Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.basic.visual.misc > #293

Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory

From Deanna Earley <dee.earley@icode.co.uk>
Newsgroups comp.lang.basic.visual.misc
Subject Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory
Date 2011-06-23 17:57 +0100
Organization Aioe.org NNTP Server
Message-ID <itvr95$gmp$1@speranza.aioe.org> (permalink)
References <610447e9-a269-4e34-990a-3c179bea1c22@y19g2000prd.googlegroups.com> <ittt5e$hi7$1@dont-email.me> <iture7$uhl$1@speranza.aioe.org> <itves2$uc3$1@dont-email.me>

Show all headers | View raw

On 23/06/2011 14:28, Mayayana wrote:
> |>     I set up my installer to remove restrictions on the
> |>  program folder during install, so that I can avoid
> |>  the Vista/7 mess without creating any security risks.
> |
> | Erm... removing the restrictions on the installation folder is doing the
> | exact opposite and opening the system wide up.
> | It means that any infection or malicious user can spread to other
> | users/root the machine if spread to an admin user.
> |
>
>     I don't know what sort of scenarion you're talking about.
> An unhappy employee might decide to swap out your DLL
> so that next time your program calls that DLL it erases
> your hard disk? I guess that's possible, if one removes
> restrictions from the parent program folder.

Yes, that is exactly the scenario.

> In my case I'm only removing restrictions from subfolders where the
> program reads/writes settings and stored data.

That's not what you said:
> I set up my installer to remove restrictions on the program folder
> during install...

> The software is mainly aimed at people who own their PCs,
> who trust others using those PCs, and who are unlikely to
> be using per-user settings.

So Mum's account/business documents can be edited to include pictures of 
goats at will be her 6yo son? (along with many other situations)

Same PC does not imply same user or even imply trust to see/read 
everything they do.
Multiple users are set up for a reason.

> I also inform about the situation during install, so that a corporate
> Admin can change restrictions after install if they want to.

Things should be secure by default.
Having to make changes to be be secure lead to thousands of mail hosts 
with implicit trust being (ab)used as spam relays. And look at Win9x 
(enough said :)

> It's rather a strange world where people assume that the person
> using*any*  PC is a menace, while any software on that PC is assumed
> to be entirely trustworthy, enough so that it's allowed unfettered
> communication and downloading of files from online.

It's NOT trustworty, that's exactly why unauthorised access should not 
be allowed to anything that could affect anything else.

> You get all worked up about changing permissions
> on non-personal folders, but you have nothing to say about a much
> more serious issue here: an installed software program that is
> designed to update itself silently without asking...and all the implied
> security risks involved with that.

Yes, I did say something about it:
> You need to make your update process ask for elevation...

> Just because MS and Google do it, that doesn't make it right, or
> safe, or advisable in terms of system stability. How did we arrive at
> this bizarre situation where people think it's a good idea to have
> 30-odd programs on a PC -- including the OS itself -- that are all
> essentially betas on update drip-feeds?

I hate it when they do it too.

-- 
Dee Earley (dee.earley@icode.co.uk)
i-Catcher Development Team
http://www.icode.co.uk/icatcher/

iCode Systems

(Replies direct to my email address will be ignored.
Please reply to the group.)

Back to comp.lang.basic.visual.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

"Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Bill <bbuntain@gmail.com> - 2011-06-22 08:27 -0700
  Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Deanna Earley <dee.earley@icode.co.uk> - 2011-06-22 16:51 +0100
    Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Bill <bbuntain@gmail.com> - 2011-06-22 13:21 -0700
  Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Nobody" <trinity@nobody.com> - 2011-06-22 11:52 -0400
    Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Deanna Earley <dee.earley@icode.co.uk> - 2011-06-22 17:06 +0100
      Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Karl E. Peterson <karl@exmvps.org> - 2011-06-24 14:35 -0700
        Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Thorsten Albers" <gudea@gmx.de> - 2011-06-24 22:59 +0000
          Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Karl E. Peterson <karl@exmvps.org> - 2011-06-24 17:00 -0700
        Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Tony Toews <ttoews@telusplanet.net> - 2011-06-28 16:13 -0600
          Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Karl E. Peterson <karl@exmvps.org> - 2011-06-28 15:28 -0700
            Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Tony Toews <ttoews@telusplanet.net> - 2011-06-29 13:08 -0600
              Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Karl E. Peterson <karl@exmvps.org> - 2011-06-29 12:30 -0700
              Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Mayayana" <mayayana@invalid.nospam> - 2011-06-29 18:39 -0400
                Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Tony Toews <ttoews@telusplanet.net> - 2011-06-30 12:57 -0600
  Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory -mhd <not_real@invalid.com> - 2011-06-22 12:45 -0400
  Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Mayayana" <mayayana@invalid.nospam> - 2011-06-22 19:19 -0400
    Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Deanna Earley <dee.earley@icode.co.uk> - 2011-06-23 08:53 +0100
      Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Mayayana" <mayayana@invalid.nospam> - 2011-06-23 09:28 -0400
        Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Deanna Earley <dee.earley@icode.co.uk> - 2011-06-23 17:57 +0100
          Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Mayayana" <mayayana@invalid.nospam> - 2011-06-23 18:52 -0400
        Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Neila <david.marso@gmail.com> - 2011-06-24 05:47 -0700
    Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Bill <bbuntain@gmail.com> - 2011-06-23 12:23 -0700
  Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory "Nobody" <nobody@nobody.com> - 2011-06-22 20:22 -0400
    Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Bill <bbuntain@gmail.com> - 2011-06-23 12:17 -0700
      Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory ralph <nt_consulting64@yahoo.net> - 2011-06-23 20:41 -0500

csiph-web