Main Page 
PC Review
Forums
Newsgroups
Microsoft AntiSpyware
Anti-Spyware Installation
install as non-administrator
Forums
Newsgroups
Microsoft AntiSpyware
Anti-Spyware Installation
install as non-administrator
 |
install as non-administrator |
|
|
Thread Tools | Rate Thread |
07-01-2005, 04:08 PM
|
#1 |
|
Guest
Posts: n/a
|
install as non-administrator
Microsoft AntiSpyware 1.0 Beta 1's help file says that
the software can only be installed by administrators on modern Windows OSs. Contrary to that statement, I'm finding that anyone with Power Users privilege can install it. The result is that it is available only to that one user. Apart from this being a documentation error, I'm wondering, how could the MAS installer accomplish the necessary tasks unless it's running as an administrator? Are the hooks it installs only valid in the context of processes that run as the user? More generally, could someone from Microsoft explain the chain of trust that assures us that malware can't disrupt the operation of MAS, e.g., by replacing gcasServ.exe (something any Web Trojan could do when running as a Power User), or trying to alter the cached spyware signatures? I see that there are some digital signatures in use, but I'd like to know the "comprehensive" explanation. At first glance, the security seems weak. Ross Brown Computer Sciences Corporation rbrown68@csc.com |
|
|
07-01-2005, 08:01 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: install as non-administrator
Probably you mean the person should have Administrative priviledges.
Andre "Ross Brown" <rbrown68@csc.com> wrote in message news:0fbc01c4f4db$7fb68620$a401280a@phx.gbl... > Microsoft AntiSpyware 1.0 Beta 1's help file says that > the software can only be installed by administrators on > modern Windows OSs. Contrary to that statement, I'm > finding that anyone with Power Users privilege can > install it. The result is that it is available only to > that one user. > > Apart from this being a documentation error, I'm > wondering, how could the MAS installer accomplish the > necessary tasks unless it's running as an administrator? > Are the hooks it installs only valid in the context of > processes that run as the user? > > More generally, could someone from Microsoft explain the > chain of trust that assures us that malware can't disrupt > the operation of MAS, e.g., by replacing gcasServ.exe > (something any Web Trojan could do when running as a > Power User), or trying to alter the cached spyware > signatures? I see that there are some digital signatures > in use, but I'd like to know the "comprehensive" > explanation. At first glance, the security seems weak. > > Ross Brown > Computer Sciences Corporation > rbrown68@csc.com |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
