The Software Updates Menu
We introduced the Software Updates menu in 2012. This coincided with the introduction of automatic software updates. Various bug fixes have been applied to the software update software since then. But we’ve done nothing with the software updates menu at all. Until recently.
In response to some unusual problems a few of our customers have had we thought we could improve the experience of using the software updates function.
Problems with authentication
One customer reported that although he’d entered his login credentials, the login and download were failing. But strangely our software wasn’t prompting him for a correct set of login credentials (which is what should happen). After some investigation we found that some failures on our server were being amalgamated into one global error code sent back to the client. The global error code was then interpreted correctly according to the error code, but that response wasn’t correct with respect to the specific error on the server. We broke all the failure points on the server into discrete error codes and now handle all of these individually. This allowed the problem the customer had to come to the surface – their credentials were in fact incorrect – he’d made a typo while entering his details.
In addition to this we’ve now made changes to the email entry fields that validate only correct characters can be entered in an email address – enter any incorrect ones and the field turns red. Not enough @ characters – red, too many @ characters – red, whitespace in the username which isn’t quoted – red, whitespace in the domain – red. Etc.
There is also the error use case where a customer enters their login details for, say, C++ Performance Validator but the tool they are using when they enter these details is C++ Memory Validator. The login details are valid, but not for this software tool. The image below shows the error message when using the Test Login Details… button.
We also added two new menu entries for resetting the user credentials and also for setting the user credentials. If the user credentials are reset, no software updates will occur. If the user credentials are set (correctly) software updates will occur.
Problems with TMP security
When a software update for one of our tools downloads it’s downloaded by default to the directory defined by the TMP environment variable. On a Windows 10 machine this most likely points somewhere like c:\users\stephen\AppData\Local\Temp.
The TMP environment variable is used by the _ttempnam() function to provide a temporary filename for use by the software that calls it. _ttempnam() uses the TMP environment variable to do its job. We wrote the software updater code, tested it, and didn’t really think much more about it until we recently received an email from a customer. I’m going to quote a bit of it below.
“I am an IT manager for a software house that uses your Performance Validator and Memory Validator. With the new threats from ransomware, we have locked down developers’ machines so files cannot be executed under the users Appdata folders which contains the user’s temp folder.”
He wanted to know what our filename policy was so that he could whitelist our software updater to run inside the directory that he’d locked down. _ttempnam() returns names that are different each time. There is a pattern to the names we use. I explained the rules but then suggested that providing a dedicated download directory removes the need for whitelisting and provides a better security environment. He agreed. So that’s what I’m going to discuss next.
Specifying a directory
The first thing we had to do is replace the use of _ttempnam() with a user specified directory.
The user specified directory defaults to the same location that _ttempnam() would have used. Consult the _ttempnam() documentation and follow the rules for generating the default value. This is basically using GetEnvironmentVariable() to query the TMP environment variable.
Provide a means for the user to specify the download directory.
The directory needs to exist. If the directory doesn’t exist, it should be obvious as the directory name is entered.
The directory needs to have execute privileges and write privileges. If either of these privileges does not exist for the specified directory the user should be alerted to the fact.
The Reset button allows the directory to be set to the default value.
Add an entry to the Software Updates menu to enable the user to access this dialog. Update the Startup Wizard to allow the software update directory to be specified.
We’ve also updated the software update code to handle the use cases where a valid software update directory is supplied but is then deleted, or its permissions altered to deny write or deny execute privileges. This also accommodates the case where nothing changes with the directory, but the settings get damaged or corrupted somehow (editing the registry, a machine crash…).
We’re always trying to improve your experience with our software. Whether it’s making the use of Software Updates so easy you don’t need to talk to us about it or improving your security environment. If you have an issue that you think will improve the software for everyone, please do get in touch.