how-to block ads
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| Re: AVG updates grant full control to Everyone, changes owner? said by psloss  :Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days. It's still an opportunity, and should be fixed. | |
|  psloss
Premium
join:2002-02-24
Alpharetta, GA
| Re: AVG updates grant full control to Everyone, changes owner? said by redxii :said by psloss :Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days. It's still an opportunity, and should be fixed. Absolutely agree; however, given that they already have code that appears to add an Everyone/Full Control ACE to DACLs of updated or downloaded files, I'm not sure how sensitive they're going to be to privilege escalation. Or, how expeditiously this will get fixed.
Somewhat randomly, this reminds me of a recent blog post about how terminal session separation in Vista is going to cause some consternation for NAV. For what it's worth, AVG Free installed on the February Vista CTP...but both attempts I made to open the command center caused the OS to bugcheck. Going to be an interesting year to see what happens to this category of consumer software.
Hopefully this issue will gain some traction at Grisoft and maybe the changes to Windows will increase the importance of scouring kludges like this out of their code.
--
Feedback? e-mail: stuff@lupwa.org | |
| Libra
Premium
join:2003-08-06
USA
| Hi RedXII1234,
I'm not comfortable going into safe mode to look at those permissions, but I have AVG7.1 free on my daughter's computer and one time, in a limited account, I tried to delete a WMF test item from the vault, and I wasn't able to. I also tried to change the results of a scan to accept an item "changed", and I couldn't do that either. Based on that I didn't think the limited user had rights. When I tried to make one of those changes I got this error in the Event Viewer:
Source: AVG
Category: error
Event ID # 100
AVG7.CC plugins.CPluginManager action running failed. Error 0x80004004.
Is there a way for you to get this information to Grisoft? I don't think he visits the AVG forum.
Sincerely, Libra
| |
| |
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| Re: AVG updates grant full control to Everyone, changes owner? In a command prompt: cacls <filenameordirectory>
I am probably falling on deaf ears unless I were a paying customer... In the mean time, thinking about all those other AVG users who even if they are limited users have absolutely no idea... | |
| | | Libra
Premium
join:2003-08-06
USA
| Re: AVG updates grant full control to Everyone, changes owner? said by redxii :In a command prompt: cacls <filenameordirectory> I don't think I can do cacls on XP Home (but I haven't tried).
Should we be changing to a different AV?
Sincerely, Libra | |
| | | |
|
