Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!.POSTED!not-for-mail From: Deanna Earley Newsgroups: comp.lang.basic.visual.misc Subject: Re: "Run-time error 75" updating program in Vista/Windows 7 Program Files (x86) directory Date: Thu, 23 Jun 2011 17:57:12 +0100 Organization: Aioe.org NNTP Server Lines: 79 Message-ID: References: <610447e9-a269-4e34-990a-3c179bea1c22@y19g2000prd.googlegroups.com> NNTP-Posting-Host: rjApkXnSOjrT83QpZ8fKqg.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 X-Notice: Filtered by postfilter v. 0.8.2 Xref: x330-a1.tempe.blueboxinc.net comp.lang.basic.visual.misc:293 On 23/06/2011 14:28, Mayayana wrote: > |> I set up my installer to remove restrictions on the > |> program folder during install, so that I can avoid > |> the Vista/7 mess without creating any security risks. > | > | Erm... removing the restrictions on the installation folder is doing the > | exact opposite and opening the system wide up. > | It means that any infection or malicious user can spread to other > | users/root the machine if spread to an admin user. > | > > I don't know what sort of scenarion you're talking about. > An unhappy employee might decide to swap out your DLL > so that next time your program calls that DLL it erases > your hard disk? I guess that's possible, if one removes > restrictions from the parent program folder. Yes, that is exactly the scenario. > In my case I'm only removing restrictions from subfolders where the > program reads/writes settings and stored data. That's not what you said: > I set up my installer to remove restrictions on the program folder > during install... > The software is mainly aimed at people who own their PCs, > who trust others using those PCs, and who are unlikely to > be using per-user settings. So Mum's account/business documents can be edited to include pictures of goats at will be her 6yo son? (along with many other situations) Same PC does not imply same user or even imply trust to see/read everything they do. Multiple users are set up for a reason. > I also inform about the situation during install, so that a corporate > Admin can change restrictions after install if they want to. Things should be secure by default. Having to make changes to be be secure lead to thousands of mail hosts with implicit trust being (ab)used as spam relays. And look at Win9x (enough said :) > It's rather a strange world where people assume that the person > using*any* PC is a menace, while any software on that PC is assumed > to be entirely trustworthy, enough so that it's allowed unfettered > communication and downloading of files from online. It's NOT trustworty, that's exactly why unauthorised access should not be allowed to anything that could affect anything else. > You get all worked up about changing permissions > on non-personal folders, but you have nothing to say about a much > more serious issue here: an installed software program that is > designed to update itself silently without asking...and all the implied > security risks involved with that. Yes, I did say something about it: > You need to make your update process ask for elevation... > Just because MS and Google do it, that doesn't make it right, or > safe, or advisable in terms of system stability. How did we arrive at > this bizarre situation where people think it's a good idea to have > 30-odd programs on a PC -- including the OS itself -- that are all > essentially betas on update drip-feeds? I hate it when they do it too. -- Dee Earley (dee.earley@icode.co.uk) i-Catcher Development Team http://www.icode.co.uk/icatcher/ iCode Systems (Replies direct to my email address will be ignored. Please reply to the group.)