Did You Guys Hear...
-
John Simmons / outlaw programmer wrote:
If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run.
Microsoft: "Boffo" added to the list :cool: Now anything with "boffo" in its name will require admin priveleges!
found at bash.org [kernx]|.|.|.|.|.|.|.| [kernx]sorry, wrong window [beox33]say me why in the f*ck will you type that in any window
-
The alternative would have been for every installer to be modified to include an application manifest with admin privilege levels. Given that this would have been commercial suicide, MS took the safe option - no matter how bodgy it appears. Remember that if an app is deemed as requiring admin permissions and UAC is on you'll get a UAC prompt - the "installer" won't get those permissions automatically. So malware disguised as an installer still needs "some idiot" to press the big red button (which they probably will, but then some people can't be helped...) before it can do it's worst.
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
Anna-Jayne Metcalfe wrote:
an installer still needs "some idiot" to press the big red button
There is no shortage of those.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
I hope malware writers don't rename there files to something less suspecious , like say, cute.scr or something becose then it would go right past. Hope they all stay named, oh, virus_installer.exe or something.:wtf:
You're an idiot. See Anna-Jayne's replies.
AxisFirst For Business
-
This works in XP too - try making a copy of notepad.exe and call it install.exe. :rolleyes:
I remember seeing this behavior on XP years back. I was too lazy to log out (I'm a local admin) and check as I was having a lot of apps running, and went down to play TT. :->
Cheers, Vikram.
"But nowadays, it means nothing. Features are never frozen, development keeps happening, bugs never get fixed, and documentation is something you might find on wikipedia." - Marc Clifton on betas.
Join the CP group at NationStates. Password:
byalmightybob -
I hope malware writers don't rename there files to something less suspecious , like say, cute.scr or something becose then it would go right past. Hope they all stay named, oh, virus_installer.exe or something.:wtf:
I find it incredible that you've got two 5 votes. It's normal programs called "Setup.exe" or "Install.exe" that require admin privileges, not the other way round. Unless, of course, that was sarcasm.
Cheers, Vikram.
"But nowadays, it means nothing. Features are never frozen, development keeps happening, bugs never get fixed, and documentation is something you might find on wikipedia." - Marc Clifton on betas.
Join the CP group at NationStates. Password:
byalmightybob -
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001This is intended as a compatibility feature. Most legacy installers don't work right if they run under the low-privileged rights of a non-elevated administrator. Therefore there are a number of heuristics to detect installers and force elevation if an installer program is detected. If you run with UAC enabled, you get a UAC prompt before the elevation can occur. (If you're running as a standard user, you will get the over-the-shoulder password prompt instead). If you run with UAC disabled, and you log in as an administrator, or you log in as the
Administratoraccount with UAC enabled, all code is running with administrative rights and privileges anyway. If you're writing code that targets Windows Vista you should include a manifest which declares what your program actually does. This suppresses all the legacy detection, including this, and registry and file system redirection.Stability. What an interesting concept. -- Chris Maunder
-
In which case they don't get admin privileges. As simple a thing as attempting to write to the Local Machine hive will result in E_ACCESS_DENIED. :)
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
No manifest, so it'll get redirected if it writes to HKLM\Software rather than ERROR_ACCESS_DENIED. If you include a Vista UAC manifest, the installer detection does not occur and the elevation will depend on what you put in your manifest. asInvoker - never prompts highestAvailable - asks administrators to elevate but doesn't do an over-the-shoulder (OTS) prompt for standard users, just runs low-privileged requireAdministrator - prompts administrators to confirm, OTS prompt for standard users Those are the defaults - an administrator can change whether admins see the confirm or OTS prompt, and whether standard users see the OTS prompt or it simply fails to run.
Stability. What an interesting concept. -- Chris Maunder
-
No manifest, so it'll get redirected if it writes to HKLM\Software rather than ERROR_ACCESS_DENIED. If you include a Vista UAC manifest, the installer detection does not occur and the elevation will depend on what you put in your manifest. asInvoker - never prompts highestAvailable - asks administrators to elevate but doesn't do an over-the-shoulder (OTS) prompt for standard users, just runs low-privileged requireAdministrator - prompts administrators to confirm, OTS prompt for standard users Those are the defaults - an administrator can change whether admins see the confirm or OTS prompt, and whether standard users see the OTS prompt or it simply fails to run.
Stability. What an interesting concept. -- Chris Maunder
My mistake. :-O Either way, it won't be able to gain admin access.
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
Anna-Jayne Metcalfe wrote:
an installer still needs "some idiot" to press the big red button
There is no shortage of those.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001On that we're agreed. :doh:
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001Hi John. You'll also run into this if the file is called Setup.exe. Plus, after closing the app, Vista will display a message stating that something went wrong with the install if it's not really an installer. I have found a work around. If you embed the following "trust info" into the EXE's manifest file, it will no longer require admin rights. Nor will it report that the installation failed either.
<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly> -
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001Just thought about an exe : "GetDownToDiskAndDestroy.exe". Vista must be saying a "welcome":sigh:
Press: 1500 to 2,200 messages in just 6 days? How's that possible sir? **Dr.Brad :**Well,I just replied to everything Graus did and then argued with Negus for a bit.
-
I find it incredible that you've got two 5 votes. It's normal programs called "Setup.exe" or "Install.exe" that require admin privileges, not the other way round. Unless, of course, that was sarcasm.
Cheers, Vikram.
"But nowadays, it means nothing. Features are never frozen, development keeps happening, bugs never get fixed, and documentation is something you might find on wikipedia." - Marc Clifton on betas.
Join the CP group at NationStates. Password:
byalmightybobVikram A Punathambekar wrote:
Unless, of course, that was sarcasm.
Kind of obvious, I felt.
Nobody can give you wiser advice than yourself. - Cicero
-
brahmma wrote:
That is the prescribed standard.
last i heard, the ISO was still debating this. there was a big disagreement over backwards compatibility with 8.3 systems. but, IMO, that needs to be split into a separate standard.
image processing toolkits | batch image processing | blogging
Chris Losinger wrote:
last i heard, the ISO was still debating this. there was a big disagreement over backwards compatibility with 8.3 systems. but, IMO, that needs to be split into a separate standard.
Whomever you've heard it from, you've heard it right. The debate is still going on. I think that is one hell of a reason for Microsoft to make such a [drumroll] brilliant move. [/drumroll]
Nobody can give you wiser advice than yourself. - Cicero
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001Oh you have GOT to be kidding me... That's about as bad as determining which program to run based on the file extension. :rolleyes:
------------ Cheers, Patrick
-
Trust me here at this place I do not have an administrator account.
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]I bet you do. My user account on my work machine is not the Administrator account nor was it created when the machine was first configured, but the IT guys saw fit to include it in the Admin group and give it Admin privileges (guess they figured it'd be stupid to need to come downstairs everytime I wanted to install an SDK!).
------------ Cheers, Patrick
-
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001(too lazy to read the whole thread)
John Simmons / outlaw programmer wrote:
Microsoft claims it was a method for preventing malware to run
Well, UAC as a whole gives you that benefit, but this heuristic is unrelated to malware, it's there so that older installers written before Vista shipped will continue to work. Such an installer will not have a UAC manifest, so the user normally wouldn't be prompted to elevate, which would make the install fail. Vista looks for "install", "setup", and some other keywords in the file name and the version resource to tell if it's an installer. If so, Vista will automatically try to run the EXE elevated.
John Simmons / outlaw programmer wrote:
If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run.
Not exactly. Vista just won't automatically try to run it elevated. If you run Boffo.exe, and it's a malware installer, the install will fail because it's not running elevated. This is precisely the case that UAC was written for - you can use the "administrator" account but you won't accidentally hose your system by running some random EXE.
--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ Ford, what's this fish doing in my ear?
-
I bet you do. My user account on my work machine is not the Administrator account nor was it created when the machine was first configured, but the IT guys saw fit to include it in the Admin group and give it Admin privileges (guess they figured it'd be stupid to need to come downstairs everytime I wanted to install an SDK!).
------------ Cheers, Patrick
Patrick Sears wrote:
I bet you do.
:laugh::laugh::laugh::laugh: Nope, listen to this. If I create an app. or plug-in for some app. and if at any point those apps. try to touch the Reg. I screwed. I have to call them, let them know what I am doing and why, and then the we change the Admin password on my machine temporarily. That way I can VS2005 under the Admin. user and that is only when I am debugging.:sigh: Some days I feel like I have been beat and interrogated.:~ You know how when some VNCs into your computer the cursor will move around just a bit.:suss: it happens
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^] -
...that Vista determines what apps should be run with admin privileges based on the name of the executable? If the name of your exe includes "Install", Vista will require admin rights for it to run. If you simple change the name of the exe to something like "Boffo", it will NOT require admin rights to run. Microsoft claims it was a method for preventing malware to run, but now that the malware authors know about it, I guess it's been reduced to yet another pointless "security" feature. Way to go, MS!
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001It is not a new security measure, it is an old convienience to pre-warn you that the application will likely require admin privileges so it tries to get them up front. If it isn't called *Install* and it still requires admin rights, you wil either be promoted for them or if the installer is badly writted it would fail silently. You are talking as if it will automatically grant your application admin privileges, which it will not unless you grant them.
Ðavid Wulff What kind of music should programmers listen to?
Join the Code Project Last.fm group | dwulff
I'm so gangsta I eat cereal without the milk