Just a timely 'wake-up' call to all of us I suppose... but Richard Asberg (aka WebMaximus), has just suffered the PC Owner's Ultimate Nightmare in that, after running a simple uninstaller to remove an outdated Scenery Add-On, he latterly discovered that it had removed an awful lot more than he would ever have imagined that it had access to.

 

To add insult to injury - this 'silent assassin' completed it's task and left it's lethal payload in the meticulous backups that Richard performs on a regular basis - thus rendering any attempt at a 'Roll Back' useless.

 

End result?  Richard is now in the process of rebuilding his entire (and very sophisticated), system from scratch. A task that I would not envy or wish on my worst enemy.

 

We have all been there, many, many times. Program Manager, select Program, click Uninstall - and we sit back as the required uninstaller is executed and Windows informs us that the task is complete...... Except, in the case of this particular uninstaller, it goes 'rogue' and appears to have the ability to demolish a lot of critical Windows files as well.

 

So - as per the title of this post .... 

 

We have all downloaded software that turns out to be a bit 'iffy' and we have the warm glow of satisfaction in knowing that there is an instant remedy in the 'Uninstall' option but - if the 'iffy' creators utilise an equally 'iffy' Uninstall routine....?

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

 

Any comments Gentlemen .....?

 

.

Forgive the PC incorrectness Poppet   ....   and Ladies.

We have all downloaded software that turns out to be a bit 'iffy' and we have the warm glow of satisfaction in knowing that there is an instant remedy in the 'Uninstall' option but - if the 'iffy' creators utilise an equally 'iffy' Uninstall routine....?

 

 

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

What an installer/uninstaller does is the sole responsibility of the software developer. (All software, Not only FSX software)

If a developer decides to write his own installer/uninstallers then faulty coding or a simple misspelled word or misplaced character ",", "*", "%"  etc. can create havoc,

 

Microsoft Software has nothing to do on this matter.

 

Most anyone who has ever developed applications can easily code an "installer/uninstaller" that ruins a registry beyond repair in seconds. (This was not the case, apparently it affected only some other installed programs keys)

 

As a side note to this [CENSORED software] debacle - I am surprised that MicroSoft haven't been all over this case by now as it obviously demonstrates that their Software has a gaping hole somewhere in it's Core Security that could allow said uninstaller to go about it's disruptive deeds.

 

Any comments Gentlemen .....?

 

well, one can only speculate because it's unclear what happened exactly. it is pretty unusual that you'd have to rebuild 'an entire system' because of an uninstaller. this doesn't really have anything to do with security so much as just that most fsx add-ons make edits to the various fsx config files such as scenery.cfg etc. and when you use the system uninstaller it is possibly not elegantly removing those entries. especially if other addons have made subsequent edits to it, it is maybe deleting the file or replacing it with what was there before it was run.

 

some addons are also modifying core files such as textures and this could cause trouble too if their uninstaller doesn't replace them with backups (or if the backup wasn't made in the first place...) and again, if further changes had been made by other installers, there's not really any way for them to deal with that, they will be blowing away changes made in the interim.

 

really i think it has more to do with the fact that the FSX architecture isn't really designed around a slick, fully modular addon addition and removal process. i think p3d has made changes that are beginning strides in this direction! but it will probably be a while before most addon folks are following their new rules and it won't help fsx people anyway. hopefully dovetail keeps this stuff in mind as well, i think they will since they are probably leaning towards having addons be steam-dlc where having things be clean and modular is pretty much normal practice.

 

cheers

-andy crosby

http://www.avsim.com/topic/490441-warning-uninstalling-aerosoft-split-x-141-might-put-you-in-a-very-bad-situation/

<snip>

 

-andy crosby

Hello Andy

 

Your assumption wold be correct if it was only FSX/P3D stuff, but in this case the problem is significant because the uninstaller messed up the windows registry.

(Removing other vendors installer/uninstaller keys)

Silence is Golden ......

Hello Andy

 

Your assumption wold be correct if it was only FSX/P3D stuff, but in this case the problem is significant because the uninstaller messed up the windows registry.

(Removing other vendors installer/uninstaller keys)

 

haha yeah i just saw the new link posted from JL. that is pretty ridiculous!

 

it's still unfortunately not exactly a microsoft security issue since he probably gave it admin permission to run (which, is not his fault either, that is perfectly normal). sounds like aerosoft really dropped the ball on that one.

 

cheers

-andy crosby

Man, I read that post when he posted it and was like...lowww whistle.  That was bad.  I felt for him.  I've never heard of an uninstaller, apart from a malicious one, ever doing that.  Installers are just as dangerous though, if not more so.

Nothing to do with Microsoft! Yes, I know bashing Microsoft is an on-going game, but not this time.

 

It has been said so many time, Do NOT use auti-installers!\I use the autoinstaller to install into a temp directory. For me, pretty essential, as I can see what is in the readme's, folders etc. Them I copy the folders across to my sim, then I use the uninstaller to delete what was installed in my temp directory. Or I just delete everything, then use CCleaner to clean out my registry. Or, it it is an important install for me, I keep the temp directory so I know what to delete from my sim.

Doing it this way, you can always check if anything is going to be overwritten by the stuff from the temp directory. You have no control if you use the auto installers straight into your sim. 

Any comments Gentlemen .....?

Sure, I'll comment - some uninstallers (and installers, for that matter) are sloppy. In 30 years of PCs, however, I've never seen one as sloppy as you describe (and I do/did software and software support for a living...). MS couldn't care less about your uninstaller - it's a legitimate program and the OS isn't a mind reader. Me, I suspect there is more to the story than you relate.

 

DJ

Actually it's very simple:

Publishers, don't just test the product. Test the installer and uninstaller also.

 

On another note:

Most flightsim installers create backups of the scenery.cfg, the dll.xml, and other files before changing them. How about an automatic backup of the registry by flightsim installers?

I heard that registry cleaners and some anti-malware softwares do exactly that.

 

As a another precautionary means for us users: Create a system restore point manually before starting any program that could affect the registry.

 

And Richard did nothing wrong. But now I'd rather like to be prepared in case some developer or publisher drops the ball again.

 

 

I've never heard of an uninstaller, apart from a malicious one, ever doing that.

 

The first release of FSWC's (water configurator) uninstaller wiped the whole drive, not just the app, so these terrible mistakes can and do happen :(

Actually it's very simple:

Publishers, don't just test the product. Test the installer and uninstaller also.

Far too many publishers/developers rely on automatic uninstaller creation from their installer builder program.

 

I do not. Every "uninstaller" I write is custom and will remove only those files and folders that my installer creates, and even then will not remove any common files that are shared among our other products. Every installer is tested by repeatedly installing into a "dummy folder" and then the uninstaller is run to ensure a clean and through operation.

I honestly never thought it possible for an uninstaller to do that much damage, with the exception of a virus, of course.  I know of the developer you speak of and after reading the original thread this story was born from, it is a bit disheartening that a corrected installer was made after the fact.  Fortunately, I don't own that particular add-on, but I know I'd be five kinds of p'oed if it happened to me and to be honest, I probably would have never figured out what the offending program was.

 

We were told, long ago that uninstaller scripts were the way to go for uninstalling software, then MS countered that with using their Add/Remove Programs feature, so there was constant debate over which was better for safe removal.  In this case, it was mass destruction. :(

Richard/WebMaximus, I am very sorry to hear what happened.  Personally I think Aerosoft should compensate you in some way -- either with money or with free addons.  I will be keeping an eye on this and the other thread to see if they do anything.  Their response will certainly affect my future purchases from Aerosoft.

 

 

 

It has been said so many time, Do NOT use auti-installers!\I use the autoinstaller to install into a temp directory. For me, pretty essential, as I can see what is in the readme's, folders etc. Them I copy the folders across to my sim, then I use the uninstaller to delete what was installed in my temp directory. Or I just delete everything, then use CCleaner to clean out my registry. Or, it it is an important install for me, I keep the temp directory so I know what to delete from my sim.

Doing it this way, you can always check if anything is going to be overwritten by the stuff from the temp directory. You have no control if you use the auto installers straight into your sim.

 

Will this work with any installer?  I am under the impression that many if not most commercial addons need to be pointed to the correct FS folder, and that some find FS automatically by looking in the Registry.

 

Mike