In order to protect my Windows system, I grant write access to the "Program Files" directory tree to no-one except Administrator. Some programs don't like this, and it seems BOINC is one of those. I created a BOINC account under which the service is running, and which has full access to "Program Files\\Boinc". However I have the impression that the interactive Boinc manager also needs write access to that directory. Is that true? If so, which files are never modified so I can write-protect them? How about the subdirectories locale, projects, and slots (and their subdirectories)?

Thanks, Hans

Note that if the service is not running, starting the graphical manager will start core client under current user.

And BOINC Manager needs at least write access to its logs (stderrgui.txt stdoutgui.txt), maybe also other files but I don't know.

The point is that I want to keep viruses etc. from manipulating EXE files, just in case my anti virus software doesn't catch them. Besides, I believe Windows Vista will write-protect the "Program Files" folder tree by default.

BOINC still doesn't officially support Vista, because of all the new security things.

And, once a virus is inside your machine, you're already in very bad trouble. Also remember the old viruses that infected .exe files and spread are long gone. Hackers aren't interested in that anymore. They want to put ads on your computer (get paid for the advertising), send spam from your computer (get paid for the advertising, and the spam can't be tracked back to them), install a keylogger and get your passwords (lots of money stolen that way by getting bank account passwords), etc. There is money involved now, that's the danger.

The point is that I want to keep viruses etc. from manipulating EXE files, just in case my anti virus software doesn't catch them. Besides, I believe Windows Vista will write-protect the "Program Files" folder tree by default.

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger. You can give Boinc full access to \\Program Files\\Boinc under Vista equally well: just install Boinc logged in to the account you wish to run Boinc with.

---

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger.

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger.

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...

I don't understand how the graphical BOINC Manager is related to what hackers can do with BOINC. The only way for hackers to do bad things from your computer using BOINC is if you attach to a hacker-made project, or if hackers break into SETI servers, get the private code signing key, and send malicious applications (I think finding ET signals has *way* more probabilities than hackers managing to do that).

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...

I think the only files that can be write-protected are boinc.exe, boinccmd.exe and boincmgr.exe, and the dll's in the same folder, though I don't think it's really necessary, because viruses don't need them to infect the system. Other executables are downloaded dynamically.

---

Regardless of what files you protect, once a malicious program is running on your computer you're already in big enough trouble, so you should rather be using your time to protect yourself from trojans getting into the system, than reducing the harm a trojan can do once inside.

Personally, I don't rely on a single measure. I have anti-virus software with daily updated signatures, AND a firewall, AND never double-click e-mail attachments, AND don't use Outlook, AND use restricted access right, AND still am careful. No virus ever had a chance on my PC. But this thread is becoming off-topic, isn't it?