Data leakage among users

Discussion in 'Windows Vista Security' started by Roof Fiddler, Sep 17, 2006.

  1. Roof Fiddler

    Roof Fiddler Guest

    I installed Quicken on Vista, and ran it as one user, and then when I ran it
    as another user at the same time, quicken complained that it was already
    being run by another user. So Vista is leaking data among users,
    specifically, that other users are running particular programs. This is a
    security problem. A program running in one user account should have no way
    to know whether that same program is being simultaneously run in another
    user account.
    Roof Fiddler, Sep 17, 2006
    1. Advertisements

  2. More like Intuit folks don't know how to code securely.

    The reality is that most Intuit software hasn't been rewritten since Win9x.
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Sep 17, 2006
    1. Advertisements

  3. Roof Fiddler

    Roof Fiddler Guest

    Perhaps, but that's beside the point. The point is that if Quicken or any
    other user program can (accidentally, intentionally, or even maliciously)
    discover that another user is running that program, then it's a security
    problem, which the operating system, not that user program, has the
    exclusive responsibility for solving.
    Roof Fiddler, Sep 17, 2006
  4. Roof Fiddler

    Kerry Brown Guest

    In a multiuser environment programs need to know if another user is already
    using the program. This can be done securely through system messages. One
    user can't access another user's memory but the system can pass messages
    back and forth. There is some security risk in this but without doing this
    data corruption would be rampant. This security risk in Vista is managed
    much better than in XP.

    MS-MVP Windows - Shell/User
    Kerry Brown, Sep 17, 2006
  5. Roof Fiddler

    Roof Fiddler Guest

    Corruption of what data? If I run Quicken and another user runs Quicken,
    we're only modifying data stored in our own home directories. Coordination
    of the two Quicken processes in order to avoid data corruption would only be
    necessary if the processes were sharing writeable data, which they're not.
    Roof Fiddler, Sep 17, 2006
  6. No it's not besides the point.

    Intuit does not code securely. Every piece of software should be
    reviewed for secure coding.

    I am not about to hold Microsoft responsible for Intuit's continued
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Sep 17, 2006
  7. In a multi user environment, each user should have his own separate files
    under "Users" in Vista with his/her UserName. If the intention woz to have
    some files common accessible to all users then the Users\All Users\ is the
    folder to use either with \Application Data or \MyDocuments.

    As a previous commenter mentioned, these are post WIN9X features and,
    presumably Intuit has not updated its software to accomodate this way of
    securing data in a multi user environment.

    Complain to Intuit.

    Vista is pointing the way to the future for more secure computers in multi
    user environments.

    Get with it.

    Garry Grolman, Oct 1, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.