TrustedInstaller?

[johnherman]

Tell me I have some sort of security phobia, but I am suspicious of any application that needs to call itself "Trusted". Add further suspicion that it comes from Microsoft, who got in bed with NSA during the Ballmer years - probably to protect the presence of MS Office in the Federal inventory. Anyone else distrust the TrustedInstaller? Not that we can survive without it. I do, however, remove it using Services and Task Manager when I am not actually updating Windows. Your thoughts?

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[goombawaho]

You have gone over the edge into paranoid land. The trusted installer can be trusted as much as any other native windows component. How much you can trust MS components/services is up to your level of paranoia.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[guitarzan]

If you have that level of distrust of Microsoft, why use a Mirosoft operating in the first place??? There are alternatives out there.

 

[cdogg]

The ironic part is that you're actually making the OS less secure by messing with the TrustedInstaller configuration. It's there to provide a buffer for protection against malware, viruses, and trojans that attempt to make changes to system files and registry settings without your permission or your knowledge. With User Account Control (UAC) enabled and TrustedInstaller intact, a program must be properly elevated by the system or "trusted" by the user (you) to make those changes.

If you don't mind being vulnerable, then knock yourself out! But I'd say you're better off going back to XP.



-Carl
"The glass is neither half-full nor half-empty: it's twice as big as it needs to be."

[tab][navy]For this site's posting policies, click [/navy]here.

 

[goombawaho]

But I'd say you're better off going back to XP.

What's the logic of this if there's a general distrust of MS products


"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[johnherman]

Well, a couple of points of clarification. First, I have multiple computers. I even have a working Windows 3.1.1 (Windows for Workgroups) computer, although it is standalone for fear of unrecoverable viruses. I also have Linux machines, so yes, my mistrust in Microsoft is manifest in my actions. Nevertheless, it is a Windows-centric era, at least for desktop and legacy desktop applications. So, a computer professional *must* have at least one Windows machine. I'm a data guy, and Access and SQL Server only run in the Windows environment.

My distrust of the "trusty" installer is not with respect to foreign malware, but "enhancements" that Microsoft may have provided for NSA to extract information from people who use Windows computers. I also note that there are several TASKMGR (LOCAL) tasks that only want to run when I'm connected to the Internet. Why might that be? What activities are they doing that require Internet access?

Call me paranoid or whatever, but I worked for the government in the past, have a security clearance, and have been investigated by No Such Agency in the past.

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[guitarzan]

You can be as paranoid as you like, no problem. What I'm trying to understand here is, why would you single out this one particular executable among the dozens of microsoft-created executables churning away on your computer?

 

[johnherman]

Quoting from General Mitchell in the wonderful M*A*S*H episode "The Incubator":

"I only might add that I have nothing to add".

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[goombawaho]

Call me paranoid or whatever

Ok, I already did!!! But that's okay and if you have nothing to hide then let the investigations begin - covert or not and using whichever myriad method "they" have at their disposal. As pointed out by another poster, I would think that infiltrating a windows service would be very low on the likely list of methods for spying on you.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[cdogg]

What's the logic of this if there's a general distrust of MS products

That's a good point. The thinking here was that instead of messing with Windows 7 security configuration which can cause a wide range of issues, you'd be better off reverting back to XP to save you the hassle.

As for the OP's point about NSA's ability to extract information, it's a bit confusing considering that this "ability" isn't just limited to Windows computers. I also seriously doubt that any level of fiddling with the OS is going to prevent that! If you're a conspiracy theorist, the best remedy is to keep the workstation offline. Simple as that.

-Carl
"The glass is neither half-full nor half-empty: it's twice as big as it needs to be."

[tab][navy]For this site's posting policies, click [/navy]here.

 

[cdogg]

Of course, that also begs the question, "What do you have to hide?"...but no, I'm not going to take the discussion there!

 

[jsteph]

I will chime in with an elaboration on guitarzan's point. But first, I don't blame you for having the mistrust of MS, it's something that is warranted but at the same time there's little we can do about it if we're going to be working in the MS environment.

But what I'd add to the point about "why TrustedInstaller instead of all the others..." is that this is MS's OS, and if they wanted to, they could have processes running that even tools like Process Explorer may not be able to see...being closed-source how would anyone know, except NDA-gagged MS employees?

So if MS wanted to have a process sending your data to CIA or NSA servers, it could quite easily be hidden deep in kernel code and you'd never know it. You could sniff the packets leaving the box and wonder what all this extra traffic is when every app and browser is closed--but Task Manager certainly wouldn't show it. Inquiries to MS would be a standard "That's probably just Windows Updates checking for new patches".

Bottom line about all of this...including the NSA in general...I live with the general assumption that my data is out there. If I were ever succumb to the dark side and deal in illegal things, I would certainly "tread lightly".
--Jim

 

[goombawaho]

I just have one more comment (promise). I'm SURE that we would know by now whether Windows 7 is ratting on people running it. There are nerds all around that are running packet-monitoring software and they find out information like smart TVs are transmitting the names of files you open off USB sticks plugged into the TV. So........ I highly doubt everyone would have missed an operating system under covert control of the government.

If you look at some of the tools used by the government as uncovered by Snowden and others, they are much more targeted and sophisticated. Having an entire operating system blabbing information is just too ham-fisted and obvious, not subtle.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[johnherman]

@jsteph Microsoft might tell me that it's Windows Update, but I'll know they're lying. I have Windows Update disabled. I activate it only every few days to get the AntiVirus and any other critical updates. I do agree with your assumption that your data is out there, but I take it further and assume everyone wants to get into my computer. From malware to adware to cookies to <censored>. I am not involved in illegal activities. I just ABHOR the lack of respect for privacy in the information age, and the laissez-faire attitude of government and most of the public.

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[guitarzan]

OK, that's actually a more understandable argument. The sparse information I found about TrustedInstaller.exe (which is actually the Windows Modules Installer service) is that it relates to the installation of Windows Updates. If you in fact disabled Windows Updates, I would expect TrustedInstaller.exe to be silent. Seeing it still do something would arise some suspicion in me as well (though not necessarily big-brother... I would be more likely to blame bad-programmer).

When you say you have Windows Update disabled, do you mean you changed the frequency of updates to "Never check for updates (not recommended)", or that you actually disabled the Windows Update service?

 

[johnherman]

It is disabled via Services. Trusted Installer also tries to run (I terminate it) when Windows Antivirus updates and installs, although Trusted Installer is not needed to update the Antivirus. Of course, this just might be more of Microsoft "Bloatware" designed to fill and slow down your system so that you need to buy another computer from their WINTEL partner. I honestly believe that Microsoft developers have workstations with petabytes of RAM. The OS is just SOOOOO memory unfriendly with "terminate and stay resident" system processes and applications throughout.

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[guitarzan]

In that case, disable the Windows Modules Installer service as well, and I would think that would solve the rogue TrustedInstaller problem.

So you distrust Microsoft, but yet use a Microsoft antivirus product? Why??? So many alternatives out there!!

 

[Sympology]

I take it ALL your web traffic is encrypted, you run your own ISP with your own internet backbone, connecting to only trusted nodes? Your phone calls are scrambled and you use cryptography for all your post?
Chances are Amazon and Google know WAY more about you that the NAS.
What about your Linux boxes? Do you trust every program on there? If you think just because it's open source it's safe, just roll back a few months ago to heart bleed.
The only secure pc is one that's never been used. Yes even live CD's spew out info and with the right tools, can leave breadcrumbs and as soon as it's on the internet, it's fair game.

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

http://alvechurchlounge.org.uk

 

[johnherman]

As I mentioned above, it is still a Microsoft-centric world. The particular computer to which I refer has Microsoft products on it. I have other machines (linux and Windows hybrids) that are used for their particular purposes. @Sympology: The fact that it's fair game does not mean I like it, or have to play by anyone's rules but mine (and those imposed on me by the OS manufacturer and the rules imposed by "higher powers". BTW, encrypting your e-mails *guarantees* that NSA will get and keep a copy of them.

http://www.technewsworld.com/story/79117.html

==================================
The trouble with doing something right the first time is that nobody appreciates how difficult it was - Steven Wright

 

[cdogg]

Folks, this discussion is an example of what happens when you swallow the red and blue pill!
[flush]

John,
I think the point being made is that there are bigger fish to fry. You can customize (or perhaps more accurately "vandalize") Windows 7 all you want, but in the end, you're only messing with the small potatoes. I, for one, am not convinced you are making yourself any more secure, and may in fact be doing quite the opposite.