Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
uac incorrectly identifies nsis installers
I realize this isn't exactly the best place for bug reports, but it's the
best one I could find. If there's a better place, please let me know and I'll post my bug report there. I'm the lead developer of NSIS, a software package used to create installers for Windows. Vista added a new feature that asks the user for an administrator password for programs requiring administrator privileges. The application specify that in its manifest, but Vista also automatically identifies certain types of programs. One of these is installers created using NSIS. The problem is with the method used to identify those installers. There are two methods as far as I can tell. The first looks for a special signature used in the header of every installer. The second, the problematic one, is looking for "Nullsoft.NSIS" in the name attribute of the assemblyIdentity tag in the xml manifest. That creates a false positive as every application in the NSIS package has that prefix in the name attribute. Installers share that prefix, but have ".exehead" suffix. This causes utilities used to create installers that require no administrator privileges to be identified as programs that require privilege escalation. This renders most of the applications in the NSIS package unusable for standard users. A similar problems occurs with Inno Setup and its compilers, but I don't know because of which string. Please fix it so it'd search for Nullsoft.NSIS.exehead and not just Nullsoft.NSIS. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://windowshelp.microsoft.com/com...sta.sec urity |
|
|||
uac incorrectly identifies nsis installers
is this the reason i'm having problems installing my kapersky antivirus? what
can i do if it is? "Amir Szekely" wrote: I realize this isn't exactly the best place for bug reports, but it's the best one I could find. If there's a better place, please let me know and I'll post my bug report there. I'm the lead developer of NSIS, a software package used to create installers for Windows. Vista added a new feature that asks the user for an administrator password for programs requiring administrator privileges. The application specify that in its manifest, but Vista also automatically identifies certain types of programs. One of these is installers created using NSIS. The problem is with the method used to identify those installers. There are two methods as far as I can tell. The first looks for a special signature used in the header of every installer. The second, the problematic one, is looking for "Nullsoft.NSIS" in the name attribute of the assemblyIdentity tag in the xml manifest. That creates a false positive as every application in the NSIS package has that prefix in the name attribute. Installers share that prefix, but have ".exehead" suffix. This causes utilities used to create installers that require no administrator privileges to be identified as programs that require privilege escalation. This renders most of the applications in the NSIS package unusable for standard users. A similar problems occurs with Inno Setup and its compilers, but I don't know because of which string. Please fix it so it'd search for Nullsoft.NSIS.exehead and not just Nullsoft.NSIS. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://windowshelp.microsoft.com/com...sta.sec urity |