The importance of strict installation paths

Tomas_J · February 2, 2016, 6:23am

Yesterday I’ve had an experience I’d like to share. One customer of mine uses strict AD software restrictions in his windows network limiting executables to certain paths only. Basically software can only be run within c:/program files/ and c:/program files (x86) (which are write protected for default non priviledged user). Everything else is locked down and the user gets a message, that he cannot start this requested program.

He has done this due the threats of cryptowall attacks last year. This leads to this:

always use program file folders by design. Don’t use custom folders like c:/something
save your settings etc. in users specialfolders, always
do not run any additional helper exe files from %temp% folders, they might not run in similar enviroments

I’ve had to rewrite my installer and relocate my helper files, because for installation they were extracted in %temp% folder and could not run from there. Was a day-long lesson to learn for me, on monday…

Sam_Rowlands · February 2, 2016, 7:37am

I would imagine this will one day be the norm, as security gets tighter and tighter.

Tomas_J · February 2, 2016, 7:40am

This was a managed corporate network. But I agree, this should be the norm in general.

Beatrix_Willius · February 2, 2016, 8:01am

And the hackers can’t install into c:/program files/ or c:/program files (x86), too?

Tomas_J · February 2, 2016, 8:06am

Negative, these folders are write protected for the normal user (without admin priviledges). So any executable cought by email or suspicious websites cannot be executed. They mostly drop their payloads in %temp% or %appdata% or %userdata% folders.

Michel_Bujardet · February 2, 2016, 10:42am

Since Windows 8, MS did strongly warn against executing anywhere else but the sanctioned program files directories.

Problem is, a lot of people simply ignore recommendations.