Secure Tunnelling software from a usb drive?

Archived from groups: comp.dcom.lans.ethernet (More info?)

Hi,

I've spent a while looking for this - does anyone know of a program
that can provide ssh and socks5 tunnelling capabilities (for use with a
secure proxy) with port forwarding so that multiple programs can be
directed to it and it will forward these requests on to a set of
specified proxies (depending on whether ssh or socks5)?

Oh, and this software must run without install. :(

Any help would be fantastic.

Cheers,
ChampagneDP
25 answers Last reply
More about secure tunnelling software drive
  1. Archived from groups: comp.dcom.lans.ethernet (More info?)

    champagnedatepack@gmail.com wrote:
    > Hi,
    >
    > I've spent a while looking for this - does anyone know of a program
    > that can provide ssh and socks5 tunnelling capabilities (for use with a
    > secure proxy) with port forwarding so that multiple programs can be
    > directed to it and it will forward these requests on to a set of
    > specified proxies (depending on whether ssh or socks5)?
    >
    > Oh, and this software must run without install. :(
    >
    > Any help would be fantastic.
    >
    > Cheers,
    > ChampagneDP
    >

    So in effect you want a way to do ssh and socks5 tunnelling from a
    machine that is locked down and won't allow ytou to run the windows
    installer.

    If you can't run install on the machine THERE IS A REASON FOR IT and I
    for one ain't gonna help you circumvent it.
  2. Archived from groups: comp.dcom.lans.ethernet (More info?)

    I understand your point - if a machine has installation restricted,
    it's for a reason... but i'm not trying to install anything by force -
    if that were the case I'd just be looking for cracks to attain
    administrator privilege.

    Instead, I'm looking for a program that, as you say, facilitates SSL
    and SOCKS v5 tunneling (including port hiding) that runs without
    registry read/writes and so needs no installations. Very different
    kettle of fish.

    Why? Well as you may know, Primedius offer a USB program that runs a
    version of linux with firefox etc... installed, so that people on the
    move can utilise public boxes without being monitored, for whatever
    reason (the desire for privacy isn't always a bad thing). I was just
    looking for the equivalent that doesnt require you to boot off a
    removable drive, and which also doesnt tie you to primedius.

    I hope I've cleared that up - any ideas would be great. Thanks.
  3. Archived from groups: comp.dcom.lans.ethernet (More info?)

    champagnedatepack@gmail.com wrote:
    > I understand your point - if a machine has installation restricted,
    > it's for a reason... but i'm not trying to install anything by force -
    > if that were the case I'd just be looking for cracks to attain
    > administrator privilege.
    >
    > Instead, I'm looking for a program that, as you say, facilitates SSL
    > and SOCKS v5 tunneling (including port hiding) that runs without
    > registry read/writes and so needs no installations. Very different
    > kettle of fish.
    >

    Um, no, thats exactly what I thought you meant.

    > Why? Well as you may know, Primedius offer a USB program that runs a
    > version of linux with firefox etc... installed, so that people on the
    > move can utilise public boxes without being monitored, for whatever
    > reason (the desire for privacy isn't always a bad thing).

    The desire to circumvent authorized monitoring IS always a bad thing. If
    someone wants to use anonymous proxies they should do it from their own
    machine. This sort of thing should not happen without permission from
    the owner of the machine. Period.

    > I was just
    > looking for the equivalent that doesnt require you to boot off a
    > removable drive, and which also doesnt tie you to primedius.
    >
    > I hope I've cleared that up - any ideas would be great. Thanks.

    I don't think such an animal exists. Closest I have seen would be the
    later versions of HipCrimes news agent, which would run without install
    and supported socks5 (as well as TLS), but only does NNTP. And it's been
    mostly purged from the net - you can't get a copy of it easily nowadays.
  4. Archived from groups: comp.dcom.lans.ethernet (More info?)

    T. Sean Weintz <strap@hanh-ct.org> wrote:
    > The desire to circumvent authorized monitoring IS always
    > a bad thing.

    Perhaps. But what constitutes "authorized"? Email
    snooping? And a desire to circumvent UNauthorized
    monitoring IS always a good thing.

    > If someone wants to use anonymous proxies they should
    > do it from their own machine.

    Everything not expressly allowed is presumed forbidden?
    Perhaps in Germany but not in America. If an owner
    doesn't want others to use anonymous proxies, can't
    they just route them to 127.0.0.1?

    > This sort of thing should not happen without permission
    > from the owner of the machine. Period.

    Why? What legitimate owner's interest is being protected?
    What requires machine-level monitoring rather than
    firewall/gateway monitoring?

    On one level, a cybercafe owner or employer has certain rights.
    But the user also has certain privacy rights [inalienable
    in the EU] that the machine owner simply may not be able
    to provide. Maybe then the machine should not be used.
    But maybe a smart owner would allow non-damaging use?

    -- Robert in Houston
  5. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:
    > T. Sean Weintz <strap@hanh-ct.org> wrote:
    >
    >>The desire to circumvent authorized monitoring IS always
    >>a bad thing.
    >
    >
    > Perhaps. But what constitutes "authorized"? Email
    > snooping? And a desire to circumvent UNauthorized
    > monitoring IS always a good thing.


    Yes, of course. But this guy explicitly stated he wants something he can
    run on public machines (I assume library or cybercafe, maybe school?)
    computers without having to do an install. Either the machine is locked
    and odesn't allow installs, or he simply does not want to leave evidence
    that he was running the program on the PC - either of which would seem
    to indicate he is doing something he should not be doing.

    BTW, email snooping is not neccessarily a bad thing. And of course on an
    employers machine one has no right to expect that it won't be snooped.
    And in fact for public companies, Sarbanes-Oxley REQUIRES them to keep
    an unaltered arcvhive of every email you send or recieve at your job.

    >
    >
    >>If someone wants to use anonymous proxies they should
    >>do it from their own machine.
    >
    >
    > Everything not expressly allowed is presumed forbidden?
    > Perhaps in Germany but not in America. If an owner
    > doesn't want others to use anonymous proxies, can't
    > they just route them to 127.0.0.1?
    >

    With private property, I'd say yes. Even in the USA. If I loan someone
    my car to drive to the store, and they drive accross country instead,
    you can sure as hell bet they will be arrested for car theft. Even if I
    didn't specifically tell them not to drive cross country in it.

    But it seems that in this case, software installation it WAS expressly
    forbidden - he wants something that will run without an install. Why?
    Either installs are disabled, meaning the owner does not want software
    other than what is on the machine run, or this guy wants to hide the
    fact he ran the software on the box, which implies he knows the owner
    doesn't want him doing it.

    >
    >>This sort of thing should not happen without permission
    >>from the owner of the machine. Period.
    >
    >
    > Why? What legitimate owner's interest is being protected?
    > What requires machine-level monitoring rather than
    > firewall/gateway monitoring?

    The legitimate owner interest being protected is the simple right to
    decide what their machine is used for!

    >
    > On one level, a cybercafe owner or employer has certain rights.
    > But the user also has certain privacy rights [inalienable
    > in the EU] that the machine owner simply may not be able
    > to provide. Maybe then the machine should not be used.
    > But maybe a smart owner would allow non-damaging use?
    >
    > -- Robert in Houston
    >
  6. Archived from groups: comp.dcom.lans.ethernet (More info?)

    On Mon, 06 Jun 2005 16:37:09 -0700, champagnedatepack wrote:

    > Hi,
    >
    > I've spent a while looking for this - does anyone know of a program that
    > can provide ssh and socks5 tunnelling capabilities (for use with a secure

    ssh: yes
    socks5: no

    Go to google for "putty ssh", and find a nice litte ssh/telnet client. No
    problem running it from any maschine

    > proxy) with port forwarding so that multiple programs can be directed to
    > it and it will forward these requests on to a set of specified proxies
    > (depending on whether ssh or socks5)?
    >
    > Oh, and this software must run without install. :(

    No problem - no install. Only the fingeprint of the targeting server is
    saver on the local machine.
  7. Archived from groups: comp.dcom.lans.ethernet (More info?)

    T. Sean Weintz <strap@hanh-ct.org> wrote:
    > Either the machine is locked and odesn't allow installs,
    > or he simply does not want to leave evidence that he was
    > running the program on the PC - either of which would seem
    > to indicate he is doing something he should not be doing.

    Ah, but the usual reason for locking machines is to
    reduce maintenance on fragile MS-Windows systems. And to
    facilitate recovery by data-free reimaging.

    To answer part of the OP's question, s/he could put Simon
    Tatham's `putty.exe` on a USB stick. I really cannot see
    what harm running it (a terminal emulator) would cause.

    > BTW, email snooping is not neccessarily a bad thing. And of
    > course on an employers machine one has no right to expect
    > that it won't be snooped.

    I do not believe this is true in the EU, where email
    privacy is supposed to be guaranteed.

    > And in fact for public companies, Sarbanes-Oxley REQUIRES
    > them to keep an unaltered arcvhive of every email you send
    > or recieve at your job.

    IANAL SOx requires no such thing. It requires that any
    public-trading relevant emails be retained for specified
    periods. Some lazy companies implement it by archiving
    everything. Dangerous for later discovery. My divisiion has
    been told that we are not material for SOx purposes, but need
    to retain anything that might be ourselves. Some companies
    may also run afoul of EU privacy law if they retain/archive
    emails of EU residents that are not from US employees.

    > Even in the USA. If I loan someone my car to drive to the
    > store, and they drive accross country instead, you can sure
    > as hell bet they will be arrested for car theft. Even if

    Not in the USA. Theft is the taking without authorization.
    Keep overlong or unauthorized use are very different offenses,
    if they exist at all. Some states have recently had to
    add laws to cover car renters who kept the cars past due.

    -- Robert
  8. Archived from groups: comp.dcom.lans.ethernet (More info?)

    T. Sean Weintz wrote:

    (snip)

    > Yes, of course. But this guy explicitly stated he wants something he can
    > run on public machines (I assume library or cybercafe, maybe school?)
    > computers without having to do an install. Either the machine is locked
    > and odesn't allow installs, or he simply does not want to leave evidence
    > that he was running the program on the PC - either of which would seem
    > to indicate he is doing something he should not be doing.

    Most unix software can be installed by a user in the users own
    directory without root access. Most windows software, even if it
    doesn't do anything that needs privilege, needs Administrator
    access to install. There is no reason it needs to be that way
    as far as security goes, but that is the way it is.

    -- glen
  9. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    >
    > Not in the USA. Theft is the taking without authorization.
    > Keep overlong or unauthorized use are very different offenses,
    > if they exist at all. Some states have recently had to
    > add laws to cover car renters who kept the cars past due.
    >
    > -- Robert
    >

    Interesting. However I do know someone who was arrested for car theft
    once when doing exactly what I described - borrowing it to go to the
    store and deciding to drive to virginia instead.
  10. Archived from groups: comp.dcom.lans.ethernet (More info?)

    In article <11arbo9rasj5t69@news.supernews.com>,
    "T. Sean Weintz" <strap@hanh-ct.org> wrote:

    > Robert Redelmeier wrote:
    >
    > >
    > > Not in the USA. Theft is the taking without authorization.

    Most American criminal law is *state* law, not federal. What constitutes
    theft is generally determined from a state-by-state statutory
    definition.

    For example, the common-law definition of theft is the unlawful taking
    of personal property *with the intent to permanently deprive* its
    rightful owner. However, in California, there is no such "specific
    intent" requirement, and one can be guilty of theft if they "feloniously
    steal, take, carry, lead, or drive away the personal property of another
    .... ."
    Cal. Penal Code § 484 (West 2005).

    (I am not a lawyer; I *am* a law student in my last year of study.)

    > > Keep overlong or unauthorized use are very different offenses,
    > > if they exist at all. Some states have recently had to
    > > add laws to cover car renters who kept the cars past due.
    > >

    California, being a land of cars and car rentals, enacted such a law in
    1959 (more than 45 years ago), and it has not been amended since!
    "Whenever any person who has leased or rented a vehicle wilfully and
    intentionally fails to return the vehicle to its owner within five days
    after the lease or rental agreement has expired, that person shall be
    presumed to have embezzled the vehicle."
    Cal. Veh. Code § 10855 (West 2005).

    The presumption affects the burden of evidence. That is, if you keep
    your rental car more than five days after you were supposed to return
    it, the law presumes that you have embezzled (stolen) it, and the burden
    shifts to you to show that you had a legally valid reason to keep
    possession beyond the rental contract terms.

    >
    > Interesting. However I do know someone who was arrested for car theft
    > once when doing exactly what I described - borrowing it to go to the
    > store and deciding to drive to virginia instead.

    The law may be different in that state, or the offense might have
    involved a federal statute, having crossed state lines with the car.


    --
    Rich Seifert Networks and Communications Consulting
    21885 Bear Creek Way
    (408) 395-5700 Los Gatos, CA 95033
    (408) 228-0803 FAX

    Send replies to: usenet at richseifert dot com
  11. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    > To answer part of the OP's question, s/he could put Simon
    > Tatham's `putty.exe` on a USB stick. I really cannot see
    > what harm running it (a terminal emulator) would cause.

    No harm. But that does not seem to be what the original poster was
    looking for. he/she seemed to want something more along the lines of
    what sockschain does, but without the need to do an install. The OP
    specifically said they were looking for something that other
    applications will plug into. I took that to mean something "sockscap" like.
  12. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    > T. Sean Weintz <strap@hanh-ct.org> wrote:
    >> Either the machine is locked and odesn't allow installs,
    >> or he simply does not want to leave evidence that he was
    >> running the program on the PC - either of which would seem
    >> to indicate he is doing something he should not be doing.
    >
    > Ah, but the usual reason for locking machines is to
    > reduce maintenance on fragile MS-Windows systems.

    Well, actually the usual reason is to keep users from writing into the
    system area. This effectively prevents software installation because
    software developers insist on writing to the system areas even when they
    have no legitimate need to do so. If you are installing an application on
    a default-configured XP or Server 2K3 system from a nonprivileged account,
    and it won't install, think very hard about whether you want to let that
    developer make changes to the system files before you log in as
    administrator to install.

    Unix systems are locked down in the same manner for the same reason, however
    Unix has had that security model from the start and so the developers have
    learned the hard way that there are things that their user applications
    will not be allowed to do, and so application installation is not a
    problem.

    > And to
    > facilitate recovery by data-free reimaging.
    >
    > To answer part of the OP's question, s/he could put Simon
    > Tatham's `putty.exe` on a USB stick. I really cannot see
    > what harm running it (a terminal emulator) would cause.
    >
    >> BTW, email snooping is not neccessarily a bad thing. And of
    >> course on an employers machine one has no right to expect
    >> that it won't be snooped.
    >
    > I do not believe this is true in the EU, where email
    > privacy is supposed to be guaranteed.

    I'm curious as to the specific legislation--I haven't been able to find
    anything that says that employers in the EU cannot monitor their employees
    mail--I have found some references to specific legislation in specific
    member countries but nothing that would apply to the EU as a whole.

    I'm not disputing you, I would just like to read the legislation.

    >> And in fact for public companies, Sarbanes-Oxley REQUIRES
    >> them to keep an unaltered arcvhive of every email you send
    >> or recieve at your job.
    >
    > IANAL SOx requires no such thing. It requires that any
    > public-trading relevant emails be retained for specified
    > periods. Some lazy companies implement it by archiving
    > everything. Dangerous for later discovery. My divisiion has
    > been told that we are not material for SOx purposes, but need
    > to retain anything that might be ourselves. Some companies
    > may also run afoul of EU privacy law if they retain/archive
    > emails of EU residents that are not from US employees.
    >
    >> Even in the USA. If I loan someone my car to drive to the
    >> store, and they drive accross country instead, you can sure
    >> as hell bet they will be arrested for car theft. Even if
    >
    > Not in the USA. Theft is the taking without authorization.
    > Keep overlong or unauthorized use are very different offenses,
    > if they exist at all. Some states have recently had to
    > add laws to cover car renters who kept the cars past due.
    >
    > -- Robert

    --
    --John
    to email, dial "usenet" and validate
    (was jclarke at eye bee em dot net)
  13. Archived from groups: comp.dcom.lans.ethernet (More info?)

    T. Sean Weintz <strap@hanh-ct.org> wrote:
    > No harm. But that does not seem to be what the original
    > poster was looking for. he/she seemed to want something
    > more along the lines of what sockschain does, but without
    > the need to do an install. The OP specifically said they
    > were looking for something that other applications will
    > plug into. I took that to mean something "sockscap" like.

    Well, humph! I'm not entirely sure what this `sockschain`
    does but why would it need an install if the system can read
    removable media and run executables from there. A "locked-down"
    system might easily be configured this way. Or not, at the
    administrators discretion.

    Without a "no outside executables" clause in the TOS, I'd
    assume a system configured to execute from removable media
    also allowed such execution. And a no-exec TOS clause is
    unenforceable: What about Javascript that many sites use?
    I'm pretty sure a `putty.exe` limited clone could be written
    in JS and dropped on some website. Maybe even `sockschain`

    There really is nothing special about "Installs" beyond loading
    executables and mapping libs & other files. With CoW VM systems,
    the media cannot be removed until the process is done.

    Of course proxying opens up a whole can of worms. I would
    hope no MS-WindowsNT+ system would allow non-Administrator
    processes to listen on priviliged ports (<1000). And anyone
    hitting non-priviliged ports cannot count on security.

    sockschain seems to use 1080 or maybe 8080. There might be some
    nefarious ways a black-hat cybercafe user might [further] corrupt
    MS-IE to get all users HTTP traffic relayed through their machine.
    Nasty, but the crime is not in what their [rented] machine is doing,
    but in their sending instructions that accessed others machines.

    Not that law enforcement is likely to understand the distinction.
    They'd probably say "Spying is RONG unless we're doing it".

    -- Robert
  14. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:
    > T. Sean Weintz <strap@hanh-ct.org> wrote:
    >
    >>No harm. But that does not seem to be what the original
    >>poster was looking for. he/she seemed to want something
    >>more along the lines of what sockschain does, but without
    >>the need to do an install. The OP specifically said they
    >>were looking for something that other applications will
    >>plug into. I took that to mean something "sockscap" like.
    >
    >
    > Well, humph! I'm not entirely sure what this `sockschain`
    > does but why would it need an install if the system can read
    > removable media and run executables from there.

    You *nix folks seem to forget a little thing we have in the windoze
    world called the registry. Oftentimes installs set up default values in
    the registry that thge program needs to have in place to run. Also DLL
    registration can be important. Need that for many programs to run.
    That's also usually handled by the install.

    > A "locked-down"
    > system might easily be configured this way. Or not, at the
    > administrators discretion.

    Or, you can of course disbale the windows installer via group polocy, or
    restrict executables (in effect create a list of files the user can
    execute - all else is verboten and will gernerate an error dialog)

    >
    > Without a "no outside executables" clause in the TOS, I'd
    > assume a system configured to execute from removable media
    > also allowed such execution. And a no-exec TOS clause is
    > unenforceable: What about Javascript that many sites use?
    > I'm pretty sure a `putty.exe` limited clone could be written
    > in JS and dropped on some website. Maybe even `sockschain`

    Sure. And similar things have been done. That is EXACTLY why hipcrime
    wrote newsagent in Java.

    That's also why I have seen java filtered at the firewall in many
    places, and no JRE installed on the desktops.


    >
    > There really is nothing special about "Installs" beyond loading
    > executables and mapping libs & other files.

    Depends on the OS. Most have some sort of an "execute" flag for file
    priveleges. WIth some (windoze, fer instance) there is a bit more
    needed than just the ability to read the executable and any libraries in
    some cases.

    > With CoW VM systems,
    > the media cannot be removed until the process is done.
    >
    > Of course proxying opens up a whole can of worms. I would
    > hope no MS-WindowsNT+ system would allow non-Administrator
    > processes to listen on priviliged ports (<1000). And anyone
    > hitting non-priviliged ports cannot count on security.
    >
    > sockschain seems to use 1080 or maybe 8080.

    For the outgoing connection. Also plain old port 80 is quite common for
    http tunneling in addition to the more commmon port 8080 and 3172.

    However, it'll use whatever port the proxy is set up on - could be ANY
    port. Depends on what the bonehead who set up the open proxy in the
    first place did.

    > There might be some
    > nefarious ways a black-hat cybercafe user might [further] corrupt
    > MS-IE to get all users HTTP traffic relayed through their machine.
    > Nasty, but the crime is not in what their [rented] machine is doing,
    > but in their sending instructions that accessed others machines.
    >
    > Not that law enforcement is likely to understand the distinction.
    > They'd probably say "Spying is RONG unless we're doing it".
    >
    > -- Robert
    >
  15. Archived from groups: comp.dcom.lans.ethernet (More info?)

    J. Clarke <jclarke.usenet@snet.net.invalid> wrote:
    > Well, actually the usual reason is to keep users from
    > writing into the system area.

    Yes, that is a good reason to lock-down. It reduces maintenance.

    > This effectively prevents software installation because
    > software developers insist on writing to the system areas
    > even when they have no legitimate need to do so.

    Yes, and I do not understand why. I consider it the mark of
    good commercial MS-Windows software that it be fully installable
    by a user account unless system control is needed. When I have
    the misfortune of setting up an MS-WinXP box, I always set up
    multiple users without Administrator priviliges.

    > If you are installing an application on a default-configured
    > XP or Server 2K3 system from a nonprivileged account, and
    > it won't install, think very hard about whether you want to
    > let that developer make changes to the system files before
    > you log in as administrator to install.

    A good point. I presume it is usually because the install
    wants to write to \WINDOWS\ somewhere, not necessarily trash
    files. Yet the MS-DOS/Windows install model has always been
    under /opt/progname and not the Unix scattering of files to
    /usr/bin, /usr/lib, and ~/.progname There is no reason to
    write to C:\WINDOWS.

    > Unix systems are locked down in the same manner for the same
    > reason, however Unix has had that security model from the start
    > and so the developers have learned the hard way that there are
    > things that their user applications will not be allowed to do,
    > and so application installation is not a problem.

    Well, for full installs, usually you need to do `make install`
    as root. But Unix software makes do not assume that you can
    or want to be root. MS Windows still has the philosophy of
    the user being "Administrator" when this is provably dangerous.

    > I'm not disputing you, I would just like to read the
    > legislation.

    Among other Google hits, see:
    http://www.wrf.com/publication_newsletters.cfm?sp=newsletter&year=2002&ID=10&publication_id=10254&keyword=

    -- Robert
  16. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    >
    > Well, for full installs, usually you need to do `make install`
    > as root. But Unix software makes do not assume that you can
    > or want to be root. MS Windows still has the philosophy of
    > the user being "Administrator" when this is provably dangerous.

    Not true. these days the default on windows XP machines in a domain is
    to have users have no write access to the c:\windows dir, as well as the
    machine hive of the registry.

    Unfortunately most lower end and niche market software vendors can't
    seem to understand this concept. They act amazed when their install
    crash on a default setup.
  17. Archived from groups: comp.dcom.lans.ethernet (More info?)

    T. Sean Weintz <strap@hanh-ct.org> wrote:
    >> MS Windows still has the philosophy of the user being
    >> "Administrator" when this is provably dangerous.
    >
    > Not true.

    Sure it is.

    > these days the default on windows XP machines in a domain
    > is to have users have no write access to the c:\windows dir,
    > as well as the machine hive of the registry.

    Ah, but that only applies when machines are setup as multi-user.
    Most consumer machines are set up with one user "Owner"
    who also has Administrator access. As usual, MS has chosen
    technically inferior but economically superior [for them] defaults.
    They reduce tech support calls from "can't do this" at a cost in
    "my system has a virus" which they don't handle.

    > Unfortunately most lower end and niche market software
    > vendors can't seem to understand this concept. They act
    > amazed when their install crash on a default setup.

    Yes. But the increase in unwriteable c:\windows might
    cause them to fix their bugfests.

    -- Robert
  18. Archived from groups: comp.dcom.lans.ethernet (More info?)

    In article <11as5as8dhoroce@news.supernews.com>,
    T. Sean Weintz <strap@hanh-ct.org> wrote:
    :You *nix folks seem to forget a little thing we have in the windoze
    :world called the registry.

    Oh, we don't forget it, you can be sure ;-)

    :Oftentimes installs set up default values in
    :the registry that thge program needs to have in place to run.

    Hmmm, what's this .ini file doing in my folder?


    :Also DLL
    :registration can be important. Need that for many programs to run.

    The 'D' in 'DLL' standa for 'Dynamic'. Without knowing the details
    of Windows, it seems to me rather likely that the search path
    to find DLL's is one of the things under the control of the
    program.

    Or at least in Unix, "dynamic" linking implies dynamic paths.
    If the pathes aren't dynamic, then one speaks of "shared" libraries
    rather than of "dynamic" libraries.
    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
  19. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    > J. Clarke <jclarke.usenet@snet.net.invalid> wrote:
    >> Well, actually the usual reason is to keep users from
    >> writing into the system area.
    >
    > Yes, that is a good reason to lock-down. It reduces maintenance.
    >
    >> This effectively prevents software installation because
    >> software developers insist on writing to the system areas
    >> even when they have no legitimate need to do so.
    >
    > Yes, and I do not understand why. I consider it the mark of
    > good commercial MS-Windows software that it be fully installable
    > by a user account unless system control is needed. When I have
    > the misfortune of setting up an MS-WinXP box, I always set up
    > multiple users without Administrator priviliges.
    >
    >> If you are installing an application on a default-configured
    >> XP or Server 2K3 system from a nonprivileged account, and
    >> it won't install, think very hard about whether you want to
    >> let that developer make changes to the system files before
    >> you log in as administrator to install.
    >
    > A good point. I presume it is usually because the install
    > wants to write to \WINDOWS\ somewhere, not necessarily trash
    > files. Yet the MS-DOS/Windows install model has always been
    > under /opt/progname and not the Unix scattering of files to
    > /usr/bin, /usr/lib, and ~/.progname There is no reason to
    > write to C:\WINDOWS.
    >
    >> Unix systems are locked down in the same manner for the same
    >> reason, however Unix has had that security model from the start
    >> and so the developers have learned the hard way that there are
    >> things that their user applications will not be allowed to do,
    >> and so application installation is not a problem.
    >
    > Well, for full installs, usually you need to do `make install`
    > as root. But Unix software makes do not assume that you can
    > or want to be root. MS Windows still has the philosophy of
    > the user being "Administrator" when this is provably dangerous.
    >
    >> I'm not disputing you, I would just like to read the
    >> legislation.
    >
    > Among other Google hits, see:
    >
    http://www.wrf.com/publication_newsletters.cfm?sp=newsletter&year=2002&ID=10&publication_id=10254&keyword=

    I've found numerous similar--they all discuss the transfer of data from
    personnel files, not the monitoring of email. That one mentions it in
    passing but doesn't say anything about what is or is not allowed.
    >
    > -- Robert

    --
    --John
    to email, dial "usenet" and validate
    (was jclarke at eye bee em dot net)
  20. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    > T. Sean Weintz <strap@hanh-ct.org> wrote:
    >>> MS Windows still has the philosophy of the user being
    >>> "Administrator" when this is provably dangerous.
    >>
    >> Not true.
    >
    > Sure it is.
    >
    >> these days the default on windows XP machines in a domain
    >> is to have users have no write access to the c:\windows dir,
    >> as well as the machine hive of the registry.
    >
    > Ah, but that only applies when machines are setup as multi-user.
    > Most consumer machines are set up with one user "Owner"
    > who also has Administrator access. As usual, MS has chosen
    > technically inferior but economically superior [for them] defaults.
    > They reduce tech support calls from "can't do this" at a cost in
    > "my system has a virus" which they don't handle.

    Actually, Microsoft has been tightening the defaults over time. XP doesn't
    force one to create a user account but it "encourages" it. They seem to be
    trying to herd the developers rather than bludgeon them, but it's easier to
    herd cats.

    >> Unfortunately most lower end and niche market software
    >> vendors can't seem to understand this concept. They act
    >> amazed when their install crash on a default setup.
    >
    > Yes. But the increase in unwriteable c:\windows might
    > cause them to fix their bugfests.
    >
    > -- Robert

    --
    --John
    to email, dial "usenet" and validate
    (was jclarke at eye bee em dot net)
  21. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    (snip regarding the ability, or lack thereof, to run programs
    under windows without installing them.)

    > Without a "no outside executables" clause in the TOS, I'd
    > assume a system configured to execute from removable media
    > also allowed such execution. And a no-exec TOS clause is
    > unenforceable: What about Javascript that many sites use?
    > I'm pretty sure a `putty.exe` limited clone could be written
    > in JS and dropped on some website. Maybe even `sockschain`

    > There really is nothing special about "Installs" beyond loading
    > executables and mapping libs & other files. With CoW VM systems,
    > the media cannot be removed until the process is done.

    > Of course proxying opens up a whole can of worms. I would
    > hope no MS-WindowsNT+ system would allow non-Administrator
    > processes to listen on priviliged ports (<1000). And anyone
    > hitting non-priviliged ports cannot count on security.

    While some versions of windows may provide that restriction,
    I don't believe that DOS did, and likely not MacTCP either.
    I am not sure now about Win3.1 or Win95.

    (The DOS networking programs I used to know provided their
    own TCP stack, writing directly to the hardware.)

    If you allow machines on the net that can run DOS you have
    almost no protection against unprivileged users on low
    numbered ports.

    -- glen
  22. Archived from groups: comp.dcom.lans.ethernet (More info?)

    J. Clarke <jclarke.usenet@snet.net.invalid> wrote:
    >> http://www.wrf.com/publication_newsletters.cfm?sp=newsletter&year=2002&ID=10&publication_id=10254&keyword=
    >
    > I've found numerous similar--they all discuss the transfer of data from
    > personnel files, not the monitoring of email. That one mentions it in
    > passing but doesn't say anything about what is or is not allowed.

    Actually the para under "EU subs handling HR data"
    s very general and includes more than just email.
    Unfortunately, it does not include references.

    A more general problem is the the European Data Protection
    Directive is just that, a directive that is not law until
    it is implemented in the various countries. Each will do it
    slightly differently. And most are civil code, not common law,
    so precedents don't have the same force. Also, employment
    is not "at will" but a protected contract.

    Unfortunately, nothing is clear in this evolving area.

    An employer is probably safe if they monitor for legal compliance
    (vicarious liability) or as a result of statutory obligation (SOx).

    But they'd better enforce uniformly, even in the US. A clever
    US lawyer can allege wrongful dismissal (age or religious
    discrimination): [deposition] "You fired Mr Jones for downloading
    123 MB of pr0n" "Yes" "How did you know?" "We checked logs"
    [discovers logs] "These show Ms Smith dowloaded 4 GB.
    What happened to her?"

    -- Robert
  23. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Robert Redelmeier wrote:

    > J. Clarke <jclarke.usenet@snet.net.invalid> wrote:
    >>>
    http://www.wrf.com/publication_newsletters.cfm?sp=newsletter&year=2002&ID=10&publication_id=10254&keyword=
    >>
    >> I've found numerous similar--they all discuss the transfer of data from
    >> personnel files, not the monitoring of email. That one mentions it in
    >> passing but doesn't say anything about what is or is not allowed.
    >
    > Actually the para under "EU subs handling HR data"
    > s very general and includes more than just email.
    > Unfortunately, it does not include references.

    But "HR data" is not email generated by the employee, it is personnel files
    containing information _about_ the employee generated by the Human
    Resources department.

    > A more general problem is the the European Data Protection
    > Directive is just that, a directive that is not law until
    > it is implemented in the various countries. Each will do it
    > slightly differently. And most are civil code, not common law,
    > so precedents don't have the same force. Also, employment
    > is not "at will" but a protected contract.
    >
    > Unfortunately, nothing is clear in this evolving area.
    >
    > An employer is probably safe if they monitor for legal compliance
    > (vicarious liability) or as a result of statutory obligation (SOx).
    >
    > But they'd better enforce uniformly, even in the US. A clever
    > US lawyer can allege wrongful dismissal (age or religious
    > discrimination): [deposition] "You fired Mr Jones for downloading
    > 123 MB of pr0n" "Yes" "How did you know?" "We checked logs"
    > [discovers logs] "These show Ms Smith dowloaded 4 GB.
    > What happened to her?"
    >
    > -- Robert

    --
    --John
    to email, dial "usenet" and validate
    (was jclarke at eye bee em dot net)
  24. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Rich Seifert <usenet@richseifert.com.invalid> wrote:
    > Most American criminal law is *state* law, not federal.
    > What constitutes theft is generally determined
    > from a state-by-state statutory definition.

    Quite true. A simplification on my part. In some
    states, theft-by-fraud is fraud/embezzlement, not theft.

    > For example, the common-law definition of theft is the
    > unlawful taking of personal property *with the intent
    > to permanently deprive* its rightful owner

    In our "drive to Virginia" example, it might be difficult
    to show that "intent to permanently deprive", especially
    if he came back.

    > (I am not a lawyer; I *am* a law student in my last year
    > of study.)

    Congrats!

    -- Robert
  25. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Rich Seifert wrote:
    [snip]
    > (I am not a lawyer; I am a law student in my last year of study.)

    Damn...and I used to respect you too! ;)

    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
Ask a new question

Read More

Software Ethernet Card USB Drive Networking