Security Permissions in XP Pro

I am setting up a new PC with the intention of making it as secure as possible so I intend to run as a Limited User I was unhappy therefore to see that after installing the latest Home version that the security permissions set after install enabled Everyone Full Control over most of the the AVAST folder and files

Can I modify these permissions in any way to make them safe and is this the same in the Paid version If not I am afraid I cannot continue with this software

I have to say I find it strange that a security software company would design their stuff this way

Many thanks

Mike

This is controlled by avast self-defense module (on Troubleshooting tab of settings).
Which is your avast version? 4.8.1201 is the latest.

As Tech said, avast controls filesystem access to its files/registry keys on its own.
That is, even if e.g. Explorer says there’s Everyone/FullControl access to the folder, it is not the case (you can try to write a file in that folder and see what happens).

Cheers
Vlk

I am using 4.8.1201

Yes it does appear that the situation is not as bad as it first appears and that Avast is protecting most of the folders However there are 2 folders where as a Limited user I can still both write and execute files These are

C:\Program Files\Alwil Software\Avast4\Data\Moved
C:\Program Files\Alwil Software\Avast4\Data\Report

Thanks for your help

Mike

That’s true and good… common users (non-admins) could move infected files and generate reports :wink:

But if you allow Everyone to write/execute permission it could be a target for hackers. How would it compromise Avast if I were to remove the execute permission for instance or at least change Everyone to Authenticated User

Thanks

Mike

Hackers? Like any other folder in your computer… Which hacker will be interested in avast logs and reports?
Malware? They’re not affecting avast working and protection…
Won’t we becoming paranoid here :wink:

I am following the principles described here:

http://www.mechbgon.com/srp/

Essentially you do not allow both write and execute permission for the same folder (whilst running as a LUA) If all software writers did this we would have a much safer environment

So I am really interested in why you would allow Execute permission for the folder where the user moves virus’s to ? I would think you would enable the minimum permissions that are necessary

Thanks

MIke