Actually "Vista" is supposed to make things better. It provides "partial re-direction" for system folders and registry so applications "think" they are writing to system areas, when in fact they are not. I am not sure how well this will work in practise, as I have not tried it....
________________________________ From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Mon 18/09/2006 19:56 To: [email protected] Subject: Re: [ActiveDir] OT: Protecting against Spyware/Adware "We" need to ask the vendor to step up to the plate. (have I said I'm big at tilting at windmills?). "We" made Microsoft care about security.... it's the rest of our vendors turn now. Because Vista is more locked down...it will make it worse for the vendors... better for us is what I meant. Crawford, Scott wrote: > We have to let them though because in many cases there are no > alternatives and there are not enough alternatives because nobody is > even asking for them. Case in point is the Dept. of Ed. software I > mentioned below. There's not a big market for alternate free DoE > software. We're effectively mandated by law to make our systems > insecure. > > I'm not sure why you think Vista will make things worse. Things are > already an awful mess, so I don't see how they could get worse. On the > contrary, I think Vista, with it's alternate default user perms will > start to generate some outcry from other, less cluefull users to the > vendors. In any case, the virtualized file/registry writes will make > tweaking perms less necessary. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Monday, September 18, 2006 10:20 AM > To: [email protected] > Subject: Re: [ActiveDir] OT: Protecting against Spyware/Adware > > If the vendor supported the "Designed for Windows XP" logo they would > support non admin. > > The reality is that these vendors can code in a Win98 world because "we" > > the buying public do not care. As long as we don't care they can > continued to code exactly the way they are now. > > When Vista arrives the problem will only get worse. > > "We" as the buying public need to let the vendors know that this is no > longer acceptable. > > Crawford, Scott wrote: > >> I would rephrase that as "The ONLY problem with tweaking permissions >> > is that I have to do it at all." Implicit in that is that the time I > spend - any time at all - is time I shouldn't have to spend, and would > rather spend fixing my problems instead of xyz vendor's. It can also be > infered that modifying the system beyond what the vendor expects will, > by definition, almost always put you in an unsupported state. If it was > supported, they might as well add the tweaks to their install routine. > >> >> If you can reproduce the problem when running as an administrator, you >> > should be able to get support. If you can't, then the program is > crashing on an access denied, and further tweaks are needed. > >> >> One tip that might help you is to run Regmon while installing the >> > program and add perms to any key created by the program. We have some > software from the Dept. of Ed. that expects access to somewhere around > 50 HCCR Class keys. As the program runs, it tries to modify values in > these keys one-at-a-time. If it fails, the program exits. It started > to get really tedious running Regmon, start the program, crash, find > Access Denied in Regmon, modify perm, repeat 50 times. Preemptively > giving rights to the keys was much faster. > >> ________________________________ >> >> From: [EMAIL PROTECTED] on behalf of Steve Rochford >> Sent: Mon 9/18/2006 4:56 AM >> To: [email protected] >> Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware >> >> >> >> One of the problems with tweaking permissions etc is that it can take >> > a > >> long time to get it right and you leave yourself in an unsupported >> position. As an example, we use a package called QL (from Distinction >> Systems Limited) for student records. We were told by their helpdesk >> that in order to get parts of it to work it needed local admin access. >> > I > >> tried to use regmon/filemon to get round this but only had limited >> success and it doesn't fail gracefully if it can't get the access it >> needs but just collapses in a heap and needs reinstalling. The company >> was uninterested in fixing the problem and basically said that if you >> don't run it as admin then you don't get support. >> >> Steve >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, >> > Scott > >> Sent: 15 September 2006 21:33 >> To: [email protected] >> Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware >> >> "Has" = The user running the program needs to be a member of Power >> > Users > >> or Administrators to run said program. >> >> It sounds like your program requires one of two options to run - add >> > the > >> user to Administrators or tweak the registry. Tweaking the registry >> > is > >> by far the better option IMO. The benefits to system security >> > outweigh > >> the time required to find the required perm changes (It gets easier >> > with > >> practice). My original point was taking the time to tweak problem >> > apps > >> allows you to let your users run as non-admins, effectively >> > eliminating > >> spyware. >> >> I think the link you're referring to is www.threatcode.com. There are >> plenty of apps/vendors that *think* they need to be run with admin >> privs. I'm just saying that's not the case, provided you're willing >> > to > >> tweak file/reg perms. >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Chinnery, >> > Paul > >> Sent: Friday, September 15, 2006 1:01 PM >> To: [email protected] >> Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware >> >> Well, I guess you'd have to define "has." We run a hospital IS from a >> major healthcare s/ware vendor that has instructions on its customer >> website on making a couple of registry changes to allow non-local >> > admins > >> to run it. So, technically if a registry change is made, it doesn't >> have to run under those privilieges. However, in my mind, if I have >> > to > >> modify the registry, then it still fits the description. >> There was a message (can't remember if it was this listserv or >> > antoher) > >> where the poster gave a link to a list of programs that needed local >> admin to run properly. >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Crawford, >> > Scott > >> Sent: Friday, September 15, 2006 11:56 AM >> To: [email protected] >> Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware >> >> >> I'm sure there are apps that are written exceptionally stupidly, >> requiring admin, but I've yet to run across one. I've had lots of our >> guys tell me something HAS to have admin to run, but I've yet to run >> across one that really does. I suggest you read this article: >> >> http://www.microsoft.com/technet/technetmag/issues/2006/08/LUABugs/ >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Chinnery, >> > Paul > >> Sent: Friday, September 15, 2006 7:15 AM >> To: [email protected] >> Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware >> >> I agree but, unfortunately, the software being used requires local >> > admin > >> privileges. Which, as you might imagine, is quite frustratig. >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Susan Bradley, >> CPA aka Ebitz - SBS Rocks [MVP] >> Sent: Thursday, September 14, 2006 3:11 PM >> To: [email protected] >> Subject: Re: [ActiveDir] OT: Protecting against Spyware/Adware >> >> >> Nonadmin >> >> I peronally have had way less issues when users that don't need admin >> rights don't have them. >> >> Chinnery, Paul wrote: >> >> >>> We're using CounterSpy Enterprise from Sunbelt Software. Like you, >>> > we > >>> >>> >> >> >>> have seen aperformance hit* on computers with just 128 meg of memory >>> but that goes away when we add more memory. The only issue I ran >>> into, other than performance, was it blocked a cookie that was >>> necessary for our payroll department. However, once I "okayed" that >>> cookie, it was fine. >>> >>> *According to Sunbelt, the next version is supposed to reduce the >>> performance impact. >>> >>> -----Original Message----- >>> *From:* [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] Behalf Of *Chris >>> Pohlschneider >>> *Sent:* Thursday, September 14, 2006 10:44 AM >>> *To:* [email protected] >>> *Subject:* [ActiveDir] OT: Protecting against Spyware/Adware >>> >>> Just curious what other people are using for protecting against >>> adware/spyware? We are using Webroot Spysweeper right now, but I >>> see some performance hits on computers running this software and >>> it does work, but it causes headaches will installing some apps >>> that we approve. Any suggestions are appreciated. >>> >>> >>> >>> Chris Pohlschneider >>> >>> Holloway Sportswear IT >>> >>> 937-494-2559 >>> >>> 937-497-7300 (Fax) >>> >>> [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>> >>> >> -- >> Letting your vendors set your risk analysis these days? >> http://www.threatcode.com <http://www.threatcode.com/> >> >> If you are a SBSer and you don't subscribe to the SBS Blog... man ... >> > I > >> will hunt you down... >> http://blogs.technet.com/sbs >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> >> >> >> > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk **********************************************************************
<<winmail.dat>>
