| Date: | January 4, 2006 / year-entry #9 |
| Tags: | other |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20060104-53/?p=32773 |
| Comments: | 17 |
| Summary: | TechNet Magazine's January • February 2006 issue is now available, including a short article from me on the resourcefulness of people trying to be annoying. The issue also has an article on how to use the Volume Shadow Copy Service which I mentioned a few months ago. (And if you had read that posting from last September,... |
TechNet Magazine's January • February 2006 issue is now available, including a short article from me on the resourcefulness of people trying to be annoying. The issue also has an article on how to use the Volume Shadow Copy Service which I mentioned a few months ago. (And if you had read that posting from last September, you'll know why the Previous Versions Client is kept in a folder called "twclient". Try using that at a party to impress someone.) |
Comments (17)
Comments are closed. |
Haha, I swear when I read the title of this blog post that I thought you’d be writing about people like the above poster instead of something technical related. I was quite disappointed when I found out the topic was just a repeat of old blog material. :(
I thought that poster’s comment was very apropos, especially considering that IE and Outlook Express pin themselves…
Um, no, IE and OE do not pin themselves. The Start menu pins your default web browser and default email program. If you change your web browser/email program, the icon changes to match. (See the Start menu’s Properties dialog.)
And the article was not a repeat. It was actually a response to the comment http://blogs.msdn.com/oldnewthing/archive/2005/06/03/424802.aspx#424822
"Is there any reason to have a programmatic interface to the cd autoplay settings?"
This question is based on an invalid assumption: There is no programmatic interface to the CD autoplay settings. The people were hacking the undocumented settings. There’s new content in the article, but half of it is a repeat of old blog content in order to establish context for the new content.
I’d love if this type of limitation would also apply to programs trying to add themselves to Windows startup list. I simply hate those stupid programs that despite everything to the contrary think they’re sooooo important that they absolutely have to be running all the time in the system. They can’t pin themselves to the Start menu, but they can make sure they’ll always have a flashy icon in the notification area of the task bar. That’s really, really annoying…
ThalesC: Grab autoruns at http://www.sysinternals.com. Marvel at how long it takes to list all the programs and different ways they can be configured to run at startup. I suggest telling it hide the Microsoft signed ones. It feels especially gratifying getting rid of whole bunches of useless programs that way.
I don’t understand Volume Shadows. A file is locked, so the backup makes a copy and monitors writes to it. But so what? If it refuses to back it up because it is in an unknown state then it must still be in an unknown state by the end of the backup (unless the app locking it has finished with the file)
I would LOVE the ability to lock the "run" key under HKLMMicrosoftWindowsCurrentVersionRun.
David – the file was in a known and consistent state UNTIL the write began. Hence by shadowing a copy right when the OPEN for WRITE request is being processed, you have a consistent copy. During the write, all bets are off (well, without various other more complicated measures).
Keep in mind file by file snapshots like this aren’t always the perfect solution. With a multifile database, inter-file consistency is important and this method doesn’t guarantee this will necessarily be the case.
So is the model that the OS is the governement (rules system) that manages the behaviour of society? There must be a wealth of literature on Social Engineering thatcould be pro-actively applied to the management of social spaces – where the OS isviewed as a social space. Game theory developed a very westernised view od the ‘social dilemma’ in the from of ‘the prisoners dilemma’ (westernised individual achievement oriented). Though the original premis was more based on a long term view of ‘re-newable resources’ – ‘the commons dilemma’. It would be good to see explicit evidence of microsoft developing windows as a cooperatively managed renewable resource…
That’s interesting… didn’t know that.
So there *is* a programmatic way to pin your application then — register it as the default mail or web handler!
AP,
You can achieve the locking you desire using registry permissions. Regedit.exe is really limited, presumably because it was originally built for Win95, but the old NT registry editor Regedt32.exe has a menu option to set registry key permissions.
You can deny your own user account permission to create new values in that Run key, and then any calls to add new values there will fail. If you ever want to add something manually, you can just flick the permissions back again temporarily.
Technically there’s no reason why an application couldn’t go in there and enable the write permission itself before adding the key, but I don’t think many would actually bother. I suspect most apps don’t even bother to check whether their registry call succeeds or not, because people tend to be sloppy about these matters.
Of course, you may find that some setup utilities and software fail spectacularly due to this unexpected setting, so you’d better keep in mind that you’ve done it so that you aren’t left scratching your head a few months later when something bizarre happens during an application install.
(Disclaimer: The above might all be completely false. You might want to test on a harmless key elsewhere in the registry first. If you accidentally lock half of your registry while following my instructions, don’t come crying to me!)
The Windows XP version of regedit.exe includes the security permissions menus too. No need to use regedt32 anymore, unless you prefer MDI. This change may have been introduced with Windows 2000, I can’t remember.
Or, just get Mike Lin’s awesome startup monitor and control panel applet and stomp those nasties before the even get in there.
I use Spybot Search and Destroy as an anti-spyware tool and it contains a nice thing that sits in memory and looks for possible spyware and will warn me if something tries to insert itself into the run keys.
Other spyware (such as the microsoft anti spyware) may do the same, I dont know.
from the bio at the bottom –
His web site blogs.msdn.com/oldnewthing deals with Windows history and
**being attacked by sidewalks**
– emphasis added
Security permissions are an approach. But not quite what I want.
I think that, generally, anytime an application tries to access files or registry entries that are not its own outside of proper APIs, that something neferious is going on.