R
Ross Brown
Microsoft AntiSpyware 1.0 Beta 1's help file says that
the software can only be installed by administrators on
modern Windows OSs. Contrary to that statement, I'm
finding that anyone with Power Users privilege can
install it. The result is that it is available only to
that one user.
Apart from this being a documentation error, I'm
wondering, how could the MAS installer accomplish the
necessary tasks unless it's running as an administrator?
Are the hooks it installs only valid in the context of
processes that run as the user?
More generally, could someone from Microsoft explain the
chain of trust that assures us that malware can't disrupt
the operation of MAS, e.g., by replacing gcasServ.exe
(something any Web Trojan could do when running as a
Power User), or trying to alter the cached spyware
signatures? I see that there are some digital signatures
in use, but I'd like to know the "comprehensive"
explanation. At first glance, the security seems weak.
Ross Brown
Computer Sciences Corporation
(e-mail address removed)
the software can only be installed by administrators on
modern Windows OSs. Contrary to that statement, I'm
finding that anyone with Power Users privilege can
install it. The result is that it is available only to
that one user.
Apart from this being a documentation error, I'm
wondering, how could the MAS installer accomplish the
necessary tasks unless it's running as an administrator?
Are the hooks it installs only valid in the context of
processes that run as the user?
More generally, could someone from Microsoft explain the
chain of trust that assures us that malware can't disrupt
the operation of MAS, e.g., by replacing gcasServ.exe
(something any Web Trojan could do when running as a
Power User), or trying to alter the cached spyware
signatures? I see that there are some digital signatures
in use, but I'd like to know the "comprehensive"
explanation. At first glance, the security seems weak.
Ross Brown
Computer Sciences Corporation
(e-mail address removed)