The case of the insecure security software, 2010 edition

So I was doing a permissions audit of my new testbed Windows 7 computer using Windows Permission Identifier. The computer, from a major computer vendor, contains a recent version of a security suite from a well-known security vendor. The audit results show that every file from the security suite in the Program Files folder is writable by all users, including limited user accounts ! Because the security suite was pre-installed by the computer vendor, I don't know for sure that it's the security suite vendor's fault, but I would bet on it.

It would be interesting to hear if any of you have similar experiences with relatively new versions of security software. I guess the more things change, the more things stay the same.

 

No. Since I'm not 100% sure if it's the security vendor's fault - because I didn't install it myself - maybe I'll try to find a trial version and install it myself on a clean system so that I can be 100% sure first.

 

Yeah, it happens. Program Files permissions are one thing, but then there are also the permissions assigned to the security software's services - sometimes it just so happens that they allow everyone to do such things as change the executable that the service runs, which provides a really quite excellent way to escalate privileges to SYSTEM.

And usually, it is the security software vendor's fault. Sometimes, though, it can be the result of a file system that's been converted from FAT and has gotten very weird permissions as a result of that, or other such weirdness. Major computer vendors quite often, at least in the past, have messed with the permissions to do such idiotic things as allow pretty much everyone to write new folders and files in the Program Files folder and other 'protected' folders.