Cymaera vulnerability forbids installation on work pc

General discussion related to "Everything".
Post Reply
katriik
Posts: 9
Joined: Wed Aug 07, 2019 6:28 pm

Cymaera vulnerability forbids installation on work pc

Post by katriik »

Hello,

Because our work computer are so damn restrictive, I had to request IT authorization to install Everything, and they are denying it based on Cymaera's vulnerability report.

https://cymaera.com/articles/everything.html

Is there any argument I can provide against theirs?

Thank you.
therube
Posts: 4979
Joined: Thu Sep 03, 2009 6:48 pm

Re: Cymaera vulnerability forbids installation on work pc

Post by therube »

The article actually has a link to the nightly build where this was addressed.
Since then, both current release & current beta's should be OK.

viewtopic.php?p=32509#p32509
Also, http://www.voidtools.com/forum/viewtopi ... 716#p32716.
katriik
Posts: 9
Joined: Wed Aug 07, 2019 6:28 pm

Re: Cymaera vulnerability forbids installation on work pc

Post by katriik »

Noted and sharing with IT team.
Painful to have to deal with them.
NotNull
Posts: 5461
Joined: Wed May 24, 2017 9:22 pm

Re: Cymaera vulnerability forbids installation on work pc

Post by NotNull »

katriik wrote: Tue Nov 03, 2020 4:19 pm Painful to have to deal with them.
I think they are doing a good job when checking out the programs they allow on their network (not even all big companies do that!)
(but annoying for you nevertheless ..)


The 'threat' is a lot less severe than it sounds:
When you intsall Everything in "C:\Program Files", you need elevated admin rights to put a file (urlmon.dll) in that folder [1].
And when some hacker is already an admin, he can do "everything" and then access to Everything is the least of your (IT's) problems.

And if said hacker is able to take control of Everything, he/she can only list the files on your system.
There are a lot of ways to list all the files on your system; even without admin rights. (but none of them as fast as Everything, of course :))


If that is not enough to convince your IT department, there is also the Lite version of Everything.
In this version all possible attack vectors are removed (by removing some functionality, that you probably don't need in your situation)

[1] In case you are still running an older version (1.4.1.989 or below) of Everything

Good luck! (and don't be too hard on your IT department; they are doing a good job - at least in this case )
katriik
Posts: 9
Joined: Wed Aug 07, 2019 6:28 pm

Re: Cymaera vulnerability forbids installation on work pc

Post by katriik »

Thanks @NotNull,

Appreciate your reply.
They are nice guy. The team is not bad. It's the policies that are sometimes just too harsh and forbids us to become more efficient at our daily tasks.

At my past job, Everything was just the heaven's angel we were looking for. When a colleague presented me this tool, it saved us so much wasted time.

The concern now is that we're using SharePoint as our file server. Because the files on demand is active, Everything helps us to find the files we need.
They may be concerned because of this, I guess.

Anyway, I've shared the first comment and hope they allow its installation.

Have a great day.
NotNull
Posts: 5461
Joined: Wed May 24, 2017 9:22 pm

Re: Cymaera vulnerability forbids installation on work pc

Post by NotNull »

katriik wrote: Tue Nov 03, 2020 7:11 pm we're using SharePoint as our file server.
Then I *definitely* wish you good luck! :)
Post Reply