[LINK] RFI: Intrusive Internet Mechanisms

rene rene.ln at libertus.net
Thu Dec 2 16:00:07 AEDT 2010 

On Wed, 1 Dec 2010 22:19:56 +1000, I wrote:
> On Wed, 1 Dec 2010 21:43:09 +1100, Kim Holburn wrote:
>> I don't know if this will work but try this:
>> delete the \sys\ directory and replace it with a file, say a new
>> empty text file named "sys".  Make it owned by administrator or
>> "system" if you can.
>
> Thanks but I'm almost certain that won't work. Having become curious
> and looking around, it seems almost certain that Windows (XP and
> various other more recent versions) uses the "Read Only" attribute in
> dir/file properties box to determine whether or not the folder is
> customized for the purposes of merely *displaying* the listing in
> Windows Explorer (file directory program).
[...]
> It appears that it's theoretically possible to change this default
> behaviour (according to Microsoft web site and various tech sites)
> but doing so requires editing the Windows registry (NB: a dangerous
> proposition for most typical Windows users).

I've now figured out how to deny write access to a Windows file directory 
without editing the Windows registry, so that Flash Player can't 
write/create site domain name sub-directories and files in the 
...\macromedia.com\support\flashplayer\sys\ directory (which as I mentioned 
earlier today is not prevented by setting global preferences to storage=0 
via the Adobe site interface).

Following is very a brief outline on how to do that. Obviously, stop 
reading here if not interested in Windows 'security' options/configuration.

Note: I do not suggest, let alone recommend, that anyone try to do the 
following unless they already have a pretty good tech knowledge about 
Windows in general, file attributes, setting controls on user 
accounts/administrator accounts and so on (and record what they changed so 
they can reverse it if later on turns out to be causing any problem).

The basic difficulty with setting directories to deny write access (or 
read-only) in various versions of Windows is that default installs do not 
necessarily enable access to "Administrator" account, nor do they show a 
"Security Tab" when one right clicks on a file directory name and selects 
the "Properties" pop up dialog box. 

If one is using Windows XP *Home* (and probably Vista, which may or may not 
have 'Home' and 'Pro' versions), then a means of getting access to the 
Administrator account, and/or the "Security Tab" on a file directory 
Property dialog box is to boot the computer in Windows "Safe Mode". 
'Miraculously' that enables Administrator log-on, and the "Security Tab" in 
file directory properties box becomes visible. (Apparently in Windows XP 
*Pro* the "Security Tab" is visible by default -according to claims on 
various web sites about this issue). Booting into Safe Mode is an 
'interesting' exercise itself, because 'how-to' instructions on various web 
sites about that do not necessarily work. If one suggested method does not 
work, then search further until a method that does work is found.

Once one has found a way to see/open the "Security Tab", then in that 
there's options to set a directory to deny write access. Having logged onto 
Windows as Administrator, then denying write access to the 
...\flashplayer\sys\ directory by the user account name that my computer 
typically uses when logging onto Windows, the result is that I (when logged 
on with normal Windows user name) am not able write to the /sys/ directory, 
and therefore sites running Flash are not able to that either. Flash videos 
on e.g. ABC iView still run fine (without creating site domain file 
directories under /sys/). 

It remains to be seen whether I'll ever discover some problem resulting 
from having denied write access to the /sys/ directory.

Also, btw, because the Adobe site global settings.sol file is in the /sys/ 
directory, setting that directory to deny write access also has the effect 
of prevening a computer user from creating or changing their preferences on 
the Adobe site and having same written to the global settings.sol file. (I 
established a global settings.sol file before denying write access, and so 
if I ever decide I want or need to change those settings, I'd need to 
change the directory attributes first).

Obviously all of that is un-user-friendly, should not be 'necessary', etc. 
and probably for a lot of people not worth the effort. I just got 
sufficiently curious and annoyed about not having control of what other 
people/businesses can write to my computer, to spend some time figuring out 
how I could implement imo better control.

Irene

More information about the Link mailing list