Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: "Mayayana" Newsgroups: comp.lang.basic.visual.misc Subject: Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Date: Thu, 23 Jun 2011 09:28:14 -0400 Organization: A noiseless patient Spider Lines: 58 Message-ID: References: <610447e9-a269-4e34-990a-3c179bea1c22@y19g2000prd.googlegroups.com> Injection-Date: Thu, 23 Jun 2011 13:25:22 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="hA0LZgtsTmFlvERssm/+Tg"; logging-data="31107"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19k7luckri6UwYie+XVe5qcR9kVwAE8Zog=" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-Newsreader: Microsoft Outlook Express 6.00.2900.5512 Cancel-Lock: sha1:mTWTu6hFpagvGX6tY0O59Ub34mo= X-Priority: 3 X-MSMail-Priority: Normal Xref: x330-a1.tempe.blueboxinc.net comp.lang.basic.visual.misc:292 -- | > I set up my installer to remove restrictions on the | > program folder during install, so that I can avoid | > the Vista/7 mess without creating any security risks. | | Erm... removing the restrictions on the installation folder is doing the | exact opposite and opening the system wide up. | It means that any infection or malicious user can spread to other | users/root the machine if spread to an admin user. | I don't know what sort of scenarion you're talking about. An unhappy employee might decide to swap out your DLL so that next time your program calls that DLL it erases your hard disk? I guess that's possible, if one removes restrictions from the parent program folder. Of course, that person might also take a hammer to the PC when no one is looking. (Hopefully no one here is shipping hammers with their software.) In my case I'm only removing restrictions from subfolders where the program reads/writes settings and stored data. The software is mainly aimed at people who own their PCs, who trust others using those PCs, and who are unlikely to be using per-user settings. I also inform about the situation during install, so that a corporate Admin can change restrictions after install if they want to. It wasn't clear what Bill wants to update. If it includes executables and the PC user is a restricted corporate employee who's not supposed to be able to do anything but write Word docs and save them to a personal folder then I'd agree with your first post -- non-admins shouldn't be able to do such updating. | The whole reason they are read only is so that infections and | stupid/malicious users are mitigated against. | Yes. There's certainly a time and a place for that. But you're applying a principle out of context. ... It's rather a strange world where people assume that the person using *any* PC is a menace, while any software on that PC is assumed to be entirely trustworthy, enough so that it's allowed unfettered communication and downloading of files from online. You get all worked up about changing permissions on non-personal folders, but you have nothing to say about a much more serious issue here: an installed software program that is designed to update itself silently without asking...and all the implied security risks involved with that. Just because MS and Google do it, that doesn't make it right, or safe, or advisable in terms of system stability. How did we arrive at this bizarre situation where people think it's a good idea to have 30-odd programs on a PC -- including the OS itself -- that are all essentially betas on update drip-feeds?