republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » AVG updates grant full control to Everyone, changes owner?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
NIS update says AOL is an intruder »
« Firewall Settings for Actiontec Gateway DSL don't make sense  
AuthorAll Replies

psloss
Premium
join:2002-02-24
Alpharetta, GA

reply to redxii
Re: AVG updates grant full control to Everyone, changes owner?

said by redxii See Profile :

said by psloss See Profile :

Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days.
It's still an opportunity, and should be fixed.
Absolutely agree; however, given that they already have code that appears to add an Everyone/Full Control ACE to DACLs of updated or downloaded files, I'm not sure how sensitive they're going to be to privilege escalation. Or, how expeditiously this will get fixed.

Somewhat randomly, this reminds me of a recent blog post about how terminal session separation in Vista is going to cause some consternation for NAV. For what it's worth, AVG Free installed on the February Vista CTP...but both attempts I made to open the command center caused the OS to bugcheck. Going to be an interesting year to see what happens to this category of consumer software.

Hopefully this issue will gain some traction at Grisoft and maybe the changes to Windows will increase the importance of scouring kludges like this out of their code.
--
Feedback? e-mail: stuff@lupwa.org
to forum · permalink · · 2006-03-03 17:02:03 · Reply to this
Forums » Up and Running » Security » SecurityNIS update says AOL is an intruder »
« Firewall Settings for Actiontec Gateway DSL don't make sense  

Wednesday, 25-Nov 04:35:52 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [103] New AT&T Ad Campaign Hits Back At Verizon
· [85] New Bill Takes Aim At Higher Verizon ETFs
· [84] Apple Joins AT&T Verizon Snark Fest
· [40] In-Flight Internet Headed For Bumpy Landing?
· [32] Senators Want ACTA Made Public
· [30] Earthlink Suffers From Major E-mail Outage
· [30] AT&T Offers New Prepaid Wireless plans
· [28] Frontier Increases Modem Rental Fee
· [20] Despite Billions In USF Fees, U.S. Libraries Lack Bandwidth
· [16] Vivendi In Way Of Comcast's NBC Desires
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· [Rant] Damn Sermons through my speakers! [Rants, Raves, and Praise]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Mysterious $800 Cash Deposit? [General Questions]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· [App Update] TrueCrypt 6.3a [Security Product Vendors]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· Experience with Tranzeo WiMax 3.65GHZ? [Wireless Service Providers]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]