June 14, 2007
Vista has an interesting way to determine if a program is a setup program: the program name!
I'm quite busy, but couldn't resist posting this. Vista has an interesting way to determine if a program is a setup program: the program name! Of course, a program called setup.exe or install.exe is considered dangerous, so the operating system opens up a User Access Control window asking for confirmation: "An unauthorized program want to access your computer... " and the like. What's the point of the post? One of the key elements used to determine if a program is dangerous is its name. For example, suppose you have a program called Handset_Upper.exe. This works fine, no warning, no problem. Now you remove the undescore and the program is called HandsetUpper.exe, which is (I should underline) HandsetUpper.exe. Ouch! For Vista this is now a setup program: not only you get a warning before running it, but at the end it tells you installation might not have worked out! This is the screen shot:
Same exact executable, same folder, same everything but a different name and you get the standard behavior. Amusing, to say the least!
posted by
marcocantu @ 6:43PM | 10 Comments
[0 Pending]
10 Comments
Vista and Non-Setup Programs
http://www.microsoft.com/technet/technetmag/issues/200
7/06/UAC/default.aspx?loc=en
Comment by Tired user on June 14, 21:27
Vista and Non-Setup Programs
You got one thing wrong imho: Vista doesn't think the
program is dangerous and wants to warn you. If it
detects a setup, the UAC dialog comes to ask if you
want to start the program in question with
(additional) admin privileges.
Comment by Dennis
[http://blog.gurock.com]
on June 14, 21:51
Vista and Non-Setup Programs
This seems eminently sensible to me - it lets old,
pre UAC apps install correctly under vista.
In fact, my wife came across one today. An old win
3.1 style installer for an app last released last
year (hey, if it isn't broke, why fix it?).
Needless to say, weird things happened. Actually,
filesystem virtualization happened. It thought it
copied files, and when you reran the installer, it
could see them, but nothing else could.
Change the name from MyAppInst.exe to setup.exe and
suddenly the universe was happy.
Frankly, Setup in part of a name (computers don't
read english) triggering UAC makes sense to me.
Maybe an animated paperclip that pops up before hand
saying "It looks like you are installing a program"
was just too 1990ies to do.
Maybe it SHOULD ask if it is a setup before throwing
up the UAC, but people would probably treat that a
lot like seeing the paperclip. Either way, this
automatic elevation dialog makes a lot of sense to me.
Comment by Xepol on June 14, 21:59
Vista and Non-Setup Programs
I thought that Microsoft was improving security. But
please, indentification based on file name is
notoriously insecure. We would be better off without
such security meassures.
Comment by Iztok Kacin
[]
on June 14, 22:23
Vista and Non-Setup Programs
I'm surprised it didn't say:
Warning! This program does not appear to have been
developed by Microsoft or an affiliate and is
therefore not to be fully trusted. Are you sure you
want to proceed with this installation? It could be
damaging to your computer. Microsoft is not
responsible for the consequences if you ignore this
warning*.
* Note: Microsoft is not responsible if you don't
ignore this warning either.
Comment by Joe H. on June 15, 00:10
Vista and Non-Setup Programs
handSETUPper.exe...... Fantastic :-)
Just when you (Microsoft in this case) think you
considered all there is to consider, someone comes up
with something you've never thought of. Good find :-)
Comment by Giel on June 15, 01:24
Vista and Non-Setup Programs
Iztok Kacin -> THis isn't security through filename,
but rather making it easier to elevate permissions
when required for your average user.
This isn't like earlier versions of the MacOS where
you could become administrator by setting an
environment variable, this is just deciding to ask an
extra question when it seems relevant to help the
process along.
Why do so many people seem to have troubles grasping
that simple point?
Comment by Xepol on June 15, 01:38
Vista and Non-Setup Programs
windows sucks , nicrosoft sucks ....
very simple
Comment by hani safa on June 18, 15:24
Vista and Non-Setup Programs
This feature is totally unacceptable. We have an
application with "setup" in its name but it is not a
setup program. Our standard users cannot run it
without the administrator right but that is business
rules require. The only thing we can do is to remove
"setup" from the the program name but our software has
been using for years so that it is not practical to do
that. By the way, why Microsoft deprives the rights of
using "setup" from us?
Comment by GaryVic on October 20, 00:29
Vista and Non-Setup Programs
I found out that its not only "setup" word that is
taboo in Vista, "update" word does the same trick!!!
I wonder if there are other word?
Comment by Hemant Jangid
[http://hardcoresoftware.wordpress.com/]
on March 18, 15:23
Post Your Comment
Click
here for posting
your feedback to this blog.
There are currently 0 pending (unapproved) messages.
