I've been studying and experimenting with my Kerio 2.1.5 ruleset to tighten things down to IPs and ports where possible, and have found this "possibly" disturbing fact with Superantispyware free.

The SUPERAntiSpyware Updater Application executable resides in a Temp folder. This does not seem to be a very good place to put this executable to me, because I (as well as many others I would suspect) every once in a while delete everything in this Temp folder because it can become a growth monster that is on steroids and out of control. The word Temp (temporary) means just that; i.e. not needed soon after it has been born and not important.

This shot of the Kerio ruleset shows the rule that is necessary to effect a manual update of SAS.
http://www.wilderssecurity.com/attachment.php?attachmentid=197943&stc=1&d=1203650094

The full path is D:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE

Is this something that is associated with the free version, and will go away with the full purchased version? or is it the norm in both versions? Either way it seems to be a dangerous place for this executable to live. I'm glad I now know about it, as I will leave it (the executable) alone next time I'm pissed at the temp folders and blow everything away.

I am not a programmer/coder person, and I know I have 1% (probably less) knowledge of what goes on in computers, but love to learn what I can. I bring this concern up to see what other views there may be on it, and perhaps to even bring attention to the developers to something that has been overlooked.

If my understanding of the purpose of this "Temp" folder is in error, I will gladly accept explanations, but man, nothing permanent should live in a Temp folder as far as I'm concerned at this time.

Oh, OS is Windows 2000.

SUPERAntiSpyware executes the SSUPDATE.EXE (application updater) from the temp folder so it can overwrite any of it's own files/folders. If it was executed from the Program Files location it would not be able to overwrite itself and require a reboot on update - this way a reboot is not required.

The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed.

I hope this clears up your concerns.

-{ Quote: "SUPERAntiSpyware executes the SSUPDATE.EXE (application updater) from the temp folder so it can overwrite any of it's own files/folders. If it was executed from the Program Files location it would not be able to overwrite itself and require a reboot on update - this way a reboot is not required.

The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed.

I hope this clears up your concerns." }-

So cleaning out the Temp folder can not harm SAS Free installation of the manual update process?

-{ Quote: "So cleaning out the Temp folder can not harm SAS Free installation of the manual update process?" }-
SAS (Free) creates a new SSUPDATE.EXE on every update, therefore after the update SSUPDATE.EXE can be deleted without any harm.
I have done this very often without any problems and know about the changes of SSUPDATE.EXE because my firewall is pointing at SSUPDATE.EXE's application file modification in my temp folder.

Cheers

-{ Quote: "SAS (Free) creates a new SSUPDATE.EXE on every update, therefore after the update SSUPDATE.EXE can be deleted without any harm.
I have done this very often without any problems and know about the changes of SSUPDATE.EXE because my firewall is pointing at SSUPDATE.EXE's application file modification in my temp folder.

Cheers" }-

Hi Subset. Just to make sure: we are talking about the ssupdate.exe in the Temp folder?

-{ Quote: "SUPERAntiSpyware executes the SSUPDATE.EXE (application updater) from the temp folder so it can overwrite any of it's own files/folders. If it was executed from the Program Files location it would not be able to overwrite itself and require a reboot on update - this way a reboot is not required.

The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed.

I hope this clears up your concerns." }-

Hello,

Just to participate to the discussion, I think it is a very Curious way to manage updates with ssupdate.exe launched from temp folder... Therfore, if you clean up your temp folder, you will not be able to auto update SAS !!!

Now, imagine that all application developpers use the same strategy... Imagine, that for all of your applications (having their folder in Program Files), updaters executables and all necessary files are in temp folders ? Then, finaly your Program Files will become more temporary than the temp folder himself...

Well, windows system files is organized such a manner (kind of normalization) that differents application developpers knowing the purpose of windows folders, decide to store on temp folders, only session parameters, installers etc... knowing that temp folder should be regularly cleaned up (for example automatically by CCleaner)...


That's very strange !

-{ Quote: "Just to participate to the discussion, I think it is a very Curious way to manage updates with ssupdate.exe launched from temp folder... Therfore, if you clean up your temp folder, you will not be able to auto update SAS !!!" }-

This is not true, read to post made by Subset. He states that everything works fine, even when cleaning the temp folder.
I agree that it's an unusual way of handling updates, but I'm sure the developers of SAS have their reasons for this.

-{ Quote: "Hello,

Just to participate to the discussion, I think it is a very Curious way to manage updates with ssupdate.exe launched from temp folder... Therfore, if you clean up your temp folder, you will not be able to auto update SAS !!!
" }-


C'mon Philippe try a bit harder;)

The application updater which is only *usable* by clicking on the bug icon in the task bar and selecting check for updates is what launch's SSUPDATE.exe from <temp> folder.If there is a software update available then for the reasons that SUPERAntiSpy has posted is why it is run from <temp>.

The automatic update option of the software or update option via software GUI do not use SSUPDATE.exe to perform their actions.A defintion update is a modification of the detections database on the PC and does not need to modify the core software files.

HTH:)

So it is only used for updates of the program itself and not for definition updates?

Correct me if I'm wrong but doesn't SAS Free only support manual updates? So, in case there should be a program update, a user would have to download and uninstall/install the core application anyway?

Hi,

Updater runs from TEP folder ? Then, someusers may ahve this problem:

I have a AV--McAfee VirusScan Enterprise-- does have an on-access protection, in it there is an option--preventing common programs running from TEMP folder.

If this option is checked--by default -- SAS's updater is out of service ?

The update that creates this temp is for product upgrade, not updates.
If there is no upgrade and the temp file is removed,where's the problem?
If there is an upgrade, it is downloaded and the previous version needs to be removed before the new version is installed and afterwards if the temp file is removed, again where's the problem?
Maybe i'm just not seeing it but I don't understand the concern.

Hello,

The explanation by SUPERAntiSpy looks honest and makes sense, I am currently looking at SAS due to other concerns, but the only possible problem I see here is if the copy/creation of this file to temp is blocked, then it may cause problems for SAS.
This is not a possible attempt at bypass.

I have seen such from other apps

-{ Quote: "Maybe i'm just not seeing it but I don't understand the concern." }-
Me neither.

-{ Quote: "Hello,

Just to participate to the discussion, I think it is a very Curious way to manage updates with ssupdate.exe launched from temp folder... Therfore, if you clean up your temp folder, you will not be able to auto update SAS !!!

Now, imagine that all application developpers use the same strategy... Imagine, that for all of your applications (having their folder in Program Files), updaters executables and all necessary files are in temp folders ? Then, finaly your Program Files will become more temporary than the temp folder himself...

Well, windows system files is organized such a manner (kind of normalization) that differents application developpers knowing the purpose of windows folders, decide to store on temp folders, only session parameters, installers etc... knowing that temp folder should be regularly cleaned up (for example automatically by CCleaner)...


That's very strange !" }-

FACT : In no way will deleting the temp folder cause any harm to SUPERAntiSpyware or its ability to update definitions or the main product. The SSUPDATE.EXE file is COPIED to the temp folder to execute the updater.

Well, this is the expected answer ! The program is a copy, launched from temp folder

-{ Quote: "Well, this is the expected answer ! The program is a copy, launched from temp folder" }-

I think that was clear with my first response to the thread where I wrote what is quoted below.....

-{ Quote: "The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed." }-

Time to pay attention Philippe_FR22 :)

-{ Quote: "SUPERAntiSpyware executes the SSUPDATE.EXE (application updater) from the temp folder so it can overwrite any of it's own files/folders. If it was executed from the Program Files location it would not be able to overwrite itself and require a reboot on update - this way a reboot is not required.

The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed.

I hope this clears up your concerns." }-

I deleted the ssupdate.exe file from the temp folder, and then did "check for updates" from the menu. Everything went well with no prompts from Kerio, and a new ssupdate.exe file appeared in the temp folder.

Thanks for the reply and explanation Nick. Can't say I fully understand the programming and logistics behind it all, but as you say deleting the file from the temp folder has no ill effects.