Re: Domain users members of local administrator

In article <KMJRf.2479$Mj.116@xxxxxxxxxxxxxxxxxxxx>, Seeker
<newsgroups@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Intuit is a big offender here. Make sure you tell them and others like
them that their software design puts you at undue risk, and that your
dollars will go to the vendors who write good software. They need to
hear this from the customers.

Intuit has heard this complaint from their customers for years. They refuse
to, or are unable to, fix it. They started with excuses trying to justify why
an accounting package needed the privileges to be able to administer your
computer, and then waned into the standard "it's not a problem for most of our
users" response.

There are some sites that contain instructions on which registry keys and
directories to unlock to make QuickBooks and other programs run under
non-admin users (http://www.threatcode.com is a good starting point), but for
the most part, this is a problem best solved by the software developers.
Unfortunately, for many small businesses, they can't cut out their accounting
package, and the one supported by most accountants seems to be QuickBooks.

We can only pray that someone at Intuit will some day get security religion.
Or, and I hesitate to say this out loud, that some massive theft of customer
financial data through malware infection causes government inspection of the
computer-based accounting industry. I'd rather that not happen, for any
number of obvious (and more subtle) reasons.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
.

Relevant Pages

  • Re: Why not patch all windows and not just legal copies
    ... Maybe I am aware of the patch, but choose not to apply it because it breaks ... customers, doing so would cause the customers to be in breach of compliance ... [Please don't email posters, if a Usenet response is appropriate.] ... Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: Bespoke COM version
    ... The accounting system does not expose any COM objects ... most customers want the same things. ... Create Stock Items ... I have subclassed some forms within the accounting package to update these ...
    (microsoft.public.fox.programmer.exchange)
  • Re: Turning system accounting data into money
    ... I believe the per-user accounting will fit ... You did not mention jails, ... I don't know if the per-user IP traffic rules work properly. ... customers re-"explore" those things and the payment models ...
    (freebsd-questions)
  • Re: Its the Software Assurance ... isnt it? ( was A possible non-fowardlooking statement that co
    ... issues a little Mystifing. ... delays in D2007 Win32 fulfillment to SA customers one of the reasons ... My impression was that because of the new accounting rules that went ...
    (borland.public.delphi.non-technical)
  • ANN: Ledger Accounting Update
    ... Accounting for Firebird/Interbase. ... System will now accept depositsfor customers. ... Our DBISAM customers can upgrade for the price difference. ... Ledger Accounting Software ...
    (borland.public.delphi.thirdpartytools.general)