Installing MASM32
Target OS versions
The
MASM32 SDK is designed to install on Windows operating system versions
from WIN2000 upwards. It is not designed to install on earlier Win9x
systems or Windows ME.
Installation Safety Design
The
MASM32 SDK is targeted at experienced programmers who routinely have
multiple development environments setup and configured on their
development computer.
Safety for the experienced developer is as follows,
(1) The MASM32 SDK does not write any files to the operating system.
(2) The MASM32 SDK is registry safe and writes nothing to the registry.
(3) The MASM32 SDK does not set up any file extensions and does not steal file extensions from existing applications.
(4) The MASM32 SDK does not depend on any other application for its operation.
(5) The MASM32 SDK is free of DLL Hell.
(6) The MASM32 SDK is DEP safe, it runs on a fully DEP enabled computer.
At
the end of the installation a choice is offered to set up an icon on
the desktop using a simple VBS script, its contents are displayed and
you have the option of using it or not. This safety comes at the price
that the programmer who wants to use the advanced capacity of the
MASM32 SDK must have sufficient technical knowledge to configure their
development computer so that the MASM SDK can be installed.
Assumptions Of The Installation
The installation assumes that,
(a) The computer is correctly configured and is completely free on any trojan/rootkit/viral damage or infection.
(b) The installation is being performed with ADMINISTRATIVE RIGHTS that allow software to be installed.
(c) The
installation can write files to disk without the process being
obstructed or damaged by computer settings or security software.
Secure Origin Of The MASM32 SDK Content
The
MASM32 SDK is built in a completely isolated environment from its own
source code and is completely free of any trojan/rootkit/viral
transmission code. It has been successfully installed on millions of
development computers over a period in excess of 15 years and the only
problems that have ever occurred come from false positives in
downmarket AV software. The contents of the MASM32 SDK are DEP SAFE
and were re-written when Microsoft introduced the new security
modification to the Portable Executable specifications to protect
computers from a variety of stack based exploits.
Common Problems With Inexperienced Users
(1) The
computer is infected with either a trojan/root kit or virus and
interferes with the installation by obstructing the file write to disk
process.
SOLUTION :
Either completely repair the operating system installation ensuring it
is free from any infection or damage or do a full installation of the
operating system to ensure it is working correctly.
(2) The person installing the MASM32 SDK does not have sufficient Administrative rights to install software.
SOLUTION : Change to the Administrative Profile before attempting to install the software.
(3) Anti-virus and/or similar security software obstructs the installation of the MASM32 SDK.
SOLUTION : Configure, change or remove the AV software so that it does not interfere with the installation of the MASM32 SDK.
This
has primarily been a problem for inexperienced users who are using free
security software downloaded from the internet. While reputable
AV and security software vendors produce commercial products that
properly understand the Microsoft Portable Executable specifications,
much of the BETA level freeware available on the internet does not
properly do this and regularly delivers FALSE POSITIVES on software
that is completely free of any infection. At a design level this
follows from the AV product using a naive dictionary approach coupled
with poorly designed heuristic scanning methods. The result when using
this style of junk is that the AV software often silently removes
programs that it does not understand without advising the user and
damages the installation of the software.
There
is no solution to this problem from the installation end without
interfering with the operating system, something that the MASM32 SDK
does not do by design. To successfully install the MASM32 SDK you must
have the appropriate Administrative rights and the computer must be
clean from viral/trojan infections and be configured to allow an
installation to write to disk. Unfortunately vendors of this CRAP are
protecting their commercial interests by trying to appear as if their
software is protecting your computer where in fact their lack of
experience exposes end users to risks of large scale unrecoverable
damage.
Securing A Development Computer
While
most experienced users already know how to protect a development
computer, for the small developer or student/person learning a
programming environment there are a number of basic guidelines that
help to protect a development computer without strangling it with
security restrictions designed to protect non-technical users.
(1) Configure the DSL or similar router so that it uses the internal firewall, enables "Stateful Packet Inspection" (SPI) and "Network Address Translation"
(NAT) and do not use any form of tunneling that bypasses the router
setup. This is particularly important as it cannot be altered by the
operating system so even if the operating system is compromised, the
router is not and its security features still work.
(2) Unless
you know exactly what you are doing with the firewall in late
versions of Windows, disable it completely and install a manual setup
firewall that allows you to block specific ports and protocols.
(3) Examine the running services on your computer and TURN OFF
those that you don't need. Things like remote management, TAPI, FTP and
HTTP servers are rarely ever required by a home developer and by
turning OFF services of this type, the vulnerable surface area of the
computer is reduced. Do not install the IIS internet server option on a
development machine as it is subject to new exploits on a regular basis.
(4) NEVER EVER
share the boot partition of a development computer. If you need to
transfer data from a development computer to another computer in your
LAN, set up a directory on another partition on your development
computer that has two (2) subdirectories, "upload" and "download". Set
up the directories as shared with read only access to the "download"
directory and normal read/write access for the "upload"
directory. You are safer if you share nothing and use a shared
drive/directory on another computer in your LAN to write data to when
needed.
(5) If you must use your development computer to handle email there are a number of steps that reduce your risk.
(a) Install software that reads the available email on the email server you use WITHOUT
downloading it. This allows you to check what is there and delete any
of the junk you don't want without it ever being on your computer.
(b) If your email software automatically downloads email, TURN THE OPTION OFF,
only download email when you choose to do so. Malicious software that
is never downloaded onto your computer can never do it any harm.
(c) Ensure that your email software does not automatically run attachments on any email that you download.
(d) If
you must run AV or similar security software, use proven reliable
products. Eset's NOD32 and Kaspersky are professional well written
products that can be configured properly. The default Microsoft AV
scanners in later OS versions is also generally reliable and does not
routinely deliver false positives. Avoid any form of automatic
scanning and only operate the software on a on demand basis.
Running Security Risks In A Sandbox
If
you know what you are doing and properly secure a development computer
you can be free of the virus/anti-virus merry go round and be in full
control of your development computer but the weakest point in computer
security is you the user, no matter what you installation and
configuration may happen to be, if you run something that is dangerous
you can damage your computer's operating system installation.
If
you must do dangerous things like downloading junk from the internet or
email that may contain dangerous attachments, do it in a sandbox,
install a Virtual Machine on your computer, set up the browser and
email programs you want and if the worst happens, you can just shut it
down, replace the virtual hard drive file with a backup and no harm is
done.
The Final Solution For Computer Security
Obtain
a reliable disk imaging program, Norton Ghost, Acronis True Image and
similar and learn how to use it correctly. Make a backup image of your
BOOT partition and save that file on another partition on your
computer. Software like Acronis has the capacity to create a bootable
CD so that you can boot the damaged computer from the CD and restore
the disk image file saved on another partition. This approach has two
(2) major advantages, it cannot be beaten as it completely overwrites
the damaged operating system installation and it usually takes less
than five (5) minutes to perform.
|