Re: ASLR / DEP in Installer
Posted: Wed Apr 17, 2024 12:34 pm
John,
It's not a matter of redistribution or personal concern. It's a matter of corporate security not allowing any program to exist on a corporate issued machine unless it has the appropriate modern security features (ASLR, DEP, signed, etc.). Since we need to install InstallAware, those files exist on our machine, and corporate security doesn't like it.
Then, as a wholly separate matter, the installs that we create via InstallAware are put on our customer's machine. Their corporate security doesn't like having files that don't have modern security, and so on (in addition to the risk that we take on for our installer running on their system). I can control my files that are dropped, but what about the files that InstallAware creates or drops (even as temp files) to handle some process or another during an install? This includes everything from the Setup.exe that the IDE generates to the DLL's that are put in the temp folder during an install that come from InstallAware.
Additionally, the licensing file that another user mentioned in this thread doesn't have good security on it. I would think that would be beneficial to InstallAware to fix to reduce their risk.
In short, every single file that InstallAware gives to a customer should have the maximum security features available to it.
-Bond
It's not a matter of redistribution or personal concern. It's a matter of corporate security not allowing any program to exist on a corporate issued machine unless it has the appropriate modern security features (ASLR, DEP, signed, etc.). Since we need to install InstallAware, those files exist on our machine, and corporate security doesn't like it.
Then, as a wholly separate matter, the installs that we create via InstallAware are put on our customer's machine. Their corporate security doesn't like having files that don't have modern security, and so on (in addition to the risk that we take on for our installer running on their system). I can control my files that are dropped, but what about the files that InstallAware creates or drops (even as temp files) to handle some process or another during an install? This includes everything from the Setup.exe that the IDE generates to the DLL's that are put in the temp folder during an install that come from InstallAware.
Additionally, the licensing file that another user mentioned in this thread doesn't have good security on it. I would think that would be beneficial to InstallAware to fix to reduce their risk.
In short, every single file that InstallAware gives to a customer should have the maximum security features available to it.
-Bond