Jump to content

Sign in to follow this  
JLSeagull

Uninstallers. How safe are they.... and who checks them?

Recommended Posts

Just a timely 'wake-up' call to all of us I suppose... but Richard Asberg (aka WebMaximus), has just suffered the PC Owner's Ultimate Nightmare in that, after running a simple uninstaller to remove an outdated Scenery Add-On, he latterly discovered that it had removed an awful lot more than he would ever have imagined that it had access to.

 

To add insult to injury - this 'silent assassin' completed it's task and left it's lethal payload in the meticulous backups that Richard performs on a regular basis - thus rendering any attempt at a 'Roll Back' useless.

 

End result?  Richard is now in the process of rebuilding his entire (and very sophisticated), system from scratch. A task that I would not envy or wish on my worst enemy.

 

We have all been there, many, many times. Program Manager, select Program, click Uninstall - and we sit back as the required uninstaller is executed and Windows informs us that the task is complete...... Except, in the case of this particular uninstaller, it goes 'rogue' and appears to have the ability to demolish a lot of critical Windows files as well.

 

So - as per the title of this post .... 

 

We have all downloaded software that turns out to be a bit 'iffy' and we have the warm glow of satisfaction in knowing that there is an instant remedy in the 'Uninstall' option but - if the 'iffy' creators utilise an equally 'iffy' Uninstall routine....?

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

 

Any comments Gentlemen .....?

 

.


Forgive the PC incorrectness Poppet   ....   and Ladies.

Share this post


Link to post

We have all downloaded software that turns out to be a bit 'iffy' and we have the warm glow of satisfaction in knowing that there is an instant remedy in the 'Uninstall' option but - if the 'iffy' creators utilise an equally 'iffy' Uninstall routine....?

 

 

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

What an installer/uninstaller does is the sole responsibility of the software developer. (All software, Not only FSX software)

If a developer decides to write his own installer/uninstallers then faulty coding or a simple misspelled word or misplaced character ",", "*", "%"  etc. can create havoc,

 

Microsoft Software has nothing to do on this matter.

 

Most anyone who has ever developed applications can easily code an "installer/uninstaller" that ruins a registry beyond repair in seconds. (This was not the case, apparently it affected only some other installed programs keys)

  • Upvote 1

Share this post


Link to post

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

 

Any comments Gentlemen .....?

 

well, one can only speculate because it's unclear what happened exactly. it is pretty unusual that you'd have to rebuild 'an entire system' because of an uninstaller. this doesn't really have anything to do with security so much as just that most fsx add-ons make edits to the various fsx config files such as scenery.cfg etc. and when you use the system uninstaller it is possibly not elegantly removing those entries. especially if other addons have made subsequent edits to it, it is maybe deleting the file or replacing it with what was there before it was run.

 

some addons are also modifying core files such as textures and this could cause trouble too if their uninstaller doesn't replace them with backups (or if the backup wasn't made in the first place...) and again, if further changes had been made by other installers, there's not really any way for them to deal with that, they will be blowing away changes made in the interim.

 

really i think it has more to do with the fact that the FSX architecture isn't really designed around a slick, fully modular addon addition and removal process. i think p3d has made changes that are beginning strides in this direction! but it will probably be a while before most addon folks are following their new rules and it won't help fsx people anyway. hopefully dovetail keeps this stuff in mind as well, i think they will since they are probably leaning towards having addons be steam-dlc where having things be clean and modular is pretty much normal practice.

 

cheers

-andy crosby

Share this post


Link to post

<snip>

 

-andy crosby

Hello Andy

 

Your assumption wold be correct if it was only FSX/P3D stuff, but in this case the problem is significant because the uninstaller messed up the windows registry.

(Removing other vendors installer/uninstaller keys)

Share this post


Link to post

Hello Andy

 

Your assumption wold be correct if it was only FSX/P3D stuff, but in this case the problem is significant because the uninstaller messed up the windows registry.

(Removing other vendors installer/uninstaller keys)

 

haha yeah i just saw the new link posted from JL. that is pretty ridiculous!

 

it's still unfortunately not exactly a microsoft security issue since he probably gave it admin permission to run (which, is not his fault either, that is perfectly normal). sounds like aerosoft really dropped the ball on that one.

 

cheers

-andy crosby

Share this post


Link to post

Man, I read that post when he posted it and was like...lowww whistle.  That was bad.  I felt for him.  I've never heard of an uninstaller, apart from a malicious one, ever doing that.  Installers are just as dangerous though, if not more so.

Share this post


Link to post

Nothing to do with Microsoft! Yes, I know bashing Microsoft is an on-going game, but not this time.

 

It has been said so many time, Do NOT use auti-installers!\I use the autoinstaller to install into a temp directory. For me, pretty essential, as I can see what is in the readme's, folders etc. Them I copy the folders across to my sim, then I use the uninstaller to delete what was installed in my temp directory. Or I just delete everything, then use CCleaner to clean out my registry. Or, it it is an important install for me, I keep the temp directory so I know what to delete from my sim.

Doing it this way, you can always check if anything is going to be overwritten by the stuff from the temp directory. You have no control if you use the auto installers straight into your sim. 

  • Upvote 1

Share this post


Link to post

Any comments Gentlemen .....?

Sure, I'll comment - some uninstallers (and installers, for that matter) are sloppy. In 30 years of PCs, however, I've never seen one as sloppy as you describe (and I do/did software and software support for a living...). MS couldn't care less about your uninstaller - it's a legitimate program and the OS isn't a mind reader. Me, I suspect there is more to the story than you relate.

 

DJ

  • Upvote 1

Share this post


Link to post

Actually it's very simple:

Publishers, don't just test the product. Test the installer and uninstaller also.

 

On another note:

Most flightsim installers create backups of the scenery.cfg, the dll.xml, and other files before changing them. How about an automatic backup of the registry by flightsim installers?

I heard that registry cleaners and some anti-malware softwares do exactly that.

 

As a another precautionary means for us users: Create a system restore point manually before starting any program that could affect the registry.

 

And Richard did nothing wrong. But now I'd rather like to be prepared in case some developer or publisher drops the ball again.

Share this post


Link to post

 

 


I've never heard of an uninstaller, apart from a malicious one, ever doing that.

 

The first release of FSWC's (water configurator) uninstaller wiped the whole drive, not just the app, so these terrible mistakes can and do happen :(

Share this post


Link to post

Actually it's very simple:

Publishers, don't just test the product. Test the installer and uninstaller also.

Far too many publishers/developers rely on automatic uninstaller creation from their installer builder program.

 

I do not. Every "uninstaller" I write is custom and will remove only those files and folders that my installer creates, and even then will not remove any common files that are shared among our other products. Every installer is tested by repeatedly installing into a "dummy folder" and then the uninstaller is run to ensure a clean and through operation.

Share this post


Link to post

I honestly never thought it possible for an uninstaller to do that much damage, with the exception of a virus, of course.  I know of the developer you speak of and after reading the original thread this story was born from, it is a bit disheartening that a corrected installer was made after the fact.  Fortunately, I don't own that particular add-on, but I know I'd be five kinds of p'oed if it happened to me and to be honest, I probably would have never figured out what the offending program was.

 

We were told, long ago that uninstaller scripts were the way to go for uninstalling software, then MS countered that with using their Add/Remove Programs feature, so there was constant debate over which was better for safe removal.  In this case, it was mass destruction. :(

Share this post


Link to post

Richard/WebMaximus, I am very sorry to hear what happened.  Personally I think Aerosoft should compensate you in some way -- either with money or with free addons.  I will be keeping an eye on this and the other thread to see if they do anything.  Their response will certainly affect my future purchases from Aerosoft.

 

 

 


It has been said so many time, Do NOT use auti-installers!\I use the autoinstaller to install into a temp directory. For me, pretty essential, as I can see what is in the readme's, folders etc. Them I copy the folders across to my sim, then I use the uninstaller to delete what was installed in my temp directory. Or I just delete everything, then use CCleaner to clean out my registry. Or, it it is an important install for me, I keep the temp directory so I know what to delete from my sim.

Doing it this way, you can always check if anything is going to be overwritten by the stuff from the temp directory. You have no control if you use the auto installers straight into your sim.

 

Will this work with any installer?  I am under the impression that many if not most commercial addons need to be pointed to the correct FS folder, and that some find FS automatically by looking in the Registry.

 

Mike

Share this post


Link to post

Personally I think Aerosoft should compensate you in some way -- either with money or with free addons. I will be keeping an eye on this and the other thread to see if they do anything. Their response will certainly affect my future purchases from Aerosoft.

 

<snip>

 

Will this work with any installer? I am under the impression that many if not most commercial addons need to be pointed to the correct FS folder, and that some find FS automatically by looking in the Registry.

 

Mike

Hello

 

Aerosoft is a very serious company and  Mathis has already offered or taken measures to compensate WebMaximus and other potentially affected user(s). (Search their forums)

---------------

Reading the registry is "harmless". Writing or deleting keys from the registry is the risky part.

Share this post


Link to post

 

 


Aerosoft is a very serious company and Mathis has already offered or taken measures to compensate WebMaximus and other potentially affected user(s). (Search their forums)

---------------

Reading the registry is "harmless". Writing or deleting keys from the registry is the risky part.

 

I am happy to hear that Aerosoft has taken this action.  Thanks for the heads up.  This is the first time it has been reported on either of the two threads I've been following on this issue. Mathijs might want to post in one of these threads here on Avsim, as many flightsimmers will see this issue here.

 

My point about the registry is not that it is dangerous for an installer to look for a program's location in the registry.  I have two points: 1) some installers look in the registry and don't give the user the option to point the installer to a different location as Wobbie/Robin was suggesting and 2) I think some addons won't work if directed to a "dummy" installation folder.

 

Mike

Share this post


Link to post

I suspect this particular case is a 'perfect storm' combining a few different issues which have been suggested by some posters in this thread.

Yes, some developers build installers using tools which they don't entirely understand;

These tools make some assumptions which might not apply in 100% of installs;

Sometimes the user causes these assumptions to be wrong -- for example, some users shift scenery folders after installation, without giving any thought to how this would affect the uninstaller. This isn't their fault, it's a reasonable thing to do in some circumstances, so developers need to deal with this;

Installers get more complex as users expect them to do more, a simple example is multi-installers;

 

I can see one way that this particular issue could happen. The installer-builder I use has a 'wizard' which builds a script for me, and this can include an uninstaller, and the ability to uninstall from 'add/remove programs' by adding it to the Registry.

The registry location is hard-coded into the script -- that is, it knows the exact name of the registry key. This registry key is normally the name of my scenery addon. Let's say we call it 'My Wonderful Scenery'. The wizard inserts a line which says:

DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}My Wonderful Scenery"

This is a very powerful command, it deletes the uninstall registry key for the scenery at the end of the uninstall, to tidy everything up.

Now let's say that I use this script for years, without issue. Then life gets complicated, one day I decide to build an installer -- and uninstaller -- which can install to any of the four main sims at the moment -- FSX, FSXse, Prepar3d v2, and v3. To differentiate these in the Registry, I add a suffix to the registry key name -- so 'My Wonderful Scenery' becomes 'My Wonderful Scenery FSX' etc. As I use just a single installer/uninstaller, the key name is no longer hard-coded, I have to have a way to work out which one of the four possibilities it is. So I have a script which 'builds' the key name from variables.

Using variables, it is entirely possible that something will go wrong enough that the name just isn't defined at all, so my neat little code:

DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}$AVariableRepresentingMyWonderfulSceneryPlusASuffix"

...becomes

DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}"

...if the variable is blank, and this translates to 'delete the registry key for all entries in the uninstall part of the registry'.

 

This is entirely down to the developer, he needs to foresee everything which can go wrong, and most importantly he needs to make sure that his variables are never blank, when they should contain something.

 

I've also seen developers write uninstallers which delete using wildcards -- delete *.* -- which is dangerous, or worse still, use recursive wildcards -- delete ..\*.* which goes up one level. Let's say the the user shifts his scenery folder to the root of a nice new drive. A recursive delete could easily delete their entire drive contents.

 

My installers will do their best to install my scenery, but my uninstallers tend to give up at the slightest sniff of trouble:)

Share this post


Link to post

Friends,

 

For the price of two scenery addons, one can add a new hard drive to their computer and create a system image, which can be updated manually or automatically at any interval one chooses.  Should something go badly and wreck one's installation, it's a one hour recovery right back to how the system was.

 

With all installs, uninstalls and updates I have to do for testing, the peace of mind I have knowing that image exists is priceless.

 

Best wishes to all.

Share this post


Link to post

Dave - That's exactly what Webmaximus did. Problem is, he made several more backups which ultimately included the offending program. He had nothing to go back to it and if you think about it the only way he could have protected himself was to make and KEEP a backup of his system each time he added new programs. That is not likely.

 

It's one of those unique situations that can make backups useless.

 

Vic

Share this post


Link to post

Vic,

 

Well, I suppose it's all in how one does things. 

 

There is a freeware program called Macrium Reflect which allows one to create an initial back up and subsequent backups only update files which have changed. Each time the backup runs (up to the user), only the updated files are compressed to a different file, which means that one has the initial backup and many different indexed indexed updated files to choose from when choosing to reinstall from (similar to how a restore point works, only ALL the changes files in the differential.

Certainly one can not go back to the past, but this information may help others in the future, which is why I offered it.

 

Best wishes.

Share this post


Link to post

We are in agreement Dave. The differential backup is the method I prefer but many, including WebMaximus seem to prefer the total image backup.  This highlights one of the drawbacks of that method.

 

Your point is well made, it's not only the backup but the type that is important.

 

Vic

Share this post


Link to post

It has been said so many time, Do NOT use auti-installers!\I use the autoinstaller to install into a temp directory. For me, pretty essential, as I can see what is in the readme's, folders etc. Them I copy the folders across to my sim, then I use the uninstaller to delete what was installed in my temp directory. Or I just delete everything, then use CCleaner to clean out my registry. Or, it it is an important install for me, I keep the temp directory so I know what to delete from my sim. Doing it this way, you can always check if anything is going to be overwritten by the stuff from the temp directory. You have no control if you use the auto installers straight into your sim. 

 

I like this idea for my own installs, but the challenge I have as a publisher is that a very significant majority of my free and commercial users don't have the technical savvy (or choose not to) to do such a thing. Letting them pick an arbitrary folder as an installation location runs the risk of significantly more problems down the road and gives me no guarantee that the product was installed correctly. Just another support headache, I'm afraid.

 

Uninstallers are hard, because they are the riskiest piece of any product. They are running in full admin mode and are deleting files, registry entries and directories. It's the most likely place for anything to go wrong, and I've made a few mistakes over the years (I had a user install one of my products directly into the FSX root and the uninstall wiped everything out. Yes, there's a check for that case now. :( ) as well.

 

However, that's provided infinitely fewer support requests than any user-controllable process, I'm afraid. Generally speaking my biggest issue is anti-virus that "protects" you by blocking legitimate software without doing much for the real threats.

 

Cheers!

 

Luke

Share this post


Link to post

All of which points to why I like open source portable apps where the only "installer" needed is 7zip.  Meanwhile I have had good success using IOBit as an uninstaller, but that thing is powerful and you need to watch it like a hawk because you could easily nuke your system.

 

scott s.

.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  
×
×
  • Create New...