Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Security concerns regarding Start Menu 8 2.1.0.0


Flute

Recommended Posts

Hi I recently installed the latest version of Start Menu 8, 2.1.0.0. There are several updater features and there doesn't seem to be a way to disable any of them. There are two LiveUpdate.exe files, AUpdate.exe, a downloader exe, and one more exe I can't remember right now. I disabled all those exes by replacing them with "do nothing" exes and so far the program has been functioning ok. Why don't you offer a way to disable updating? Once my computer is in a good state (which is very hard to do) I want to keep it that way, so I hate auto-updates on most software.

 

Anyway that aside part of the reason I felt uncomfortable with the updates is it looks like you are just checking via http for a new version of the software. Do you have any protection from a man-in-the-middle (MITM) attack?

 

Second issue, also security related:

 

In the program settings there is now an option to bypass UAC. I do not want that option or for anyone to be able to turn it on. For all I know some virus could just edit the preferences to your software, turn on the UAC bypass and all of the sudden UAC is defeated. I assume you have figured out a way to bypass UAC by having the program that's installed in services do something to start without it. That's a really bad idea, if someone can hack that it's going to be a problem.

 

Thanks as always for releasing your software for free and listening to my feedback. Besides the potential security issues it's a great program.

 

Link to comment
Share on other sites

Hi Flute,

 

Thanks for speaking out your concern.

For your first concern about "updater features", the update files only detect the updates when there is a new version available, and it will not download or install any software without users' permission.

For your second concern about "MITM attack", we have already taken measures to maximum prevent such attacks, and we plan to encrypt all communication deeply in next versions.

For your third concern about "UAC defeat", only the programs started from our program have the option to skip UAC. It will not disable the UAC of Windows system.

So please be assured to use Start Menu 8.

 

Have a great time.

 

Link to comment
Share on other sites

So please be assured to use Start Menu 8.

 

Thank you for your reply. Say some malicious program can access the start menu, then they could bypass the UAC isn't that right? I just see that as a big problem even with your UAC setting disabled. Couldn't some malicious program could just modify the setting so that it's true then access the start menu and start a program bypassing UAC?

Link to comment
Share on other sites

For your second concern about "MITM attack", we have already taken measures to maximum prevent such attacks, and we plan to encrypt all communication deeply in next versions.

 

Thanks for confirming that. Will be waiting for it then. 1.gif

Link to comment
Share on other sites

Say some malicious program can access the start menu, then they could bypass the UAC isn't that right? I just see that as a big problem even with your UAC setting disabled. Couldn't some malicious program could just modify the setting so that it's true then access the start menu and start a program bypassing UAC?

 

Well I still would like an answer to this question. I can't check this thread every day though and unfortunately there is something wrong with your notification system, see my thread linked to below. Anyway, if you have an answer to my question feel free to e-mail me using the e-mail associated with my account. Thanks

Notifications not coming daily - IObit.Com Forums

Link to comment
Share on other sites

  • 4 months later...

Is it possible to answer my question:

 

Say some malicious program can access the start menu, then they could bypass the UAC isn't that right? I just see that as a big problem even with your UAC setting disabled. Couldn't some malicious program could just modify the setting so that it's true then access the start menu and start a program bypassing UAC?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...