Did You Guys Hear...
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001But then, what would be a sensible alternative? I thought maybe parsing the imports table for harmful API calls,...but then you'd have to do a whole lot of work going down through the entire imports tree.
'--8<------------------------ Ex Datis: Duncan Jones Merrion Computing Ltd
-
This works in XP too - try making a copy of notepad.exe and call it install.exe. :rolleyes:
-
John Simmons / outlaw programmer wrote:
If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run.
Microsoft: "Boffo" added to the list :cool: Now anything with "boffo" in its name will require admin priveleges!
found at bash.org [kernx]|.|.|.|.|.|.|.| [kernx]sorry, wrong window [beox33]say me why in the f*ck will you type that in any window
brahmma wrote:
Now anything with "boffo" in its name will require admin priveleges!
Yes but it won't come out until the next operating system is released! :~ Boffo is safe for a few years at least. :laugh:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
So this isn't something new?
.net is a box of never ending treasures, every day I get find another gem.
norm .net wrote:
So this isn't something new?
So you believed the marketing hype that Vista was rewritten from the ground up to make it more secure. :rolleyes:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
No programming discussion in the lounge :p
found at bash.org [kernx]|.|.|.|.|.|.|.| [kernx]sorry, wrong window [beox33]say me why in the f*ck will you type that in any window
Oops !
Prasad MS MVP - VC++
-
So this isn't something new?
.net is a box of never ending treasures, every day I get find another gem.
norm .net wrote:
So this isn't something new?
No, XP employs the same "feature"
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Do you mean if I rename a normal exe file to install.exe then it will ask for admin rights to start?
According to what I've read, yes.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
Link please.
Deja View - the feeling that you've seen this post before.
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001This is a good idea. Honest developers don't need to do anything to their installer other than change the name to get elevated permissions. Spyware programs cannot run without confirmation from the operator. The only problem I can see is if your everyday application is called setup or install which would seem very unlikely. Read this[^] for more information.
AxisFirst For Business
-
This works in XP too - try making a copy of notepad.exe and call it install.exe. :rolleyes:
That didn't work. I copied notepad.exe to my desktop, ran it and closed, then renamed it, ran it and closed with no problems.
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^] -
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
That didn't work. I copied notepad.exe to my desktop, ran it and closed, then renamed it, ran it and closed with no problems.
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]You should try with a normal user account, not administrator.
________________________________________________ Personal Blog [ITA] - Tech Blog [ENG] - My Photos ScrewTurn Wiki 2.0.4
-
This is a good idea. Honest developers don't need to do anything to their installer other than change the name to get elevated permissions. Spyware programs cannot run without confirmation from the operator. The only problem I can see is if your everyday application is called setup or install which would seem very unlikely. Read this[^] for more information.
AxisFirst For Business
Steve Thresher wrote:
Honest developers
And the dishonest ones?
-
This is a good idea. Honest developers don't need to do anything to their installer other than change the name to get elevated permissions. Spyware programs cannot run without confirmation from the operator. The only problem I can see is if your everyday application is called setup or install which would seem very unlikely. Read this[^] for more information.
AxisFirst For Business
Steve Thresher wrote:
Spyware programs cannot run without confirmation from the operator
Unless they are named Boffo.exe! :rolleyes:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
This is a good idea. Honest developers don't need to do anything to their installer other than change the name to get elevated permissions. Spyware programs cannot run without confirmation from the operator. The only problem I can see is if your everyday application is called setup or install which would seem very unlikely. Read this[^] for more information.
AxisFirst For Business
I hope malware writers don't rename there files to something less suspecious , like say, cute.scr or something becose then it would go right past. Hope they all stay named, oh, virus_installer.exe or something.:wtf:
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001The alternative would have been for every installer to be modified to include an application manifest with admin privilege levels. Given that this would have been commercial suicide, MS took the safe option - no matter how bodgy it appears. Remember that if an app is deemed as requiring admin permissions and UAC is on you'll get a UAC prompt - the "installer" won't get those permissions automatically. So malware disguised as an installer still needs "some idiot" to press the big red button (which they probably will, but then some people can't be helped...) before it can do it's worst.
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
Steve Thresher wrote:
Spyware programs cannot run without confirmation from the operator
Unless they are named Boffo.exe! :rolleyes:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesIn which case they don't get admin privileges. As simple a thing as attempting to write to the Local Machine hive will result in E_ACCESS_DENIED. :)
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
You should try with a normal user account, not administrator.
________________________________________________ Personal Blog [ITA] - Tech Blog [ENG] - My Photos ScrewTurn Wiki 2.0.4
Trust me here at this place I do not have an administrator account.
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^] -
I hope malware writers don't rename there files to something less suspecious , like say, cute.scr or something becose then it would go right past. Hope they all stay named, oh, virus_installer.exe or something.:wtf:
Yes. The common name of the virus is included at the end. For example, a virus might be named something like INSTALL_VIRUS_W32.KWBOT.F.WORM.EXE That is the prescribed standard.
Nobody can give you wiser advice than yourself. - Cicero