Thursday, January 05, 2006

Don't underestimate the resourcefulness of people being annoying

Mostly my day jobs involves sorting out unusual computer problems, most often they invovle the Windows OS. I can across this - Don't underestimate the resourcefulness of people trying to be annoying.

Anyway the author talks about removing configuration API, and documentation of where those settings are stored in the registry. This is so that they cant be abused by installers. The idea is there is that an installer shouldn't change a users settings. This is all for the good and all installers should follow such guidelines. Mind you I'm not aware of such a guidelines document from microsoft , which specify what things to leave alone in your installers.

But by not documenting some of these things - how is a local system administrator going to fix them when the something goes horribly wrong. A simple example would be carefully constructed registry entry which causes the document UI program to GPF when it reads/processes the settings, but the main library,which is the user of the settings still interprets the settings in the way the mal-installer wished.

A local sysadmin is going to have merry hell trying to sort such a situation out, because he can't even look up on msdn or technet where the compromised settings are likely to be.


Post a comment

<< Home