Ever wonder why Windows File Protection doesn't use ACLs to protect files?

Ever wonder why Windows File Protection doesn't use ACLs to protect files?.

Over the years I have cringed at the thought that rogue elements could overwrite system binaries, bypassing Windows File Protection with use of tools like SysInternal's handle.exe. I always wondered WHY they didn't have tighter ACLs on the files, and today Raymond explains why.

Apparently they tried that. And it didn't work well. Software installers had a nasty problem in which they didn't like being told they can't overwrite a file, and would fail miserably. Microsoft's solution? Let the copy happen, and then overwrite the installer's changes with the original trusted file later.

Raymond says that in Vista this is going to change abit.

“Now that Windows File Protection has been around for some time, software installers have learned that it's not okay to overwrite system files (and trying to do it won't work anyway), so starting in Windows Vista, the Windows File Protection folks have started taking stronger steps to protect system files, and this includes using ACLs to make the files harder to replace. Presumably, they will have compatibility plans in place to accomodate programs whose setup really wants to overwrite a file.”

That's great news! I like to see the tighter ACL integration, now that 3rd party vendors have learned to live with constraints of not overwriting system binaries they have no right to be touching in the first place. 
[Dana Epp's ramblings at the Sanctuary]

Leave a comment