如何创建像我的应用程序安装谷歌铬? [英] How to create google chrome like install for my app?
问题描述
可能存在重复:
谷歌Chrome浏览器的下载和安装程序
I想知道chrome在windows上使用什么来下载和安装自己,以及如何为我的应用程序创建这样的安装过程?解析方案
自我更新策略的价格很高。它将.exe存储在任何进程可写入的文件夹中,C:\ Users \hpassant\AppData\Local\Google\Chrome\Application\chrome.exe在我的机器上。
这绕过了需要提升以写入c:\程序文件(安装可执行文件的正常目录)的UAC提示。所以更新可以完全沉默。这应该让Chrome成为病毒编写者的吸引人的目标,它可以让代码在您的机器上执行,但是否则通常无法将重要文件混淆为自我复制。他们只需要修补或替换chrome.exe,并且可以静静地这样做。桌面快捷方式直接指向此文件,因此当用户再次启动Chrome时,它将运行受影响的可执行文件。
没有真正的想法,为什么这不是广泛传播攻击媒介,除了它是一个相当大的程序,并且持续不断,可能还有一些对策。也许是因为UAC可以屏蔽机器免受受感染的.exe副本的影响,您只能执行诸如窃取密码和将用户重定向到pr0n站点等操作。
I不要特别关心这个漏洞,所以我避免使用Chrome,你可能想要考虑你的客户对你的程序有同样的担忧。尤其是当它没有Chrome可能具备的那种对策时。用户和IT人员通常像UAC一样,只有程序员才会这样。
Possible Duplicate:
Google Chrome-like downloader and installer
I wonder what chrome uses on windows to doownload and install itself, and how to create such install process for my application?
Chrome's silent self-update strategy comes at a high price. It stores the .exe in a folder that any process can write to, C:\Users\hpassant\AppData\Local\Google\Chrome\Application\chrome.exe on my machine.
This bypasses the need for a UAC prompt that asks for elevation to write to c:\program files, the normal directory where executables are installed. So an update can be entirely silent. Which ought to make Chrome an attractive target for virus writers that can get code to execute on your machine but are otherwise normally powerless to mess with critical files to replicate themselves. They just need to patch or replace chrome.exe and can do so silently. The desktop shortcut points straight to this file so when the user starts Chrome again, it will run the affected executable.
No real idea why this isn't a wide-spread attack vector, other than that it is rather a large program and is in constant flux and probably has some countermeasures. And perhaps because UAC otherwise can shield the machine from an infected copy of the .exe, you could only do things like steal passwords and redirect the user to pr0n sites.
I don't particularly care for this loophole so I avoid Chrome, you might want to consider that your customer has the same concern about your program. Especially when it doesn't have the kind of countermeasures that Chrome might have. Users and IT staff typically like UAC, only programmers don't.
这篇关于如何创建像我的应用程序安装谷歌铬?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
