Superantispyware Updater executable is in Temp Folder?

Discussion in 'other anti-malware software' started by kencat, Feb 21, 2008.

Thread Status:
Not open for further replies.
  1. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    I've been studying and experimenting with my Kerio 2.1.5 ruleset to tighten things down to IPs and ports where possible, and have found this "possibly" disturbing fact with Superantispyware free.

    The SUPERAntiSpyware Updater Application executable resides in a Temp folder. This does not seem to be a very good place to put this executable to me, because I (as well as many others I would suspect) every once in a while delete everything in this Temp folder because it can become a growth monster that is on steroids and out of control. The word Temp (temporary) means just that; i.e. not needed soon after it has been born and not important.

    This shot of the Kerio ruleset shows the rule that is necessary to effect a manual update of SAS.
    [​IMG]

    The full path is D:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE

    Is this something that is associated with the free version, and will go away with the full purchased version? or is it the norm in both versions? Either way it seems to be a dangerous place for this executable to live. I'm glad I now know about it, as I will leave it (the executable) alone next time I'm pissed at the temp folders and blow everything away.

    I am not a programmer/coder person, and I know I have 1% (probably less) knowledge of what goes on in computers, but love to learn what I can. I bring this concern up to see what other views there may be on it, and perhaps to even bring attention to the developers to something that has been overlooked.

    If my understanding of the purpose of this "Temp" folder is in error, I will gladly accept explanations, but man, nothing permanent should live in a Temp folder as far as I'm concerned at this time.

    Oh, OS is Windows 2000.
     

    Attached Files:

  2. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    SUPERAntiSpyware executes the SSUPDATE.EXE (application updater) from the temp folder so it can overwrite any of it's own files/folders. If it was executed from the Program Files location it would not be able to overwrite itself and require a reboot on update - this way a reboot is not required.

    The temp folder can be deleted at any time. That is why the file SSUPDATE.EXE is copied there when the update check is executed.

    I hope this clears up your concerns.
     
    Last edited: Feb 22, 2008
  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    So cleaning out the Temp folder can not harm SAS Free installation of the manual update process?
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    SAS (Free) creates a new SSUPDATE.EXE on every update, therefore after the update SSUPDATE.EXE can be deleted without any harm.
    I have done this very often without any problems and know about the changes of SSUPDATE.EXE because my firewall is pointing at SSUPDATE.EXE's application file modification in my temp folder.

    Cheers
     
  5. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Hi Subset. Just to make sure: we are talking about the ssupdate.exe in the Temp folder?
     
  6. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,

    Just to participate to the discussion, I think it is a very Curious way to manage updates with ssupdate.exe launched from temp folder... Therfore, if you clean up your temp folder, you will not be able to auto update SAS !!!

    Now, imagine that all application developpers use the same strategy... Imagine, that for all of your applications (having their folder in Program Files), updaters executables and all necessary files are in temp folders ? Then, finaly your Program Files will become more temporary than the temp folder himself...

    Well, windows system files is organized such a manner (kind of normalization) that differents application developpers knowing the purpose of windows folders, decide to store on temp folders, only session parameters, installers etc... knowing that temp folder should be regularly cleaned up (for example automatically by CCleaner)...


    That's very strange !
     
  7. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    This is not true, read to post made by Subset. He states that everything works fine, even when cleaning the temp folder.
    I agree that it's an unusual way of handling updates, but I'm sure the developers of SAS have their reasons for this.
     
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    C'mon Philippe try a bit harder;)

    The application updater which is only *usable* by clicking on the bug icon in the task bar and selecting check for updates is what launch's SSUPDATE.exe from <temp> folder.If there is a software update available then for the reasons that SUPERAntiSpy has posted is why it is run from <temp>.

    The automatic update option of the software or update option via software GUI do not use SSUPDATE.exe to perform their actions.A defintion update is a modification of the detections database on the PC and does not need to modify the core software files.

    HTH:)
     
  9. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    So it is only used for updates of the program itself and not for definition updates?

    Correct me if I'm wrong but doesn't SAS Free only support manual updates? So, in case there should be a program update, a user would have to download and uninstall/install the core application anyway?
     
  10. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Updater runs from TEP folder ? Then, someusers may ahve this problem:

    I have a AV--McAfee VirusScan Enterprise-- does have an on-access protection, in it there is an option--preventing common programs running from TEMP folder.

    If this option is checked--by default -- SAS's updater is out of service ?
     
  11. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    The update that creates this temp is for product upgrade, not updates.
    If there is no upgrade and the temp file is removed,where's the problem?
    If there is an upgrade, it is downloaded and the previous version needs to be removed before the new version is installed and afterwards if the temp file is removed, again where's the problem?
    Maybe i'm just not seeing it but I don't understand the concern.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,

    The explanation by SUPERAntiSpy looks honest and makes sense, I am currently looking at SAS due to other concerns, but the only possible problem I see here is if the copy/creation of this file to temp is blocked, then it may cause problems for SAS.
    This is not a possible attempt at bypass.

    I have seen such from other apps
     
  13. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Me neither.
     
  14. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    FACT : In no way will deleting the temp folder cause any harm to SUPERAntiSpyware or its ability to update definitions or the main product. The SSUPDATE.EXE file is COPIED to the temp folder to execute the updater.
     
    Last edited: Feb 22, 2008
  15. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Well, this is the expected answer ! The program is a copy, launched from temp folder
     
  16. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    I think that was clear with my first response to the thread where I wrote what is quoted below.....

    Time to pay attention Philippe_FR22 :)
     
  17. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    I deleted the ssupdate.exe file from the temp folder, and then did "check for updates" from the menu. Everything went well with no prompts from Kerio, and a new ssupdate.exe file appeared in the temp folder.

    Thanks for the reply and explanation Nick. Can't say I fully understand the programming and logistics behind it all, but as you say deleting the file from the temp folder has no ill effects.
     
Loading...
Thread Status:
Not open for further replies.