NVIDIA - Dangerous folder permissions

Using AccessEnum to look for potentially dangerous permissions on user directories, NVIDIA looks to have the worst I could find The one with no permissions is something I've never seen before. I've updated Jetico's Process Attack filter to address these and a few other candidates.

 

I doubt they will care much, in the past they haven't taken security very seriously until some news article reports on it.

 

Yeah, I'd be surprised if they addressed it. It's up to the end user, I guess

 

I quite resent all the web plugins that Nvidia trys to push and how it leaves so many processes up and running. I think Linus Torvalds said it best when it comes to Nvidia.

 

I remember when I had to make a fuss about my bank last year. That's all it took to make them take security serious. It was/is a big bank. I'm pretty sure you can make Nvidia look bad as well.

I'm actually thinking someone - running a popular tech/security blog/website - could make a link between Nvidia's lack of security and home banking insecurity.

Internet will take care of the rest over time. If people start to link Nvidia to a possible bank account breach, who knows.

 

NVIDIA does have a lot of processes, but I don't honestly see all these web plugins you refer to. I'm not one to care what Linus has to say, as he's quite known to spew the BS just as well as any other person and really doesn't deserve the god-like status he's been given. Nor should he forget that, despite its flaws, NVIDIA was supporting Linux when ATI was flipping it the bird.

Speaking of ATI, their security record isn't clean enough to eat off of either. Both companies have been lackluster and at times quite lazy.

 

Right, someone with enough clout could probably influence Nvidia to fix the problem. From my pov it's just a reminder to check directories now and again for permissions weaknesses, then take the necessary steps to address them. There are several of them that are overly permissive.

 

Luckily I've managed to remove them, you have the option to add them and the way it was phrased in the installation it makes you feel you should have them. There used to be three plugins on all my browsers one was something to do with 3D. I did a reinstall a couple of moths ago and realised they weren't needed. I do wish that Nvidia (and others) would look to do something about security issues rather than pretend they're not their until they become the next target for attack.

As for Linus' comment it was what he said here that I was alluding too. I meant it as more of a throwaway comment.

 

I don't see a problem.
If someone can enumerate your system, you have bigger issues.
Mrk

 

You don't see a problem in what?

 

What Everyone can access folder ... no. Why. If there's an escalation of privilege that can access a system folder, then I have a bigger problem than folder permissions. Regardless of permissions, something needs to run. If it doesn't run, no harm done.
Mrk

 

The problem I see with it, and just to be clear I'm not paranoid over it, but it's a problem nonetheless, is that the permissions are way over liberal. It's sloppiness and maybe even laziness on Nvidia's part. Either one of the directories, especially the one with no permissions assigned to it, could be used as a convenient and ideal launch pad for malware to write to and execute from. Of course there are other directories that also provide this sort of convenience, such as the c:\users\* and c:\Windows\Temp (check under special permissions for this one) and one will see the potential dangers the relaxed permissions on them present.

Absolutely, agreed. This is why I'm a proponent of anti-executables. These non-protected directories and others like them that allow users to write to and execute from need full time surveillance

 

I initially thought it was Program Files. It's Program Data.

A standard/limited user can write to Program Data just fine. I could anyway. lol

 

Now, imagine that every developer did that, including in Program Files/Windows directory? I had such an example with my ISP software.

 

Yeah, besides the Group/User permissions that allow to read and execute, there's a "special permissions" category as well, at least in my case, that allows users to create files and folders and write data and attributes, append data.

AccessEnum is a pretty handy tool to find these weak directories, except I don't see a column that shows executable rights.

Right, it's just that the Full control for Everyone and no permissions on the other folder are worse than what's usually seen under ProgramData.