On 27/12/2008 20:38, James Knott wrote:
Harold Fuchs wrote:
2008/12/27 Web Kracked <[email protected]>
James Knott wrote:
Web Kracked wrote:
I have a question about the "portableapps"?
Do you install them on a pc and the run from the pc's drive or from
the portable drive? Do they "parts" on the computer your plug your
portable drive into?
As you see, I never used any portable apps.
The portable apps are generally installed on a USB flash drive and then
can be used on any Windows computer even those that don't have the app
installed.
Thanks James;
I never used these portable applications and most of the people that I deal
with
have policies stating they cannot use USB or flash drives. There is a
privacy and
security issues. They think if you plus in the portable drives (USB or
flash), you
can/will give them viruses or take private information from their
computers.
The portableapps stuff doesn't have to run from a USB drive. It's just as
happy running from a CD or from a hard disk (see below). I doubt there are
many security policies that ban those :-(
You can "install" the portable apps stuff. Instructions are on their web
site but basically you just run the "installer" and tell it to put the
application(s) on the system's hard disk. It still doesn't touch the
registry and the user doesn't have to be an administrator to do it. So, if
you want several portable apps you could make a directory, for example
"c:\PortableApps" and put everything there. This directory then becomes the
analogue of "c:\Program Files" but without any of the associated security
restrictions.
On a properly "locked down" system, a user shouldn't be able to write
anywhere, other than his home directory or where specifically
authorized. I know that's hard to do in Windows, but it's common in
Linux & Unix. Also, many computers have the USB port disabled for
storage devices. A CD version might be useful there. IIRC the portable
app version of OOo can be run from a CD.
If you want you can install the portable apps stuff in "the user's home
directory". As I said, you can install the portable apps *anywhere* and
you don't need administrative privileges to do it. "Anywhere" means what
it says; it's a useful word. In this context it specifically *includes*
the "My Documents" folder on a Windows system. Thus any user can install
any application offered by www.portableapps.com on *any*
device/folder/directory to which s/he has write access and can run it
from that device/folder if s/he has execute access to that
device/folder/directory.
I don't believe there is any "defence" against the portable apps
software; the only way to lock down a Windows system against portable
apps is to
a) Bar execution of software from any and all removable media explicitly
including CDs. I don't think this is possible if the machine has a CD
drive to which the user has physical access
b) Make any directory other than the user's "My Documents" folder
non-writeable and
c) Convince Windows that anything in "My Documents" or its sub-folders
is not executable. Perhaps you can do this in Windows; I don't know nut
I don't think so.
I'd be interested to see a *working* procedure for locking down a
Windows system against these programs. I can't decide whether or not I
hope such a procedure doesn't (can't) exist. On balance I think I do
hope that.
--
Harold Fuchs
London, England
Please reply *only* to [email protected]
