Something you should reflect regarding finishing setup programs

Posted: 01-19-2008, 10:27 AM
Hey all,

just installed the latest version of Winamp (the old ones have a serious bug
in streaming that will allow to attack the machine - go for the latest
version or remove).
So also installed it on my sons machine (Vista). He is certainly not
Administrator and UAC is certainly active. Started setup, get the credUI as
expected, entered admin credentials, setup works fine.
But now there is this last page with a checked checkbox "Run Winamp now on
Exit" (yes - AOL WANTS you to run this program...).
OK - here is where the problem starts. What security context will actually
lauch Winamp when i click the "Finish" button?? Think once, think twice....
AAAAHHHH the security of the admin that executed the setup, as all processes
spawned from this security context will inherit it's security context -
which is a fully elevated real administrator security context.
If you leave this option checked then you will hand over a admin context to
a non admin user and he/she/it/mixed will be able to do whatever the program
will allow him to do - ACCCESS ALL AREAS.
So what can we do about this?
- Take away the check certainly - it's easy, it works, you forget it sooner
or later (or if you have not read this you will not even know it)
- Give those people that create setup programs feedback that in the days of
UAC such an option is not what we want
- @MS: if you detect a setup program and automatically ask the user to run
int elevated check after the setup finished that there are no more processes
active that have been spawned from the setup process or one of it's child
processes. In case that such a process is still running a) kill it silently,
b) tell the user c) write a log to the security event log d) let Steve
Ballmer talk to the company who created the setup ;-) (option d can be
combined with a) to c)

Certainly all "First run..." activities will also be executed in the admin
context. And I think even the authors of the setup do not want to
personlaize the administrators account but the real user account.

Hope this post will help you to have a more secure Windows experience.

Hansjörg


Something you should reflect regarding finishing setup programs


Responses to "Something you should reflect regarding finishing setup programs"

GSi-R
Guest
Posts: n/a
 
Re: Something you should reflect regarding finishing setup programs
Posted: 01-19-2008, 11:53 AM

Thanks for that. After reading above, i opened my WINAMP to be greeted
with a security update, which i have downloaded. I now have WINAMP 5.52

Thanks again


--
GSi-R
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Digital Image Library 10 - folders don't reflect read file structu Expat Windows XP Photos 3 08-30-2005 05:02 PM
Trouble with Finishing movie TOM ALLEN Windows XP Movie Maker 4 07-08-2005 07:22 PM
My Computer does reflect correct space on harddrive James Windows XP Hardware 1 10-05-2003 10:36 PM
XP upgrade not finishing Nick Windows XP Setup 1 09-17-2003 07:30 PM
Auto type finishing. Chaz Customize Windows XP 2 08-14-2003 07:06 AM