Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Data leakage among users
I installed Quicken on Vista, and ran it as one user, and then when I ran it
as another user at the same time, quicken complained that it was already being run by another user. So Vista is leaking data among users, specifically, that other users are running particular programs. This is a security problem. A program running in one user account should have no way to know whether that same program is being simultaneously run in another user account. |
|
|||
Data leakage among users
More like Intuit folks don't know how to code securely.
The reality is that most Intuit software hasn't been rewritten since Win9x. Roof Fiddler wrote: I installed Quicken on Vista, and ran it as one user, and then when I ran it as another user at the same time, quicken complained that it was already being run by another user. So Vista is leaking data among users, specifically, that other users are running particular programs. This is a security problem. A program running in one user account should have no way to know whether that same program is being simultaneously run in another user account. |
|
|||
Data leakage among users
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
wrote in message ... More like Intuit folks don't know how to code securely. Perhaps, but that's beside the point. The point is that if Quicken or any other user program can (accidentally, intentionally, or even maliciously) discover that another user is running that program, then it's a security problem, which the operating system, not that user program, has the exclusive responsibility for solving. |
|
|||
Data leakage among users
In a multiuser environment programs need to know if another user is already
using the program. This can be done securely through system messages. One user can't access another user's memory but the system can pass messages back and forth. There is some security risk in this but without doing this data corruption would be rampant. This security risk in Vista is managed much better than in XP. -- Kerry MS-MVP Windows - Shell/User http://www.vistahelp.ca Roof Fiddler wrote: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" wrote in message ... More like Intuit folks don't know how to code securely. Perhaps, but that's beside the point. The point is that if Quicken or any other user program can (accidentally, intentionally, or even maliciously) discover that another user is running that program, then it's a security problem, which the operating system, not that user program, has the exclusive responsibility for solving. |
|
|||
Data leakage among users
"Kerry Brown" *a*m wrote in message
... In a multiuser environment programs need to know if another user is already using the program. This can be done securely through system messages. One user can't access another user's memory but the system can pass messages back and forth. There is some security risk in this but without doing this data corruption would be rampant. Corruption of what data? If I run Quicken and another user runs Quicken, we're only modifying data stored in our own home directories. Coordination of the two Quicken processes in order to avoid data corruption would only be necessary if the processes were sharing writeable data, which they're not. |
|
|||
Data leakage among users
No it's not besides the point.
Intuit does not code securely. Every piece of software should be reviewed for secure coding. I am not about to hold Microsoft responsible for Intuit's continued stupidity. Roof Fiddler wrote: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" wrote in message ... More like Intuit folks don't know how to code securely. Perhaps, but that's beside the point. The point is that if Quicken or any other user program can (accidentally, intentionally, or even maliciously) discover that another user is running that program, then it's a security problem, which the operating system, not that user program, has the exclusive responsibility for solving. |
|
|||
Data leakage among users
In a multi user environment, each user should have his own separate files
under "Users" in Vista with his/her UserName. If the intention woz to have some files common accessible to all users then the Users\All Users\ is the folder to use either with \Application Data or \MyDocuments. As a previous commenter mentioned, these are post WIN9X features and, presumably Intuit has not updated its software to accomodate this way of securing data in a multi user environment. Complain to Intuit. Vista is pointing the way to the future for more secure computers in multi user environments. Get with it. Garry "Kerry Brown" *a*m wrote in message ... In a multiuser environment programs need to know if another user is already using the program. This can be done securely through system messages. One user can't access another user's memory but the system can pass messages back and forth. There is some security risk in this but without doing this data corruption would be rampant. This security risk in Vista is managed much better than in XP. -- Kerry MS-MVP Windows - Shell/User http://www.vistahelp.ca Roof Fiddler wrote: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" wrote in message ... More like Intuit folks don't know how to code securely. Perhaps, but that's beside the point. The point is that if Quicken or any other user program can (accidentally, intentionally, or even maliciously) discover that another user is running that program, then it's a security problem, which the operating system, not that user program, has the exclusive responsibility for solving. |