Re: Storing data

The problem is that your initial problem is superfluos. Why don't you want
the customer to know what changes are applied to his system? Hint: Seeing
the customer as the attacker is a flawed concept.

Just a question. How can you know why my customer wants to do this? For
this problem eg. customers allready tryed to "fix" some
licensing-limitations on some existing software. Licenses are sold by
date from/to eg, not by product.

It is just a practical limitation of computers: A customer who uses the
program can always trace everything your program does and reverse it,
because he has total control over his own computer. That is why seeing
the customer as the attacker is a flawed concept (among other things)

There are programs on the market that trace the entire installation
procedure of your program, with every modification to every file. They
allow you to remove every last trace of your program. They are simply
available for download and work very simple, even picking up the
creation of alternate streams as mentioned before. Such a program makes
anything you try useless. In the simplest case someone can format his
hard drive to remove any trace.

So what you should do is make a security model. Without a callback
possibility, a customer is technically able to circumvent anything you
throw at them. But of course, when you just store an installation
timestamp in the registry this will already be sufficient for most
users that do not have any technical know-how. You must find a middle
course between these things.



Relevant Pages

  • Re: Annoyance Calls [telecom]
    ... Actually hiring customer service people to deal with problems would ... "Call Trace automatically initiates a trace of the last call you ... The results are sent to the Verizon Unlawful Call Center and are ... You have just discovered the big difference between Verizon and the VOIP ...
  • Re: [PATCH 0/11] LTTng-core (basic tracing infrastructure) 0.5.108
    ... trace bugs. ... helping a customer trace something and actually attempting to create ... they could get a *normal* kernel on there and someone somewhere ...
  • Re: The ultimate PC hardware question
    ... trace which member off staff served which customer. ... glowing red pad. ...
  • RE: More along the lines of malware disinfection
    ... not feeling much of a hit because the attacker is simply using their PC ... More and more, malware authors are moving to targeted attacks, where they ... Should your customer be that person? ... infection occurred, and what was tampered with after the infection. ...
  • [REVS] Security Considerations for Web-based Applications
    ... Get your security news from a reliable source. ... consequences of this ranges from the erosion of customer confidence in the ... of poorly implemented host naming procedures or web-application URL ... The attacker may choose to inject ...