Solved

Flash abominations and file permissions

Posted on 2003-10-27
8
381 Views
Last Modified: 2010-04-14
I wrote a batch program called 'togflash' to toggle the renaming of the files that cause Flash animation to block my screen at times (GetFlash.exe,
Flash.ocx). So far, so good. I then discovered that the browser, finding them renamed, simply downloaded new copies and the awful visuals started up again. Wishing to extend my knowledge of Windows file permissions (that seem to be less intuitive than Unix ones) I decided to try the following:

1. Create a new account under Users. They are not meant to have file writing permissions in the directory these trojan files appear (C:\WINNT\system32\Macromed\Flash)

2. Run the browser as that user with 'Run as...'

Blow me if they're not *still* appearing. Why?
0
Comment
Question by:CEHJ
  • 4
  • 3
8 Comments
 
LVL 1

Assisted Solution

by:NahumK
NahumK earned 25 total points
ID: 9628352
Might be the browsing is down under "wimpy user" priveleges but the downloading is done through explorer.exe which uses the priveleges of the user that's logged on to the machine.
try to log on with the wimpy user and see if the problem occurs or just disable writing access on that directory for all users.
0
 
LVL 86

Author Comment

by:CEHJ
ID: 9629618
That's what I was thinking could be the problem.

>>just disable writing access on that directory for all users.

Been there, done that - file permissions got changed back to writable by some upstart process!
0
 
LVL 4

Accepted Solution

by:
darth_wannabe earned 100 total points
ID: 9634761
In your internet explorer security, set it to prompt you for active x controls and plugins rather than leaving it at 'enable'......or if you're sure you don't want to see them, set it to 'disabled'
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Expert Comment

by:darth_wannabe
ID: 9634769
BTW, that would be at TOOLS->INTERNET OPTIONS->SECURITY->CUSTOM LEVEL
0
 
LVL 86

Author Comment

by:CEHJ
ID: 9634787
Quite a good idea, i might try it. Get back to you.
0
 
LVL 4

Expert Comment

by:darth_wannabe
ID: 9634792
I believe that Internet Explorer uses the system account for stuff like you described.
0
 
LVL 4

Expert Comment

by:darth_wannabe
ID: 9634808
If you want to test it out, go to a site that you know has a bunch of flash stuff on it, like http://www.shockwave.com
0
 
LVL 86

Author Comment

by:CEHJ
ID: 9652269
Thanks guys.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question