Security of data on MLS computers

mkmurray · #21

RussellHltn wrote:I don't know, but Vista compliance may force an issue. From what I'm hearing, Vista does NOT like data being stored in the Program Files directory. (It shouldn't have been done from Win2k on, but now MS is getting a bit nasty about it by remapping writes to different locations.)

Here is a blog post I wrote about this very issue called the Vista Virtual Store: http://miguelito928.spaces.live.com/Blo ... !190.entry

#22

RussellHltn and mkmurray point out an interesting development issue for some distant time. I don’t think the Church will be migrating to Vista any time soon. Until then the issue of having the MLS program require all users to have administrator privileges is a double edged sword. The program deals with and stores sensitive personal privacy data and should be a secure program. I won’t debate whether it is or isn’t. But then the front door is left open to this data for potential hackers who inherit administrator privileges once in the logged on user account when a computer with this sensitive data is connected to a network and then also to the internet (I’m sure there are many threads touching on the issue of hackers being able to get through both a hardware firewall and a software firewall).

This flies in the face of good, logical, security practice – and I’m sure it doesn’t have to be this way.

russellhltn · #23

mkmurray wrote:Here is a blog post I wrote about this very issue called the Vista Virtual Store: http://miguelito928.spaces.live.com/Blo ... !190.entry

Looks like it will drive some programmers batty.

There's some variable that should make doing the right thing fairly easy. For example storing the data under %ALLUSERSPROFILE% should get around the permissions issues and provide a consistent place for the data.

I suspect the biggest reason why admin access is requested for MLS users is because of the updates that are pushed down during send/receive. It may be difficult to get a package to do something like RUNAS so it can install updates.

#24

[/quote]I suspect the biggest reason why admin access is requested for MLS users is because of the updates that are pushed down during send/receive. It may be difficult to get a package to do something like RUNAS so it can install updates.[/quote]

Then how does Symantec and other commercial products do it for their programs? My antivirus updates just fine while logged onto a standard 'user' account.

#25

RussellHltn wrote:I suspect the biggest reason why admin access is requested for MLS users is because of the updates that are pushed down during send/receive. It may be difficult to get a package to do something like RUNAS so it can install updates.

Then how does Symantec and other commercial programs do it? Their antivirus program updates just fine while I am logged onto a general 'user' account. I am sure MLS could be programmed to do the same thing.

russellhltn · #26

jdlessley wrote:Then how does Symantec and other commercial programs do it? Their antivirus program updates just fine while I am logged onto a general 'user' account. I am sure MLS could be programmed to do the same thing.

Updating a virus definition file is a different thing. I'm talking about updating the program itself.

It can be done. Either though something like RUNAS (which requires that SLC know the login/password that will work on every machine), or though a service that runs as SYSTEM. But it's not easy. A more likely possibility is though LANDesk.

#27

RussellHltn wrote:It can be done.

I do know that in the early days of MLS, some very messy things happened if a user did not login to the OS using an administrative login, and then MLS tried to download an update. Essentially, MLS was not smart enough to know that the update had not taken place, and just went merrily on its way until it either crashed or the data corrupted.

#28

RussellHltn wrote:Updating a virus definition file is a different thing. I'm talking about updating the program itself.

It can be done. Either though something like RUNAS (which requires that SLC know the login/password that will work on every machine), or though a service that runs as SYSTEM. But it's not easy. A more likely possibility is though LANDesk.

The updates Symantec and others do go farther than just definition files. I've seen second level , or minor, update changes to the program through their update process while logged into a general user account.

russellhltn · #29

I checked my machine at work. There's no less then 5 running services and two stopped ones. All of them run as "local system".

But I'll bet Symantec's beta test is probably bigger then the church's entire deployment. It can be done, but it's not always easy. Update via LANDesk is probably easier to do.

childsdj · #30

RussellHltn wrote:I checked my machine at work. There's no less then 5 running services and two stopped ones. All of them run as "local system".

But I'll bet Symantec's beta test is probably bigger then the church's entire deployment. It can be done, but it's not always easy. Update via LANDesk is probably easier to do.

The LANDesk solution is the best option, but not yet feasible as it will not work over dial up connections. The more units that go to high speed the better. This will begin to allow LANDesk to work as it is supposed to from a central management perspective, including software delivery.