SUPERAntiSpyware 5.x

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

Great to know you haven't forgot about it.

Regarding SAS opening a web page, it does open SAS page. I uninstalled SAS from a system, to reinstall the newest version, and it did open SAS page. I don't think it was upon updating it, after reinstalling it.

The web page is ONLY launched on uninstall, not installation.

[m00nbl00d]

Quote:

Originally Posted by SUPERAntiSpy

The web page is ONLY launched on uninstall, not installation.

OK. So, I confused when it SAS opens IE. Still, the same concern applies, because it opens IE in a non Protected Mode, and with full administrative rights. Someone providing a security application should be aware that huge problems may come from this, would SAS web site ever be hijacked by hackers. (Let's never say no. Others have fallen.)

P.S: Don't take this as bad criticism; rather as good one.

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

OK. So, I confused when it SAS opens IE. Still, the same concern applies, because it opens IE in a non Protected Mode, and with full administrative rights. Someone providing a security application should be aware that huge problems may come from this, would SAS web site ever be hijacked by hackers. (Let's never say no. Others have fall.)

P.S: Don't take this as bad criticism; rather as good one.

Uninstallation is not in admin mode, it's in the user context, FYI.

[m00nbl00d]

Quote:

Originally Posted by SUPERAntiSpy

Uninstallation is not in admin mode, it's in the user context, FYI.

Hmmm...

In Start Menu there's no option to uninstall SAS. So, at the time, I first uninstalled SAS via Add/Remove Programs, which will start the all process with administrator rights (it asks for permissions).

Also, the stand alone uninstaller I got from SAS forum, because somehow SAS failed to properly uninstall, does require administrator rights as well.

Later on, I found there's an uninstaller executable in SAS folder, and this too require administrative rights to be executed.

How does it require only current user (standard user) rights?

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

Hmmm...

In Start Menu there's no option to uninstall SAS. So, at the time, I first uninstalled SAS via Add/Remove Programs, which will start the all process with administrator rights (it asks for permissions).

Also, the stand alone uninstaller I got from SAS forum, because somehow SAS failed to properly uninstall, does require administrator rights as well.

Later on, I found there's an uninstaller executable in SAS folder, and this too require administrative rights to be executed.

How does it require only current user (standard user) rights?

It should be launched at the lowest priv level. We will continue to have that uninstallation page as it provides valuable data to improve our product.

[m00nbl00d]

Quote:

Originally Posted by SUPERAntiSpy

It should be launched at the lowest priv level. We will continue to have that uninstallation page as it provides valuable data to improve our product.

And, how exactly would this "should" (I made the emphasis) make it uninstall SAS with lowest rights? A standard user has no permissions to install or uninstall from %ProgramFiles%.

The only way for SAS not require administrator rights to install or uninstall would be for it to be installed to user space. Which would go against a proper administrative policy.

So, SAS does uninstall in administrative mode and does open IE in administrative mode as well.

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

And, how exactly would this "should" (I made the emphasis) make it uninstall SAS with lowest rights? A standard user has no permissions to install or uninstall from %ProgramFiles%.

The only way for SAS not require administrator rights to install or uninstall would be for it to be installed to user space. Which would go against a proper administrative policy.

So, SAS does uninstall in administrative mode and does open IE in administrative mode as well.

I appreciate your concern regarding the browser being launched - it really doesn't represent any issue in real-world situations and hasn't caused any issues in over 35 million installations.

[xxJackxx]

I did some testing on a Vista virtual machine and it does launch the browser process as admin. I should have known it would but had not really though about it. This is probably low odds of being a problem... unless the user keeps that browser open and continues to go to other sites with it. As I paid customer of SUPERAntiSpyware and an employee of the software industry in general I can appreciate what they are trying to do by launching this page to begin with but I can see the potential problem with this. I am thinking there is a way to launch a child process that does not inherit the admin rights but I can't think of how to do it without some research. It might be well worth looking into.

[SUPERAntiSpy]

Quote:

Originally Posted by xxJackxx

I did some testing on a Vista virtual machine and it does launch the browser process as admin. I should have known it would but had not really though about it. This is probably low odds of being a problem... unless the user keeps that browser open and continues to go to other sites with it. As I paid customer of SUPERAntiSpyware and an employee of the software industry in general I can appreciate what they are trying to do by launching this page to begin with but I can see the potential problem with this. I am thinking there is a way to launch a child process that does not inherit the admin rights but I can't think of how to do it without some research. It might be well worth looking into.

There really is no potential problem - if you are already infected, it can't cause you to get infected - the infection would have to be there already.

[Searching_ _ _]

Would it be an issue in a hostile network?

[nessy90]

Quote:

Originally Posted by m00nbl00d

And, how exactly would this "should" (I made the emphasis) make it uninstall SAS with lowest rights? A standard user has no permissions to install or uninstall from %ProgramFiles%.

The only way for SAS not require administrator rights to install or uninstall would be for it to be installed to user space. Which would go against a proper administrative policy.

So, SAS does uninstall in administrative mode and does open IE in administrative mode as well.

m00nbl00d do you ever give it a break, I dont think you have ever had to many good coments a SAS thru this entire thread, you know what because of you Im going to give SAS a go.

Nessy

[m00nbl00d]

Quote:

Originally Posted by nessy90

m00nbl00d do you ever give it a break, I dont think you have ever had to many good coments a SAS thru this entire thread, you know what because of you Im going to give SAS a go.

Nessy

OK.

I guess that volunteering to translate SAS to my language, clearly shows a sign of disdain... or not giving a rest to SAS and SAS team, uh?

Maybe I'll take my offer back. I don't use and won't be using SAS, though for the extra comfort of some relatives, I have it installed in some relative's systems, for on-demand scans. They do understand English, though. So... this wouldn't be a favor I'd be doing to me or my relatives... but to a general audience.

Some people simply seem not to deserve the help of others.

I just stated realities over the thread... and more recently one more regarding that it does open IE under FULL rights.
If I wanted to run IE under FULL rights, I'd be using an Administrator account with UAC disabled. Or, even in standard user account with IE executed with FULL rights.

The problem... and I had examples in the family, is that most enjoy easy to do stuff. A relative connects to the Internet using a 3G USB device; the ISP application automatically opens IE, when connecting to the Internet (the work around is to close the app after entering credentials and using Windows own connection mechanism). This made things so comfortable to my relative, because didn't have to manually open IE. Hopefully, IE process was started under standard user rights. Can you imagine the problem if it was started under FULL rights? Well... you know what people use to say: crap and accidents do happen...

So, I just express a concern... because when I see security companies like Kaspersky having their main website hacked... it makes me wonder if the same couldn't happen with such SAS page. (Maybe not... maybe some divine protection is out there.)

Anyway, it's my last post here.

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

OK.

I guess that volunteering to translate SAS to my language, clearly shows a sign of disdain... or not giving a rest to SAS and SAS team, uh?

Maybe I'll take my offer back. I don't use and won't be using SAS, though for the extra comfort of some relatives, I have it installed in some relative's systems, for on-demand scans. They do understand English, though. So... this wouldn't be a favor I'd be doing to me or my relatives... but to a general audience.

Some people simply seem not to deserve the help of others.

I just stated realities over the thread... and more recently one more regarding that it does open IE under FULL rights.
If I wanted to run IE under FULL rights, I'd be using an Administrator account with UAC disabled. Or, even in standard user account with IE executed with FULL rights.

The problem... and I had examples in the family, is that most enjoy easy to do stuff. A relative connects to the Internet using a 3G USB device; the ISP application automatically opens IE, when connecting to the Internet (the work around is to close the app after entering credentials and using Windows own connection mechanism). This made things so comfortable to my relative, because didn't have to manually open IE. Hopefully, IE process was started under standard user rights. Can you imagine the problem if it was started under FULL rights? Well... you know what people use to say: crap and accidents do happen...

So, I just express a concern... because when I see security companies like Kaspersky having their main website hacked... it makes me wonder if the same couldn't happen with such SAS page. (Maybe not... maybe some divine protection is out there.)

Anyway, it's my last post here.

So you won't translate SUPERAntiSpyware because your point was rebutted? Yes IE opens as the same priv as the current process - in reality that doesn't do anything harmful. There is ALWAYS away to come up with a "possible" situation, but you have to look at probability, not just possibility.

[nessy90]

Quote:

Originally Posted by SUPERAntiSpy

So you won't translate SUPERAntiSpyware because your point was rebutted? Yes IE opens as the same priv as the current process - in reality that doesn't do anything harmful. There is ALWAYS away to come up with a "possible" situation, but you have to look at probability, not just possibility.

Purchased SAS.
Nessy

[m00nbl00d]

Quote:

Originally Posted by SUPERAntiSpy

So you won't translate SUPERAntiSpyware because your point was rebutted? Yes IE opens as the same priv as the current process - in reality that doesn't do anything harmful. There is ALWAYS away to come up with a "possible" situation, but you have to look at probability, not just possibility.

I guess no one wondered about the probability of security vendors like Kaspersky seeing their website being hacked; nor the possibility of such ever happen, I guess.

And, I actually believe such situation happened more than once. I guess no one ever thought about the probability of a second possibility just around the corner.

[SUPERAntiSpy]

Quote:

Originally Posted by m00nbl00d

I guess no one wondered about the probability of security vendors like Kaspersky seeing their website being hacked; nor the possibility of such ever happen, I guess.

And, I actually believe such situation happened more than once. I guess no one ever thought about the probability of a second possibility just around the corner.

Glad you can now see the humor in it All the vendors do their best - nothing is perfect.

[m00nbl00d]

Quote:

Originally Posted by SUPERAntiSpy

Glad you can now see the humor in it All the vendors do their best - nothing is perfect.

By the way, I did not mention I'd no longer translate SAS. It was a merely reaction to this comment http://www.wilderssecurity.com/showp...&postcount=161

[iFront]

@SUPERAntiSpy

If you don't mind can I know when will the SAS 5.0 will be released officially?

[twl845]

You know they're going to say "when it's ready".

[firzen771]

Quote:

Originally Posted by twl845

You know they're going to say "when it's ready".

i wonder if its gunna be the same as SuperAdBlocker in that sense lol

[SUPERAntiSpy]

Quote:

Originally Posted by twl845

You know they're going to say "when it's ready".

That's exactly right, but it's close to public pre-release!

[iFront]

Quote:

Originally Posted by SUPERAntiSpy

That's exactly right, but it's close to public pre-release!

Thank you for the news,I'm quite excited how the new version will perform.

[Raven_X]

still to have for an normal PC with 2GB Ram and 2Ghz,

[SUPERAntiSpy]

Quote:

Originally Posted by Raven_X

still to have for an normal PC with 2GB Ram and 2Ghz,

What are you asking here?

[Jadda]

Guess he is trying to say it's too heavy. Looking forward to pre-release, I'm sure it'll be great. Good luck!