Harold Fuchs wrote: > On 27/12/2008 20:38, James Knott wrote: >> Harold Fuchs wrote: >> >>> 2008/12/27 Web Kracked <[email protected]> >>> >>> >>>> James Knott wrote: >>>> >>>> Web Kracked wrote: >>>> >>>> >>>> I have a question about the "portableapps"? >>>> Do you install them on a pc and the run from the pc's drive or from >>>> the portable drive? Do they "parts" on the computer your plug your >>>> portable drive into? >>>> >>>> As you see, I never used any portable apps. >>>> >>>> >>>> >>>> The portable apps are generally installed on a USB flash drive and >>>> then >>>> can be used on any Windows computer even those that don't have the app >>>> installed. >>>> >>>> >>>> >>>> Thanks James; >>>> I never used these portable applications and most of the people >>>> that I deal >>>> with >>>> have policies stating they cannot use USB or flash drives. There is a >>>> privacy and >>>> security issues. They think if you plus in the portable drives >>>> (USB or >>>> flash), you >>>> can/will give them viruses or take private information from their >>>> computers. >>>> >>>> >>> The portableapps stuff doesn't have to run from a USB drive. It's >>> just as >>> happy running from a CD or from a hard disk (see below). I doubt >>> there are >>> many security policies that ban those :-( >>> >>> You can "install" the portable apps stuff. Instructions are on their >>> web >>> site but basically you just run the "installer" and tell it to put the >>> application(s) on the system's hard disk. It still doesn't touch the >>> registry and the user doesn't have to be an administrator to do it. >>> So, if >>> you want several portable apps you could make a directory, for example >>> "c:\PortableApps" and put everything there. This directory then >>> becomes the >>> analogue of "c:\Program Files" but without any of the associated >>> security >>> restrictions. >>> >>> >> On a properly "locked down" system, a user shouldn't be able to write >> anywhere, other than his home directory or where specifically >> authorized. I know that's hard to do in Windows, but it's common in >> Linux & Unix. Also, many computers have the USB port disabled for >> storage devices. A CD version might be useful there. IIRC the portable >> app version of OOo can be run from a CD. >> >> >> > If you want you can install the portable apps stuff in "the user's > home directory". As I said, you can install the portable apps > *anywhere* and you don't need administrative privileges to do it. > "Anywhere" means what it says; it's a useful word. In this context it > specifically *includes* the "My Documents" folder on a Windows system. > Thus any user can install any application offered by > www.portableapps.com on *any* device/folder/directory to which s/he > has write access and can run it from that device/folder if s/he has > execute access to that device/folder/directory. > > I don't believe there is any "defence" against the portable apps > software; the only way to lock down a Windows system against portable > apps is to > a) Bar execution of software from any and all removable media > explicitly including CDs. I don't think this is possible if the > machine has a CD drive to which the user has physical access > b) Make any directory other than the user's "My Documents" folder > non-writeable and > c) Convince Windows that anything in "My Documents" or its sub-folders > is not executable. Perhaps you can do this in Windows; I don't know > nut I don't think so. > > I'd be interested to see a *working* procedure for locking down a > Windows system against these programs. I can't decide whether or not I > hope such a procedure doesn't (can't) exist. On balance I think I do > hope that. > Check the permissions:
You have the basics, such as: Read Write Read and execute Modify If you set the permissions to allow Read and deny the rest, you can't write anything or execute anything. Allow write and you'll be able to read & write, but not execute anything. Limiting where a user can read, write, execute etc., can go a long way to reducing the problems caused by malware. You can find some info on permissions here: http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html You can find properly locked down computers in many large companies and some small ones. -- Use OpenOffice.org <http://www.openoffice.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
