Geek Answers Handbook

Is it normal to store executable files in program files?

Is it okay to store executable files in program or appdata files? As a result, I can modify it (update) without having to display a uac warning, but, on the other hand, it could be any other application.

Note. Google chrome seems to do this.

+4
source share
3 answers

The main advantage is that users without administrator access can install software without administrator permission. The main disadvantage is that users without administrator access can install software without administrator permission.

+8
source

Although it is becoming increasingly common that applications installed in these places (chrome, runonce, gtalk) are a security risk, and, as Jonathan said, the advantage is also the biggest drawback.

Many enterprises now block the launch of applications from these places. As more and more enterprises identify this as a visionary security hole, I would expect more and more organizations to block it.

I think your question: "Is it against the rules" is subjective. Of course, there is room for discussion, but in the end it seems like a proactive decision to circumvent the alleged security of the system. I personally will not establish these places.

+3
source

%APPDATA% is a reasonable location if the application is really intended to be used by a single user. In this case, this is not a security risk. By default, only that user has access to their %APPDATA% folder, so there is no trust boundary crossing.

%PROGRAMDATA% less reasonable. First of all, this directory was added in Vista, so this can be a problem. However, if you install here, you install to a place that is system-wide. User A can install your program, but user B has access to this location. In this way, user B can overwrite your program with something malicious, tricking user A into starting him up. This is a security risk.

+1
source

More articles:


All Articles