Delphi Handbooks Collection


Delphi XE Handbook


Delphi 2010 Handbook


June 14, 2007

Vista and Non-Setup Programs

Vista has an interesting way to determine if a program is a setup program: the program name!

I'm quite busy, but couldn't resist posting this. Vista has an interesting way to determine if a program is a setup program: the program name! Of course, a program called setup.exe or install.exe is considered dangerous, so the operating system opens up a User Access Control window asking for confirmation: "An unauthorized program want to access your computer... " and the like. What's the point of the post? One of the key elements used to determine if a program is dangerous is its name. For example, suppose you have a program called Handset_Upper.exe. This works fine, no warning, no problem. Now you remove the undescore and the program is called HandsetUpper.exe, which is (I should underline) HandsetUpper.exe. Ouch! For Vista this is now a setup program: not only you get a warning before running it, but at the end it tells you installation might not have worked out! This is the screen shot:


Same exact executable, same folder, same everything but a different name and you get the standard behavior. Amusing, to say the least!





 

10 Comments

Vista and Non-Setup Programs 

http://www.microsoft.com/technet/technetmag/issues/200
7/06/UAC/default.aspx?loc=en 
Comment by Tired user on June 14, 21:27

Vista and Non-Setup Programs 

You got one thing wrong imho: Vista doesn't think the
program is dangerous and wants to warn you. If it
detects a setup, the UAC dialog comes to ask if you
want to start the program in question with
(additional) admin privileges.
Comment by Dennis [http://blog.gurock.com] on June 14, 21:51

Vista and Non-Setup Programs 

 This seems eminently sensible to me - it lets old, 
pre UAC apps install correctly under vista.

In fact, my wife came across one today.  An old win 
3.1 style installer for an app last released last 
year (hey, if it isn't broke, why fix it?).

Needless to say, weird things happened.  Actually, 
filesystem virtualization happened.  It thought it 
copied files, and when you reran the installer, it 
could see them, but nothing else could.

Change the name from MyAppInst.exe to setup.exe and 
suddenly the universe was happy.

Frankly, Setup in part of a name (computers don't 
read english) triggering UAC makes sense to me.  
Maybe an animated paperclip that pops up before hand 
saying "It looks like you are installing a program" 
was just too 1990ies to do.  

Maybe it SHOULD ask if it is a setup before throwing 
up the UAC, but people would probably treat that a 
lot like seeing the paperclip.  Either way, this 
automatic elevation dialog makes a lot of sense to me.
Comment by Xepol on June 14, 21:59

Vista and Non-Setup Programs 

I thought that Microsoft was improving security. But
please, indentification based on file name is
notoriously insecure. We would be better off without
such security meassures.
Comment by Iztok Kacin [] on June 14, 22:23

Vista and Non-Setup Programs 

 I'm surprised it didn't say:

Warning! This program does not appear to have been 
developed by Microsoft or an affiliate and is 
therefore not to be fully trusted. Are you sure you 
want to proceed with this installation? It could be 
damaging to your computer. Microsoft is not 
responsible for the consequences if you ignore this 
warning*.

* Note: Microsoft is not responsible if you don't 
ignore this warning either.
Comment by Joe H. on June 15, 00:10

Vista and Non-Setup Programs 

handSETUPper.exe...... Fantastic :-)
Just when you (Microsoft in this case) think you 
considered all there is to consider, someone comes up 
with something you've never thought of. Good find :-)
Comment by Giel on June 15, 01:24

Vista and Non-Setup Programs 

 Iztok Kacin -> THis isn't security through filename, 
but rather making it easier to elevate permissions 
when required for your average user.

This isn't like earlier versions of the MacOS where 
you could become administrator by setting an 
environment variable, this is just deciding to ask an 
extra question when it seems relevant to help the 
process along.

Why do so many people seem to have troubles grasping 
that simple point?
Comment by Xepol on June 15, 01:38

Vista and Non-Setup Programs 

 windows sucks , nicrosoft sucks .... 
very simple
Comment by hani safa on June 18, 15:24

Vista and Non-Setup Programs 

 This feature is totally unacceptable. We have an
application with "setup" in its name but it is not a
setup program. Our standard users cannot run it
without the administrator right but that is business
rules require. The only thing we can do is to remove
"setup" from the the program name but our software has
been using for years so that it is not practical to do
that. By the way, why Microsoft deprives the rights of
using "setup" from us?
Comment by GaryVic on October 20, 00:29

Vista and Non-Setup Programs 

 I found out that its not only "setup" word that is
taboo in Vista, "update" word does the same trick!!!

I wonder if there are other word?
Comment by Hemant Jangid [http://hardcoresoftware.wordpress.com/] on March 18, 15:23


Post Your Comment

Click here for posting your feedback to this blog.

There are currently 0 pending (unapproved) messages.