Snapshot for Limited User; suggestion and workaround

Discussion in 'SpywareBlaster & Other Forum' started by Cosmo 203, Mar 3, 2008.

Thread Status:
Not open for further replies.
  1. Cosmo 203
    Offline

    Cosmo 203 Registered Member

    As this is my first post here:
    Hi to all.

    After installing the new version of SWB (4.0) I tried to make a system snapshot for a limited user in Windows XP SP2, and just as with version 3.5.1 this does not work. I found the thread here and found, that the steps described there also do not work. Now I made some investigation on o fresh test installation of XP SP2 (to make sure, that there are no custom made changes on the system) and came to the following result:

    To make the system snapshot working for a LUA (Limited User Account) there are 3 requirements necessary to fulfill:
    1. You must have write-access to the program folder (read on for more information)
    2. You must at least have write access for HKEY_Local_Machine\Software\SpywareBlaster\SS
    3. You must have write access for the system's temporary folder (normally C:\Windows\temp; not be mixed up with the temp folder inside everybody's user profile; read on for more info).

    As SpywareBlaster says in his help file (and I support this): "If you have a multi-user system, it is recommended that you create System Snapshots for each user/profile." this means, that this is only doable by lowering some security settings in the system, and that is not a good thing for a security app.

    Sorry, Javacool, if this sounds harsh; this is not intended and I like your program, but I do not find the words to express this more friendly.

    The problem is the following:

    At first: Giving a LUA write access to the said folder (or some of the files) is not doable without some special tasks for users of the Home Edition of XP. Most of them would not be able to do the needed steps - even if there would have been an guidance for that - in fact, there isn't. XP Pro users would be able to do that, but again, there is no explanation how and even with a guide it would be more a job for an experienced Windows user. My explanation, why this does not lead to more complaints is the poor fact, that far to many (the majority?) of the Window's users do their daily tasks (and especially surfing) inside an account with admin rights. (And more than often it is a joke, to follow the discussions about security aspects and software, but the people seem to forget to use one of the most effective and totally free protection measurements.)

    Second aspect, from the point of security: For the program folder it would be enough to give the right for adding new files (the ssave*.sss) and for altering the file sslist.sss. So far this would be (not good, but) acceptable.
    The write access for the said registry key would also be something, that could be accepted with some stomach-ache.
    But the killer aspect is the necessity to give the LUA the right to add files to the system's temp folder. This right for the LUA would undermine the security of a modern multi-user-system with distinct rights. And here stops the attempt to make snapshots for LUA's really doable.

    So the consequence is my request to change the way, how and where the snapshots get stored. At least, the temporary files, that get created during creation of a snapshot should get placed in the user's temp folder; even better would be to store the snapshots in the user profiles (maybe the AllUser profile and parts of the registry values in the HKEY_Current_User\Software-Branch.

    So far the bad news (but hopefully Javacool will consider my suggestions).

    At the end also some good news: At now there is one way, how snapshot's can get created for LUA: You need to have a software, which temporarily raises the LUA to Admin-rights. You can reach this e.g. by using the script MakeMeAdmin to be found here. A more comfortable modification of this script has been published by a German magazine here, download the file 0523-112.zip.
  2. javacool
    Offline

    javacool BrightFort Moderator

    Hi,

    We have this on the list to fix and simplify for users in a future release of SpywareBlaster. :)

    Best regards and thanks,

    -Javacool
  3. Cosmo 203
    Offline

    Cosmo 203 Registered Member

    Thank you for your response, javacool.

    I am happy to see, that this is already on your todo list.
Thread Status:
Not open for further replies.