www.threatcode.com
"WE" push them. That's how it gets done.
Crawford, Scott wrote:
That is awesome. Now why can't all vendors do that? If they're gonna
write insecure apps, at least tell us how to minimize the risks. What's
the point in every customer figuring it out for themselves? That's a
lot more total time spent than if they'd just do it once.
What would be even better is if they'd get even more granular in their
permissions and deny access to .exe's and other potentially harmful
files. I'm sure users don't need full access to ALL files under Intuit.
This leaves the possibility open that a bad guy (process) could modify
QuickBooks.exe to attempt to load a keylogger. Next time an admin runs
that program, bye bye computer.
Oh well, better than nothing :)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Thursday, March 16, 2006 6:08 PM
To: [email protected]
Subject: [ActiveDir] OT: Hacking up QB to run under user rights (the
official Intuit answer)
Message: "User Access Rights Problem: Windows XP and Windows 2000 users
must have Power Users or Administrator group rights...":
http://www.quickbooks.com/support/faqs/qb2006/a4edfd81.html
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
