Target OS versions
The MASM32 SDK is designed to install on Windows operating system versions from WIN2000 upwards. It is not designed to install on earlier Win9x systems or Windows ME.
Installation Safety Design
The MASM32 SDK is targeted at experienced programmers who routinely have multiple development environments setup and configured on their development computer.
Safety for the experienced developer is as follows,
(1) The MASM32 SDK does not write any files to the operating system.
(2) The MASM32 SDK is registry safe and writes nothing to the registry.
(3) The MASM32 SDK does not set up any file extensions and does not steal file extensions from existing applications.
(4) The MASM32 SDK does not depend on any other application for its operation.
(5) The MASM32 SDK is free of DLL Hell.
(6) The MASM32 SDK is DEP safe, it runs on a fully DEP enabled computer.
At the end of the installation a choice is offered to set up an icon on the desktop using a simple VBS script, its contents are displayed and you have the option of using it or not. This safety comes at the price that the programmer who wants to use the advanced capacity of the MASM32 SDK must have sufficient technical knowledge to configure their development computer so that the MASM SDK can be installed.
Assumptions Of The Installation
The installation assumes that,
(a) The computer is correctly configured and is completely free on any trojan/rootkit/viral damage or infection.
(b) The installation is being performed with ADMINISTRATIVE RIGHTS that allow software to be installed.
(c) The installation can write files to disk without the process being obstructed or damaged by computer settings or security software.
Secure Origin Of The MASM32 SDK Content
The MASM32 SDK is built in a completely isolated environment from its own source code and is completely free of any trojan/rootkit/viral transmission code. It has been successfully installed on millions of development computers over a period in excess of 15 years and the only problems that have ever occurred come from false positives in downmarket AV software. The contents of the MASM32 SDK are DEP SAFE and were re-written when Microsoft introduced the new security modification to the Portable Executable specifications to protect computers from a variety of stack based exploits.
Common Problems With Inexperienced Users
(1) The computer is infected with either a trojan/root kit or virus and interferes with the installation by obstructing the file write to disk process.
SOLUTION : Either completely repair the operating system installation ensuring it is free from any infection or damage or do a full installation of the operating system to ensure it is working correctly.
(2) The person installing the MASM32 SDK does not have sufficient Administrative rights to install software.
SOLUTION : Change to the Administrative Profile before attempting to install the software.
(3) Anti-virus and/or similar security software obstructs the installation of the MASM32 SDK.
SOLUTION : Configure, change or remove the AV software so that it does not interfere with the installation of the MASM32 SDK.
This has primarily been a problem for inexperienced users who are using free security software downloaded from the internet. While reputable AV and security software vendors produce commercial products that properly understand the Microsoft Portable Executable specifications, much of the BETA level freeware available on the internet does not properly do this and regularly delivers FALSE POSITIVES on software that is completely free of any infection. At a design level this follows from the AV product using a naive dictionary approach coupled with poorly designed heuristic scanning methods. The result when using this style of junk is that the AV software often silently removes programs that it does not understand without advising the user and damages the installation of the software.
There is no solution to this problem from the installation end without interfering with the operating system, something that the MASM32 SDK does not do by design. To successfully install the MASM32 SDK you must have the appropriate Administrative rights and the computer must be clean from viral/trojan infections and be configured to allow an installation to write to disk. Unfortunately vendors of this CRAP are protecting their commercial interests by trying to appear as if their software is protecting your computer where in fact their lack of experience exposes end users to risks of large scale unrecoverable damage.
Securing A Development Computer
While most experienced users already know how to protect a development computer, for the small developer or student/person learning a programming environment there are a number of basic guidelines that help to protect a development computer without strangling it with security restrictions designed to protect non-technical users.
(1) Configure the DSL or similar router so that it uses the internal firewall, enables "Stateful Packet Inspection" (SPI) and "Network Address Translation" (NAT) and do not use any form of tunneling that bypasses the router setup. This is particularly important as it cannot be altered by the operating system so even if the operating system is compromised, the router is not and its security features still work.
(2) Unless you know exactly what you are doing with the firewall in late versions of Windows, disable it completely and install a manual setup firewall that allows you to block specific ports and protocols.
(3) Examine the running services on your computer and TURN OFF those that you don't need. Things like remote management, TAPI, FTP and HTTP servers are rarely ever required by a home developer and by turning OFF services of this type, the vulnerable surface area of the computer is reduced. Do not install the IIS internet server option on a development machine as it is subject to new exploits on a regular basis.
(4) NEVER EVER share the boot partition of a development computer. If you need to transfer data from a development computer to another computer in your LAN, set up a directory on another partition on your development computer that has two (2) subdirectories, "upload" and "download". Set up the directories as shared with read only access to the "download" directory and normal read/write access for the "upload" directory. You are safer if you share nothing and use a shared drive/directory on another computer in your LAN to write data to when needed.
(5) If you must use your development computer to handle email there are a number of steps that reduce your risk.
(a) Install software that reads the available email on the email server you use WITHOUT downloading it. This allows you to check what is there and delete any of the junk you don't want without it ever being on your computer.
(b) If your email software automatically downloads email, TURN THE OPTION OFF, only download email when you choose to do so. Malicious software that is never downloaded onto your computer can never do it any harm.
(c) Ensure that your email software does not automatically run attachments on any email that you download.
(d) If you must run AV or similar security software, use proven reliable products. Eset's NOD32 and Kaspersky are professional well written products that can be configured properly. The default Microsoft AV scanners in later OS versions is also generally reliable and does not routinely deliver false positives. Avoid any form of automatic scanning and only operate the software on a on demand basis.
Running Security Risks In A Sandbox
If you know what you are doing and properly secure a development computer you can be free of the virus/anti-virus merry go round and be in full control of your development computer but the weakest point in computer security is you the user, no matter what you installation and configuration may happen to be, if you run something that is dangerous you can damage your computer's operating system installation.
If you must do dangerous things like downloading junk from the internet or email that may contain dangerous attachments, do it in a sandbox, install a Virtual Machine on your computer, set up the browser and email programs you want and if the worst happens, you can just shut it down, replace the virtual hard drive file with a backup and no harm is done.
The Final Solution For Computer Security
Obtain a reliable disk imaging program, Norton Ghost, Acronis True Image and similar and learn how to use it correctly. Make a backup image of your BOOT partition and save that file on another partition on your computer. Software like Acronis has the capacity to create a bootable CD so that you can boot the damaged computer from the CD and restore the disk image file saved on another partition. This approach has two (2) major advantages, it cannot be beaten as it completely overwrites the damaged operating system installation and it usually takes less than five (5) minutes to perform.