Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!goblin2!goblin.stu.neva.ru!feeder1.cambriumusenet.nl!feed.tweaknews.nl!postnews.google.com!e7g2000vbw.googlegroups.com!not-for-mail From: Neila Newsgroups: comp.lang.basic.visual.misc Subject: Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Date: Fri, 24 Jun 2011 05:47:55 -0700 (PDT) Organization: http://groups.google.com Lines: 63 Message-ID: <2549c8a6-d233-48d3-a5d6-bcff4bec7678@e7g2000vbw.googlegroups.com> References: <610447e9-a269-4e34-990a-3c179bea1c22@y19g2000prd.googlegroups.com> NNTP-Posting-Host: 71.225.119.222 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1308920146 14178 127.0.0.1 (24 Jun 2011 12:55:46 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 24 Jun 2011 12:55:46 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: e7g2000vbw.googlegroups.com; posting-host=71.225.119.222; posting-account=y0XsTwkAAAB1yV2M40gPznyEIjOpwcid User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-Header-Order: HUALESNKRC X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:2.0.1) Gecko/20100101 Firefox/4.0.1,gzip(gfe) Xref: x330-a1.tempe.blueboxinc.net comp.lang.basic.visual.misc:298 "How did we arrive at this bizarre situation where people think it's a good idea to have 30-odd programs on a PC -- including the OS itself -- that are all essentially betas on update drip-feeds?" LMAO!! Thanks for the chuckle (and the coffee on my screen ;-) --- On Jun 23, 9:28=A0am, "Mayayana" wrote: > -- > | > =A0 =A0I set up my installer to remove restrictions on the > | > program folder during install, so that I can avoid > | > the Vista/7 mess without creating any security risks. > | > | Erm... removing the restrictions on the installation folder is doing th= e > | exact opposite and opening the system wide up. > | It means that any infection or malicious user can spread to other > | users/root the machine if spread to an admin user. > | > > =A0 =A0I don't know what sort of scenarion you're talking about. > An unhappy employee might decide to swap out your DLL > so that next time your program calls that DLL it erases > your hard disk? I guess that's possible, if one removes > restrictions from the parent program folder. Of course, > that person might also take a hammer to the PC when > no one is looking. (Hopefully no one here is shipping > hammers with their software.) > > =A0 =A0In my case I'm only removing restrictions from subfolders > where the program reads/writes settings and stored data. > The software is mainly aimed at people who own their PCs, > who trust others using those PCs, and who are unlikely to > be using per-user settings. I also inform about the situation > during install, so that a corporate Admin can change restrictions > after install if they want to. > > =A0 It wasn't clear what Bill wants to update. If it includes > executables and the PC user is a restricted corporate > employee who's not supposed to be able to do anything but > write Word docs and save them to a personal folder then I'd > agree with your first post -- non-admins shouldn't be able > to do such updating. > > | The whole reason they are read only is so that infections and > | stupid/malicious users are mitigated against. > | > > =A0 =A0Yes. There's certainly a time and a place for that. But you're > applying a principle out of context. ... It's rather a strange world > where people assume that the person using *any* PC is a menace, > while any software on that PC is assumed to be entirely trustworthy, > enough so that it's allowed unfettered communication and downloading > of files from online. You get all worked up about changing permissions > on non-personal folders, but you have nothing to say about a much > more serious issue here: an installed software program that is > designed to update itself silently without asking...and all the implied > security risks involved with that. Just because MS > and Google do it, that doesn't make it right, or safe, or advisable in > terms of system stability. How did we arrive at this bizarre situation > where people think it's a good idea to have 30-odd programs on a > PC -- including the OS itself -- that are all essentially betas on update > drip-feeds?