Instant chat software QQ finally supports multiple User Configuration isolation

Instant chat software QQ Finally support multi-user configuration isolation, making it possible to run QQ programs with ordinary user privileges. This provides convenience to security-conscious users and IT managers. I'm not sure if using the word "multiuser configuration isolation" is accurate, what I call "multiuser configuration Isolation" refers to the personalized information that users will need to run a program on their own, such as account passwords, and so on, stored in the user's own home directory.

Simply put, in a Windows NT system, the user's home directory refers to the C:\Documents and Settings\user directory. and the C:\Program files directory is just a program file. The advantage of this is that with NTFS permissions, the program directory is set to read-only and administrator-only permissions can be written, and ordinary users cannot modify the program directory. In this way, users who log on to normal user rights, even if poisoned, the operating system can ensure that the virus can not modify or infect the program directory files, because the normal user-triggered virus also has only normal user rights, can not modify the program directory.

To a WindowsNT operating system installed QQ, for example, QQ program directory for C:\Program FILES\QQ, and the system User A's account and friends list stored in C:\Documents and settings\a, User B similar information stored in C : \documents and Settings\b. QQ Program Directory C:\Program FILES\QQ does not save any specific user's personalized information.

QQ Software and its predecessor OICQ, from the Windows 95 era has been the user's personalized information stored in the program directory, this practice is irreproachable, because Win95, Win98 and no NTFS file system, can not achieve a fundamental sense of multiuser configuration isolation. Windows 2000 uses the NTFS file system, but Tencent fails to comply with Microsoft's program development specifications and still writes user personalization information in the program directory, so directories like 235423 or 412359 appear in the C:\Program files\qq directory. Tencent's assumption is that the user login operating system account is the Administrator group, with the highest system privileges, can always modify the program directory C:\Program files\qq.

Until the launch of Vista system, Tencent QQ This practice has been changed. Because Vista introduces UAC, it strengthens the security of the account. User account defaults to ordinary permissions, users of the system to affect the operation of the time, will pop-up dialog window to require users to confirm that the process is a temporary right, the user's account temporarily elevated to the administrator's permissions to complete a certain operation, the user rights will revert to the normal level of authority. This is why Vista is more secure than XP, and Vista explicitly constrains user permissions through UAC, unlike XP, where the default user is the Administrators group after the system installation is complete. Know why a lot of people with XP often poisoning crashes? Because they always use Admin account Administrator login XP, once the virus, the virus also has administrator rights, can infect, modify, delete system files, the system does not crash to blame. Panda incense is popular because most computer users are operated by the administrator, click on the virus files, virus files naturally have administrator rights, and administrator rights can be modified to delete C:\Program files directory, so C:\Program Each binary EXE file under files starts to burn incense.

Next, Vista and QQ. The enhancement of Vista's constraint on account permissions requires that the application Publisher must consider modifying the program to comply with the requirements of Vista multiuser configuration isolation, otherwise the program will not work properly. Just imagine, QQ installation, user permissions for the general permissions, the launch of the QQ program requires the user's account password to save, this time QQ program can not C:\Program FILES\QQ write operation, so the program zombie. The only way to solve this problem is to write user personalization information to the C:\Documents and Settings\user directory.

QQ2009 finally implemented multiuser configuration isolation, for security-aware users and IT managers, this is good news, for example, I can use administrator privileges to the home computer to install the necessary software, and then let the family use the normal rights of users, so that, in addition to the operating system due to vulnerabilities in the attack, Viruses do not affect system cores and programs.

Unfortunately, this change is in the Vista system UAC mandatory requirements and the promotion of vista system, if not the extension of Vista, do not know when Tencent will realize that the software does not conform to the specification of the number of users caused by trouble, I do not know when Tencent will have the power to modify the messy C:\Program files directory.