undefined | Better HN

0 pointsMaskawanian1y ago0 comments

> I put a lot of the blame here on Windows and its persistent refusal to implement a decent way to uninstall programs without using a vendor-provided binary/script.

While the install & uninstall process certainly be criticized. The fact remains that the uninstall script is made by Adobe. They deserve credit for all dark patterns that script contains.

Other systems have similarly opaque places where configuration can be left. Look at dot file structures, gconf, et al. on linux. As well as Preferences, extensions, input managers, Library folders on Mac.

Until we get a system that is entirely containerized, this will continue to be an issue.

We should probably keep the focus on Adobe lest we distract from their bad practices.

0 comments

everforward1y ago

I agree that they deserve all the credit for the dark patterns in their uninstall script and people should be pissed. I just also think this was an incredibly obvious outcome, and would not have been a problem at all _if Windows hadn't handed them sole authority to uninstall themselves_.

This isn't even a new issue, I remember jokes about how hard McAfee was to uninstall like a decade ago. Adobe deserves hate for abusing a loophole, and Windows deserves hate for creating and maintaining that loophole through who knows how many issues with it.

> Other systems have similarly opaque places where configuration can be left. Look at dot file structures, gconf, et al. on linux. As well as Preferences, extensions, input managers, Library folders on Mac.

I can't speak for Mac because I lack the context, but there are like a dozen ways to deal with this on Linux. strace, iotrace, selinux audit mode, lsof in a loop if you're lazy and don't care too much, there are some tools built for basically this that use fanotify, I think sar might include this with the right config.

It's like moderate difficulty to write a shell script that will print all the files a process accesses, and trivial difficulty to consume the same.

It's also worth pointing out that a filesystem doesn't typically get "bogged down" the same way the registry does; i.e. there being unused config or cache files on the filesystem doesn't typically harm the filesystem in the same way that having useless entries in the Registry does. There's ups and downs to that kind of centralized config service.

> Until we get a system that is entirely containerized, this will continue to be an issue.

You can do this on Linux already for many things, depending on how much you need it to be isolated and what it does.

In the simplest manner, jails or chroot is probably enough to isolate most applications' filesystems; I'm doubtful they even try to break out of them.

Selinux could be used; first run it in audit mode to generate a list of files it's allowed to access (and record the same), then set it to enforce on the app to prevent other access. AppArmor might also work, not sure.

I believe snaps and/or flatpaks can have their "filesystem" isolated to certain paths.

Docker containers are an option, or just regular old cgroups.

The most basic and common option on Linux is just to install and run it as a separate user. There are certainly ways around that, but most of them would require either giving the installer root access or the kinds of filesystem permissions that malware dreams of.

j / k navigate · click thread line to collapse