Data leakage among users

  • Thread starter Thread starter Roof Fiddler
  • Start date Start date
R

Roof Fiddler

I installed Quicken on Vista, and ran it as one user, and then when I ran it
as another user at the same time, quicken complained that it was already
being run by another user. So Vista is leaking data among users,
specifically, that other users are running particular programs. This is a
security problem. A program running in one user account should have no way
to know whether that same program is being simultaneously run in another
user account.
 
More like Intuit folks don't know how to code securely.

The reality is that most Intuit software hasn't been rewritten since Win9x.
 
Susan Bradley said:
More like Intuit folks don't know how to code securely.
Perhaps, but that's beside the point. The point is that if Quicken or any
other user program can (accidentally, intentionally, or even maliciously)
discover that another user is running that program, then it's a security
problem, which the operating system, not that user program, has the
exclusive responsibility for solving.
 
In a multiuser environment programs need to know if another user is already
using the program. This can be done securely through system messages. One
user can't access another user's memory but the system can pass messages
back and forth. There is some security risk in this but without doing this
data corruption would be rampant. This security risk in Vista is managed
much better than in XP.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca
 
Kerry Brown said:
In a multiuser environment programs need to know if another user is
already using the program. This can be done securely through system
messages. One user can't access another user's memory but the system can
pass messages back and forth. There is some security risk in this but
without doing this data corruption would be rampant.
Corruption of what data? If I run Quicken and another user runs Quicken,
we're only modifying data stored in our own home directories. Coordination
of the two Quicken processes in order to avoid data corruption would only be
necessary if the processes were sharing writeable data, which they're not.
 
No it's not besides the point.

Intuit does not code securely. Every piece of software should be
reviewed for secure coding.

I am not about to hold Microsoft responsible for Intuit's continued
stupidity.
 
In a multi user environment, each user should have his own separate files
under "Users" in Vista with his/her UserName. If the intention woz to have
some files common accessible to all users then the Users\All Users\ is the
folder to use either with \Application Data or \MyDocuments.

As a previous commenter mentioned, these are post WIN9X features and,
presumably Intuit has not updated its software to accomodate this way of
securing data in a multi user environment.

Complain to Intuit.

Vista is pointing the way to the future for more secure computers in multi
user environments.

Get with it.

Garry
 
Back
Top