Besides, many installers allow to specifiy the destination directory, and you can install to any directory you want. Launching executables from this directory is not safer than launching from any other directory. "C:\Program Files" has no any special meaning from the security point of view. That's why it is incorrect to say that "pretty much every Windows app" has a portable version.
registration of components in the registry. create the malicious app in a way that would avoid anti-virus protectionsĪll of these factors are in the way of this being an issue "all the time".know that the app would be executed by the user and not just "hanging around" for convenience, which brings an element of uncertainty and unpredictability for the attacker.have access to the system to be able to delete/replace the app, and if they could do that, there are far worse things they could do.Because if the attacker could replace the app and execute it themselves, then why replace an existing app at all?įor this attack to make sense, an attacker would have to: The point of the attack would be to place the app in such a way that the user of the system would choose to run it as a normal part of the user's operating of the system. Why don't we see this kind of attack all the time?īecause it would have to be not a niche case to be relevant "all the time".
It's more difficult to control what apps are approved. But the ease of adding controls in one case does not mean that the other case is "inherently dangerous".ĭoes being able to execute binaries from any arbitrary place in the system introduce weaknesses? Sure. Some hardened systems do only allow binaries to be executed from a protected directory structure. Having an approved directory structure where binaries should be executed is a handy, easy, simple, and predictable way to enforce binary execution policies. And this is where the logic starts to go astray. Isn't running code from anywhere but C:\Program Files, etc inherently So, that's a given, and we can assume that this is a factor. Because that's how they are supposed to work. Portable apps would be inherently subject to (I would not use the term "vulnerable to") being swapped out for malicious versions without any elevation of privileges or installation. The logic behind the question is confusing, which is why I think you are having trouble getting answers or getting people to understand you.
0 kommentar(er)
