pg_msgprot still privileged

After uninstalling PG 1.3, and installing PG 2.0 I noticed that pg_msgprot.exe is still privileged, but the file is absent.
This means that any hostile app can copy itself to the old location and name of pg_msgprot.exe, and hijack the privileges it was assigned.

The PG installer should alert on any privileges assigned to non-existent files to avoid this danger.
-hojtsy-

 

Hi hojtsy, This is not correct as the MD5 signature will change for the offending file and you will be alerted by the Secure Desktop.

Simple to try rename any other file for example notepad.exe as pg_msgprot.exe then try to run it

Having said that I do agree that an alert would be nice if a file is no longer installed and or been moved.

HTH Pilli

 

There is no checksum for pg_msgprot.exe, as the file is absent.
Execution would go unnoticed if done during the learning period, or the user could also think that the pg_msgprot.exe in the Process Guard directory is legitimate and grant execution right later.
-hojtsy-

 

The fact that execution blocking could possibly catch the dropper is no reason to ommit the safe configuration of privileges. With that reasoning you can drop the privilege system and the generic protections altogether.
Yes, the entry is left over from PG 1.3 config for me, and for several other PG users. I already removed it, but how many of them was observant enough to remove it?
All I suggest is to check for non-existent files on installation - trivial to implement, and I see no drawbacks.
-hojtsy-

 

me atleast

agree