Thread 'Windows Access Rights'

Message boards : BOINC Manager : Windows Access Rights
Message board moderation

To post messages, you must log in.

AuthorMessage
hs

Send message
Joined: 23 Jan 07
Posts: 4
Germany
Message 7734 - Posted: 23 Jan 2007, 20:01:13 UTC

In order to protect my Windows system, I grant write access to the "Program Files" directory tree to no-one except Administrator. Some programs don't like this, and it seems BOINC is one of those. I created a BOINC account under which the service is running, and which has full access to "Program Files\\Boinc". However I have the impression that the interactive Boinc manager also needs write access to that directory. Is that true? If so, which files are never modified so I can write-protect them? How about the subdirectories locale, projects, and slots (and their subdirectories)?

Thanks, Hans
ID: 7734 · Report as offensive
Nicolas

Send message
Joined: 19 Jan 07
Posts: 1179
Argentina
Message 7735 - Posted: 23 Jan 2007, 20:04:07 UTC

Note that if the service is not running, starting the graphical manager will start core client under current user.

And BOINC Manager needs at least write access to its logs (stderrgui.txt stdoutgui.txt), maybe also other files but I don't know.
ID: 7735 · Report as offensive
hs

Send message
Joined: 23 Jan 07
Posts: 4
Germany
Message 7751 - Posted: 24 Jan 2007, 17:32:01 UTC

The point is that I want to keep viruses etc. from manipulating EXE files, just in case my anti virus software doesn't catch them. Besides, I believe Windows Vista will write-protect the "Program Files" folder tree by default.
ID: 7751 · Report as offensive
Nicolas

Send message
Joined: 19 Jan 07
Posts: 1179
Argentina
Message 7752 - Posted: 24 Jan 2007, 17:59:30 UTC

BOINC still doesn't officially support Vista, because of all the new security things.

And, once a virus is inside your machine, you're already in very bad trouble. Also remember the old viruses that infected .exe files and spread are long gone. Hackers aren't interested in that anymore. They want to put ads on your computer (get paid for the advertising), send spam from your computer (get paid for the advertising, and the spam can't be tracked back to them), install a keylogger and get your passwords (lots of money stolen that way by getting bank account passwords), etc. There is money involved now, that's the danger.
ID: 7752 · Report as offensive
Alex Plantema

Send message
Joined: 16 Apr 06
Posts: 18
Netherlands
Message 7759 - Posted: 24 Jan 2007, 22:49:36 UTC - in response to Message 7751.  

The point is that I want to keep viruses etc. from manipulating EXE files, just in case my anti virus software doesn't catch them. Besides, I believe Windows Vista will write-protect the "Program Files" folder tree by default.

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger. You can give Boinc full access to \\Program Files\\Boinc under Vista equally well: just install Boinc logged in to the account you wish to run Boinc with.

ID: 7759 · Report as offensive
hs

Send message
Joined: 23 Jan 07
Posts: 4
Germany
Message 7796 - Posted: 25 Jan 2007, 18:05:24 UTC - in response to Message 7759.  

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger.

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...
ID: 7796 · Report as offensive
Nicolas

Send message
Joined: 19 Jan 07
Posts: 1179
Argentina
Message 7799 - Posted: 25 Jan 2007, 18:45:47 UTC - in response to Message 7796.  

If you run Boinc under a separate account, then even if exe files in the Boinc directory are manipulated by viruses, they cannot harm files unrelated to Boinc, so there's no danger.

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...

I don't understand how the graphical BOINC Manager is related to what hackers can do with BOINC. The only way for hackers to do bad things from your computer using BOINC is if you attach to a hacker-made project, or if hackers break into SETI servers, get the private code signing key, and send malicious applications (I think finding ET signals has *way* more probabilities than hackers managing to do that).
ID: 7799 · Report as offensive
Alex Plantema

Send message
Joined: 16 Apr 06
Posts: 18
Netherlands
Message 7804 - Posted: 25 Jan 2007, 20:51:18 UTC - in response to Message 7796.  

I may not have made it clear enough that my worries are about the interactive Boinc Manager, which (of course) is not run under the service's account. If some script kiddies had the thought of turning BOINC into a spam network, it would sure be the end of BOINC and all its projects...

I think the only files that can be write-protected are boinc.exe, boinccmd.exe and boincmgr.exe, and the dll's in the same folder, though I don't think it's really necessary, because viruses don't need them to infect the system. Other executables are downloaded dynamically.
ID: 7804 · Report as offensive
Nicolas

Send message
Joined: 19 Jan 07
Posts: 1179
Argentina
Message 7842 - Posted: 27 Jan 2007, 3:46:46 UTC

Regardless of what files you protect, once a malicious program is running on your computer you're already in big enough trouble, so you should rather be using your time to protect yourself from trojans getting into the system, than reducing the harm a trojan can do once inside.
ID: 7842 · Report as offensive
hs

Send message
Joined: 23 Jan 07
Posts: 4
Germany
Message 7854 - Posted: 28 Jan 2007, 15:44:30 UTC - in response to Message 7842.  

Personally, I don't rely on a single measure. I have anti-virus software with daily updated signatures, AND a firewall, AND never double-click e-mail attachments, AND don't use Outlook, AND use restricted access right, AND still am careful. No virus ever had a chance on my PC. But this thread is becoming off-topic, isn't it?
ID: 7854 · Report as offensive

Message boards : BOINC Manager : Windows Access Rights

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.