| reply to hpguru
Re: AVG updates grant full control to Everyone, changes owner? said by hpguru:On second thought, Avast! may have the same issue but I couldn't say it changes the default permissions since I have it installed in a folder on another partition with custome perms. It did however change the perms for the subfolders under D:\Program Files\Alwil Software\Avast4\DATA giving Everyone full control. Avast DOES have the same issue. All of the contents below the avast program folder are given a custom ACL that gives "builtin\everyone" full control. A piece of malware could *easily* hijack a computer running avast regardless of the permission level of the user.
--
Have problems running your Windows box as a limited user?
Try this...»home.toadlife.net/winsudo |
|
 hpguruCurb Your DogmaPremium
join:2002-04-12 | said by asdfghjklzx5:Avast DOES have the same issue. All of the contents below the avast program folder are given a custom ACL that gives "builtin\everyone" full control. A piece of malware could *easily* hijack a computer running avast regardless of the permission level of the user. Which version? Pro or Home? I have the home version here and I don't see that. The effected files and folders are below the DATA and Setup folders which I forgot to mention above. That doesn't make it any less a problem however since the virus definitions are in the Setup folder.
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding. |
|
|
|
| said by hpguru:said by asdfghjklzx5:Avast DOES have the same issue. All of the contents below the avast program folder are given a custom ACL that gives "builtin\everyone" full control. A piece of malware could *easily* hijack a computer running avast regardless of the permission level of the user. Which version? Pro or Home? I have the home version here and I don't see that. The effected files and folders are below the DATA and Setup folders which I forgot to mention above. That doesn't make it any less a problem however since the virus definitions are in the Setup folder. The Home Version.
Right click on one of the executable files like "ashServe.exe" or "aswUpdSv.exe", both which run under system permissions as services, and check the perms.
I'm pretty sure I never messed with the permission in that folder. Uninstalling, nuking the program folder, and reinstalling would verify that the installer actually does modify permissions.
--
Have problems running your Windows box as a limited user?
Try this...»home.toadlife.net/winsudo |
|
 redxiiPremium,Mod
join:2001-02-26
Sherwood, MI
 ·Clear Wireless
 ·Suddenlink
·Sprint Mobile Br..
Host:
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
AOL Broadband
2 edits | Avast does it right off the bat! Immediately after installing.
The Program Files pic doesn't display the whole thing, but you get the picture...
--
"Open Source" == "Close Minded" Dig into Windows 2000 & XP. |
|
| said by redxii:Avast does it right off the bat! Immediately after installing. The Program Files pic doesn't display the whole thing, but you get the picture... The sad part about it, is that it doesn't seem to be necessarily at all. I opened up explorer as admin, reset the permissions from the top, so that users could only read, and I was still able to initiate an update session with my user account, and change some settings.
--
Have problems running your Windows box as a limited user?
Try this...»home.toadlife.net/winsudo |
|
pslossPremium
join:2002-02-24
Alpharetta, GA
1 edit | I'm five hours behind you (well, on this...it's probably worse in other areas). Just looking at the "live" and autostart "stuff," the startup scanner (aswboot.exe) and the screensaver jumped out as having the Everyone/Full Control ACE.
Have to go back and check AVG, but the DACLs that Avast is setting are weird -- the Everyone/Full Control ACE is flagged as inherited from the parent object (the containing directory), but it's not immediately obvious where it's inherited from. In the screenshot, you can see where the other ACEs are inherited from, but not the one that came from Avast (it says "Parent Object", which I infer to mean that even the OS is confused).
This sure gives you the warm fuzzies, doesn't it?
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
|
|
hpguruCurb Your DogmaPremium
join:2002-04-12 | reply to asdfghjklzx5
ashServ.exe perms |
said by user=toadlife :
The Home Version.
Right click on one of the executable files like "ashServe.exe" or "aswUpdSv.exe", both which run under system permissions as services, and check the perms.
Not the case here. The screen cap shows the perms which ashserv.exe has inherited from its parent folder. AswUpdSv.exe inherits the same perms. The only files in this folder which are not inheriting perms are those I mentioned above.
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding. |
|
| reply to psloss
said by psloss:In the screenshot, you can see where the other ACEs are inherited from, but not the one that came from Avast (it says "Parent Object", which I infer to mean that even the OS is confused). Actually, this happens when file permission are set using the command-line cacls.exe utility. I use cacls.exe at work to set custom perms for legacy programs, and this weird "bogus inheritance flag" happens every time I use it. I just passed it off as a strange bug, and though nothing more of it, as it didn't hinder the effectiveness of cacls.exe.
--
Have problems running your Windows box as a limited user?
Try this...»home.toadlife.net/winsudo |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | said by asdfghjklzx5:Actually, this happens when file permission are set using the command-line cacls.exe utility. I use cacls.exe at work to set custom perms for legacy programs, and this weird "bogus inheritance flag" happens every time I use it. I just passed it off as a strange bug, and though nothing more of it, as it didn't hinder the effectiveness of cacls.exe. Wasn't aware of that with CACLS, thanks for pointing that out. It certainly doesn't change the effectiveness of the ACE to have an inherited flag from nowhere. I didn't see anywhere in CACLS to reset inheritance -- are you aware of how to do that with the utility?
Thanks,
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org |
|
| said by psloss:It certainly doesn't change the effectiveness of the ACE to have an inherited flag from nowhere. I didn't see anywhere in CACLS to reset inheritance -- are you aware of how to do that with the utility? Thanks, Philip Sloss No. AFAIK, calcs.exe can't reset inheritance. There are some other annoyances with cacls.exe. Microsoft really didn't do a very good job with it.
--
Have problems running your Windows box as a limited user?
Try this...»home.toadlife.net/winsudo |
|
