bringing light to This, important topic.

@DaveTheAIMad 28 күн бұрын

The video: Happy new year.... your favorite app may be stealing your information. Me: EEEEEK My knowledge of docker is limited, its used on my amp server for game servers. But in windows I do not know how to use it. That said I always believed that any virtualisation software runs slower than host software, when were using comfyui to the full (for way more than just image gen) that slow down could be very noticable as could any loss of vram access.

@CodeCraftersCorner 28 күн бұрын

Happy New Year! This is one of the disadvantage of virtualisation.