Main Area and Open Discussion > Living Room
App vendors discover a new way to abuse Windows
Stoic Joker:
Users aren't supposed to be installing software (it's dangerous). But if a program needs to be available to all users, and it wants to store writable files in its very own close by place ... That (IIRC) is what C:\ProgramData is for.
Binaries in Program Files
Writables in ProgramData
User X specific/only in AppData
Renegade:
Don't forget that when you install a program outside protected folders like Program Files it becomes fair game to any other malicious software. So that app you trusted to make an exception for in your firewall, oh oh, now it has been compromised or replaced by another non-elevated process.
-Eóin (October 07, 2011, 10:41 PM)
--- End quote ---
True enough. But seriously... If the computer's going to get compromised there, anything goes, so whether or not your program is in AppData or wherever just doesn't matter anymore. Hosed is hosed.
Here's a fun way to look at it... If you're going to be eaten by zombies, do you care if you know the zombie or not? :P :D
...or maybe the zombie is just an impersonator zombie and not your mom zombie or...
I think it might be cool to be eaten by Elvis... Then again, maybe not. :D
Users aren't supposed to be installing software (it's dangerous). But if a program needs to be available to all users, and it wants to store writable files in its very own close by place ... That (IIRC) is what C:\ProgramData is for.
Binaries in Program Files
Writables in ProgramData
User X specific/only in AppData
-Stoic Joker (October 07, 2011, 10:47 PM)
--- End quote ---
Whether it's this or that folder, having all writable files & folders under the program's executable folder is a massive plus. (Worked on 2000/XP.)
Mind you, while I am freakish about some things, this isn't one of them. Or maybe it is. :P Either way -- whether I'm a freak or not -- I don't have a problem with programs outside of Program Files if it makes sense.
For example, I have "Magic the Gathering Online" on this machine. It's nutty. In the extreme. It drives me batty every time I want to play it... Here's how the insanity goes...
Start > Programs > MTGO > Run the program...
Oh... No. It doesn't start. Instead, I get the Admin prompt (orangish-yellow one at that... grrr...) to allow "Renamer.exe" to run. WTF? Oh... yeah... that's the "prelauncher"...
Mostly irrelevant, but I wanted to rant a bitClick OK.
Updater runs... Wait half hour for game to update itself... (This annoyance isn't related to the discussion, but it's part of the insanity of getting the game to run.)
Once updated, have nice pretty screen to look at. Must click "Launch" to start game...Click "Launch". Game starts. Must remember password & login. Login name is case sensitive... Password rules are... Tired of farting around with it... Click X to close it... That's the nice part because it closes down quickly and gracefully. The exact opposite of the startup experience.
Ok. Most of that is just me complaining. But the first part where we get the lovely admin prompt... Like, c'mon... The reasons for requiring admin permissions or prompts or whatever are never good. They're always bad. No "user" level program needs to have admin rights. Ever. Why? There isn't a single scenario where a user would ever need admin elevation. User that is...
So, I take it that if you're installing drivers or doing system administration... well... that's administration. :)
It might be a better user experience to avoid that constant pestering and just put it in a folder that doesn't require prompts. That might make sense.
Getting off track there a bit...
As a user, I really don't care about "Program Files" and how it differs from AppData or any other folder. The *only* meaning that it has for me is that it is a central repository. Beyond that, I don't care. As a user...
Also, the whole "portable" application thing... I love it. But, with the whole Program Files model, it's tough. Copy files from folders X, Y and Z, then... oh Lord... My eyes are glazing over already...
For me, I don't want to have to think about those sorts of things. i.e. "Don't make me think." A nice little aphorism found in many writings on user experiences.
Let's See A Show Of Hands
Who here has ever setup a new machine, then copied all their programs from their old machine onto it by dragging and dropping them on?
Nobody. But that's what the user experience should be like.
I dread setting up new machines. It takes forever because I have to track down software, that I've already had to install, then install it, then configure it, then... the list goes on. It's extremely painful and time consuming.
Yeah... Licensing... a pain... piracy, yadda yadda yadda... As an honest user, do I really need to pay the price for other people's sins? Why? Why punish me?
(I have serious issues with people misdirecting their anger/whatever at me.)
How about this... Instead of:
> App vendors discover a new way to abuse Windows
How about:
> App vendors discover a way that illustrates how Windows program installations are basically overly complicated, fragmented, and difficult to work with
Is it a problem with abusing Windows, or is it a problem with how Windows sets things up?
I'm sure there are all sorts of technical reasons and lots of security mumbo-jumbo to go along with the way things are right now. But I really just don't care. It makes life more difficult for me. I think that the majority of people out there would agree that making life easier for them is good. 8)
Am I just being a freak and oversimplifying?
BRAIN FART:
Instead of only looking for malware, why not have a security system that looks for "goodware", and only allows you to run pre-authorized programs? Kind of like a guest list at an exclusive party where you need to be invited.
vlastimil:
> App vendors discover a way that illustrates how Windows program installations are basically overly complicated, fragmented, and difficult to work with
Is it a problem with abusing Windows, or is it a problem with how Windows sets things up?
-Renegade (October 08, 2011, 03:54 AM)
--- End quote ---
100% agree - it should be the OS responsibility to set up the file system on a computer in a sensible way. Today, every developer, who wants to improve installation experience on Windows (allow isolated, non-admin installs), ends in the %APPDATA% folder. It is the least of all evils (better than Desktop, better than Start menu folder, possibly better than Documents).
Eóin:
True enough. But seriously... If the computer's going to get compromised there, anything goes, so whether or not your program is in AppData or wherever just doesn't matter anymore. Hosed is hosed. -Renegade (October 08, 2011, 03:54 AM)
--- End quote ---
Not sure I agree, the whole point of UAC is that prior to you clicking yes and elevating a process your computer is not compromised. In reality UAC is not 100%, especially on the default Win7 settings. Nonetheless placing EXE's outside the protected folders is just plain careless to me, you are actively circumventing one level of a users protection and saying it's done for their convenience.
Renegade:
True enough. But seriously... If the computer's going to get compromised there, anything goes, so whether or not your program is in AppData or wherever just doesn't matter anymore. Hosed is hosed. -Renegade (October 08, 2011, 03:54 AM)
--- End quote ---
Not sure I agree, the whole point of UAC is that prior to you clicking yes and elevating a process your computer is not compromised. In reality UAC is not 100%, especially on the default Win7 settings. Nonetheless placing EXE's outside the protected folders is just plain careless to me, you are actively circumventing one level of a users protection and saying it's done for their convenience.
-Eóin (October 08, 2011, 08:05 AM)
--- End quote ---
I'm not following.
If your computer is already compromised with some malicious code running, I don't see what difference it makes whether some legitimate program is stored in Program Files or somewhere else. The damage is already done.
The same goes for all external storage. A portable application would also be "just plain careless".
Maybe I'm dense... Maybe we're talking about slightly different things?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version