Vista Forums - View Single Post

03-22-2007

Jimmy Brush wrote:
> Hello,
>
> Making the "virtualized" content accessible by all users would be just
> as bad as making the original location world-writable, so there would be
> no point.
I wondered if that might be the case.

>
> You are correct in assuming this has to do with the security policy in
> Vista.
>
> In Windows Vista, as in all earlier versions of Windows NT, each
> system-defined location has specific purposes that application
> developers are supposed to adhere to.
>
> The biggest thing application developers "break" is the taboo with
> accessing program files.
>
> Program Files is *NOT* the application's "scratch pad" area for storing
> files and data. The program does not "own" its folder here, and it has
> never been acceptable for programs to store files and settings here.
>
> Applications have always been expected to expect this area to be read-only.
>
> Program Files is for just that; static, read-only program files that
> constitute the core files that an application needs to run, and that are
> not user-specific.
>
> User-specific data goes inside a user's profile folder or a few other
> special folders.
>
> All machine-wide configuration data goes inside another special folder
> designed for this purpose.
I assume this folder is C:\ProgramData? Some of the folders already in
that location are not writeable by all users, but presumably it is up to
the program's install process to correctly set these permissions?

>
> Why is this?
>
> Well, program-files is MACHINE-WIDE, and contains the executable files
> for well-known programs and system components.
>
> It is important that these types of files be SEPERATE from other types
> of data because SPECIFICALLY these types of files SHOULD NOT be
> accessible by non-administrators. Because allowing non-admin writes to
> this area would allow anybody to replace these machine-wide program
> files with malicious program files, that would affect every user on the
> computer.
>
> Basically, the secure in Windows Vista works like this:
>
> * If the file, directory, registry key, etc, belongs to a certain user,
> then every program that the user runs has access to it
>
> * If the file, directory, registry key, etc, does NOT belong to a
> certain user, then only administrative programs have write access; all
> other programs have read-only access.
>
> This enforces the "rule" that only administrators (and administrative
> programs) can access anything that will affect the state of the computer
> or another computer.
>
> So you are correct that a Vista-compatible program would need to ask you
> for permission to update its program files (in order to run the updater
> as admin) or have the updater running as a service in the background.
>
> Virtualization is a hack that works within this security policy to make
> these misbehaving programs work.
>
> Unfortunately, the correct solution to this problem is for the
> applications that are misbeaving to be modified to follow these guidelines.
Unfortunately not likely in the first case I described, as that is a
small open-source utility which is not currently active. Setting
permissions on a single file isn't too much of a problem though.

>
> As a hack, you can indeed do as you did by modifying the security on the
> files that the application expects to be world-writable, or running the
> application as administrator.
I'd prefer not to make a program's entire folder world-writeable, as
would be required for Mozilla, but hopefully that's big enough to be
corrected fairly soon.

Interestingly, I have noticed one of Windows Live Messenger's files
being virtualised - is this a bug in WLM?

>
> You are correct that these are the only solutions available to you.
>

Thanks for taking the time to respond.

Mark.

03-22-2007	#5 (permalink)
Mark Bourne n/a posts	Re: Program Files Virtualisation Jimmy Brush wrote: > Hello, > > Making the "virtualized" content accessible by all users would be just > as bad as making the original location world-writable, so there would be > no point. I wondered if that might be the case. > > You are correct in assuming this has to do with the security policy in > Vista. > > In Windows Vista, as in all earlier versions of Windows NT, each > system-defined location has specific purposes that application > developers are supposed to adhere to. > > The biggest thing application developers "break" is the taboo with > accessing program files. > > Program Files is NOT the application's "scratch pad" area for storing > files and data. The program does not "own" its folder here, and it has > never been acceptable for programs to store files and settings here. > > Applications have always been expected to expect this area to be read-only. > > Program Files is for just that; static, read-only program files that > constitute the core files that an application needs to run, and that are > not user-specific. > > User-specific data goes inside a user's profile folder or a few other > special folders. > > All machine-wide configuration data goes inside another special folder > designed for this purpose. I assume this folder is C:\ProgramData? Some of the folders already in that location are not writeable by all users, but presumably it is up to the program's install process to correctly set these permissions? > > Why is this? > > Well, program-files is MACHINE-WIDE, and contains the executable files > for well-known programs and system components. > > It is important that these types of files be SEPERATE from other types > of data because SPECIFICALLY these types of files SHOULD NOT be > accessible by non-administrators. Because allowing non-admin writes to > this area would allow anybody to replace these machine-wide program > files with malicious program files, that would affect every user on the > computer. > > Basically, the secure in Windows Vista works like this: > > * If the file, directory, registry key, etc, belongs to a certain user, > then every program that the user runs has access to it > > * If the file, directory, registry key, etc, does NOT belong to a > certain user, then only administrative programs have write access; all > other programs have read-only access. > > This enforces the "rule" that only administrators (and administrative > programs) can access anything that will affect the state of the computer > or another computer. > > So you are correct that a Vista-compatible program would need to ask you > for permission to update its program files (in order to run the updater > as admin) or have the updater running as a service in the background. > > Virtualization is a hack that works within this security policy to make > these misbehaving programs work. > > Unfortunately, the correct solution to this problem is for the > applications that are misbeaving to be modified to follow these guidelines. Unfortunately not likely in the first case I described, as that is a small open-source utility which is not currently active. Setting permissions on a single file isn't too much of a problem though. > > As a hack, you can indeed do as you did by modifying the security on the > files that the application expects to be world-writable, or running the > application as administrator. I'd prefer not to make a program's entire folder world-writeable, as would be required for Mozilla, but hopefully that's big enough to be corrected fairly soon. Interestingly, I have noticed one of Windows Live Messenger's files being virtualised - is this a bug in WLM? > > You are correct that these are the only solutions available to you. > Thanks for taking the time to respond. Mark.
My System Specs