Today I was locking down a computer lab and ran into problems with adobe photoshop 6.0. Up until now, all users were administrators on the machines that they were working on. We have had little problems and the politics are easier to deal with.
Spyware is finally taking a lot of our time, so we want to take some steps to avoid it. Running everyone as a limited user is the simplest security step to take. We just have to keep the programs that they use working. That brings us to Photoshop.
When running as a limited user, photoshop starts to load. It errors out with a message about a file that is locked. The first two obvious security setting that need to be checked are the permissions on the TEMP folder and the Program files\adobe\photoshop folder. If the TEMP folder is in the user profile, it will not be a problem. We had it redirected to c:\windows\temp and that caused us a few problems.
Photoshop also saves settings in the application folder*, so we decided to grant full access to that folder. This method worked for most programs that have problems. The registry is also a place to look, but the messages talking about locked files kept me looking at the filesystem. When that did not solve it, I looked to my toolbox for help.
I loaded up sysinternal's filemon.exe to watch what files photoshop was not able to access. It showed Photoshop trying to create and then open a temporary file (the swap file) on the root of the C: drive. I added a advanced security permition that allowed full read/write access to the drive and I checked the box that says apply to this folder only (so I don't give them full access to everything, just access to files on the C).
Finally after that, Photoshop was able to run with out any problems. I tried to search for this and could not find it. The only solution was to use FAT32 instead of NTFS when formatting. What good is a limited user if you run on FAT32.
To sum up the changes:
Give user group read/write access to c:\program files\adobe\photoshop
Give user group advanced read/write access to c:\ and ONLY apply it to "this folder only"
verify user group has read/write access to %temp% folder.
* I was working from an existing install, I did not try to reinstall it. Some programs give you the option "Just for me" or "For Everyone" and that makes a difference.
Wednesday, March 09, 2005
Wednesday, March 02, 2005
Spyware can be stopped
I have 2 ideas for stopping spyware or at least make the game more exciting. I think would work if someone could get the right people behind them.
1) Patents. That is a hot topic. Software patents and how they are harmful to the software industry. Someone should compile a list of patents that spyware is using or create a think team to patent new ideas before they use them. They will either work around the patents or get the laws changed.
2) Companies should sue for the use of their hardware for profit. Users of big companies click yes to the EULA, but it is the companies property and the spyware is using system resources for advertising. I have heard of cases in the past where hackers stole idle time from computers and the companies cam down on them with the full wrath of the law. Why is this any different.
IANAL, but I think both of these sound reasonable. If someone forms a patent team, I already see few things spyware could be doing, but isn't. This epidemic will get worse before it gets better.
1) Patents. That is a hot topic. Software patents and how they are harmful to the software industry. Someone should compile a list of patents that spyware is using or create a think team to patent new ideas before they use them. They will either work around the patents or get the laws changed.
2) Companies should sue for the use of their hardware for profit. Users of big companies click yes to the EULA, but it is the companies property and the spyware is using system resources for advertising. I have heard of cases in the past where hackers stole idle time from computers and the companies cam down on them with the full wrath of the law. Why is this any different.
IANAL, but I think both of these sound reasonable. If someone forms a patent team, I already see few things spyware could be doing, but isn't. This epidemic will get worse before it gets better.
Tuesday, March 01, 2005
This is not news, its the way it is
It is sad that the internet has become so hostile. At work I connected one of our servers to a connection on the outside of our firewall for some remote support (didn't have the VPN papers signed yet). The moment that I enabled the nic, the server informed me that the RPC Service has failed and the computer will shut down.
I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.
As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.
At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.
And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.
I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.
As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.
At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.
And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.
Sunday, February 27, 2005
What about the rest of the spyware?
spyware scanners only get 50% - 70% of all known spyware. Using two scanners help, but that's a large percentage of spyware that still get by. I just scanned a system with Microsoft's Antispyware and it removed every thing it found, but the realtime protection was still indicating that something was trying to change my browser addresses.
I want to put together a guide to tracking down that last 10% of spyware that gets overlooked by the scanners. Some simple developer tools can be very powerful in the tracking down spyware. Sysinternals has a good collection of tools that I want to talk about with tracking down spyware in mind.
I want to put together a guide to tracking down that last 10% of spyware that gets overlooked by the scanners. Some simple developer tools can be very powerful in the tracking down spyware. Sysinternals has a good collection of tools that I want to talk about with tracking down spyware in mind.
Saturday, February 26, 2005
IDownload and ISpyware
I think the fall off IDownload and ISearch has started. They may have screwed up. They want every reference to them being spyware removed. I am not saying that Idownload or ISearch are spyware or adware. I don't care if they are malware or not. As you search the web now, the talk about them trying to shut up the small sites and antispyware vendors is what every one will see.
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
Friday, February 25, 2005
Spyware is like cancer
Once it is in your system, you are not going to get it out. Ok, maybe today. But as the fight goes on, they will win if they get the first attack.
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
Work harder, I know you can ...
Why am I always bringing computers to their knees. On my own machine, I can understand it. But I also over work our servers. I do this all the time. I get tired of it. If I have time to write about it while I watch it process ....
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
Subscribe to:
Posts (Atom)