Beware of Live 11's default install!

Discussion in 'General Production Forum' started by ShelLuser, Feb 25, 2021.

  1. ShelLuser

    ShelLuser NI Product Owner

    Messages:
    1,312
    Hi gang!

    I know this is offtopic, NI doesn't have an offtopic section and I wanted to get this out in the open one way or the other. Why not post on the Abe's forum? I can't, at my own request even, and this idiocy isn't making it very appealing to even bother over there. Honest: crap like this is what triggered me to request my account to be de-activated over there.

    I hope you guys (NI) will allow this.... if not, no trouble from me, I tried, then I only hope you don't mind too much. I had to try...

    Beware of Live 11's default installation!
    So I pre-ordered Live 11 because Ableton Live forms the heart of my home studio, together with Maschine and Reason's rack device/plugin ("RRP"). Today I learned that Live 11 was out! Yah, leave it up to Ableton to open up pre-orders without making their customers pay ;) (fun fact: Ableton & Native Instruments are the only audio companies where I'd even consider a pre-order (I am still in 100% agreement with my Komplete 13 pre-order!)).

    Back to the business at hand:

    I installed Live 11 ('suite'). And I am appalled. The installer starts with an 'elevation' (= getting admin rights) and then it defaults the installation into c:\programdata. This is a HUGE problem! Why? Try creating a new folder in "C:\program files" and "c:\programdata", unless you trashed your system you'd notice a difference. A HUGE difference: by default program files cannot be tampered with on Windows 10. Not unless you give the process permission.

    Follow Live's 10 "brilliant" installer and your audio software is WIDE open for attacks, and you wouldn't even see it coming.

    This is SO bad....

    "Fun" fact: I noticed, intervened, removed and re-installed. And now I don't even have an icon:

    upload_2021-2-25_2-30-29.png

    This is bad.. on so many levels, most artists won't even realize they're opening themselves up to SO many issues here. c:\programdata\ableton\live11.. what are these idiots thinking?

    Harsh words... I don't take them back after working within ICT administration for over 20 years. This is beyond stupid.
     
  2. scheffkoch

    scheffkoch NI Product Owner

    Messages:
    589
    …and why isn’t the ableton forum full of complaints regarding this?…
     
  3. ShelLuser

    ShelLuser NI Product Owner

    Messages:
    1,312
    You're now assuming that most artists have in depth knowledge about computer security, or even care about it. I can easily imagine that a regular user wouldn't understand the big fuss at all; all they're seeing is Live 11 getting installed into a different folder. Which is good because now there's no risk of it affecting Live 10.

    I'm also aware why Live does this: because of their automatic updates. If they install in '\Program Files' then the program can't automatically update itself without the user elevating their permissions. In \ProgramData this isn't an issue because it's not protected against tampering by the OS. ... however this still leaves the software wide open for attacks, because now any process can tamper with it.

    Each to their own, but I consider this a very poor judgement call.
     
  4. Simchris

    Simchris NI Product Owner

    Messages:
    877
    Hopefully you posted this on their forum too
     
  5. ShelLuser

    ShelLuser NI Product Owner

    Messages:
    1,312
    No, I got my user account removed from that place because I started to dislike it over there. However, I am planning to contact Ableton support to share my concerns about this later in the weekend.
     
  6. Reefius

    Reefius NI Product Owner

    Messages:
    700
    If you're so paranoid you shouldn't be on the Internet...

    But I'm curious now, what kind of 'attacks' are you talking about?
     
  7. ShelLuser

    ShelLuser NI Product Owner

    Messages:
    1,312
    I'm not paranoid at all. In fact, this doesn't bother me in the least because I simply installed Live into its proper place of "Program Files".

    Having said that.. there's a fine line between paranoia and taking things to extremes. In fact, a little paranoia isn't a bad thing at all where ICT security is concerned.

    I think I already explained as much above?

    The main issue here is that if a default location can be considered dangerous (and it can here) then this provides a "static target". In other words: if someone is using Live 11 (or 10) then there's a good chance that they used the default install location, which means you have a perfect attack vector because the executables are wide open for infection, and if you're dealing with a new kind of virus, malware maybe even ransomware then a virus scanner might not pick this up, and your "last line of defense" (which would be Windows) wouldn't be the wiser either.

    Sure, this may seem like a non-issue for some but then you obviously have no idea how quickly a "static target" can spread within the world of computer virii. Once it gets better known it'll soon become one of the many things which a virus tries to attack by default.
     
  8. Reefius

    Reefius NI Product Owner

    Messages:
    700
    That's a lot of ifs...

    A virus doesn't enter you PC by itself. On my PC there is no active antivirus running because this only slows everything down (for example a VST scan by a DAW will trigger a scan of all those DLL files by the antivirus, slowing down the proces tremendously), and Windows firewall is also disabled.
    And yet my PC is clean because I don't download anything from untrustworthy sites and I also don't open every attachment of every email I receive.

    Just using some common sense goes a long way.
     
  9. ShelLuser

    ShelLuser NI Product Owner

    Messages:
    1,312
    Absolutely true.

    See, the reason for my "paranoia" if you will is because of regular users. It's my experience that a large majority of musicians will know a lot about the software they're working with while still being mostly clueless about the underlying operating system. Those are the people I'm worried about here, not people like you and myself.
     
    • Like Like x 1
  10. JesterMgee

    JesterMgee NI Product Owner

    Messages:
    3,226
    It's a non issue and Live has been installed to ProgramData since Live 9:
    upload_2021-3-2_9-58-57.png

    If you can find a case that it has created an issue then certainly discuss and raise concern with the devs, but I cannot recall any issue on the forums in all this time (4 years or so), nor do I consider it to be an issue on my end. Sure, it is not "conventional" but just like being killed on the street by an axe murderer, the risk is always there but to get through life you play the odds.... Maybe i'm just one of the clueless users who don't understand but an example of exactly what/how could be an issue would be welcomed, not just "because it could if..." I'm interested to know exactly how something would happen and how Live would facilitate it, you haven't actually explained at all how it would happen, only it is not protected, what is a plausible scenario that could help someone understand what the issue is?... I run programs from multiple locations on my system, not just the program folders location, never had any virus or trojan issues since the 90s.

    Since there has never been a report of an issue nor has anyone else raised a concern it's probably more a cautionary statement that it's not "as secure" as it could be, not an impending doom type thing like it's made out to seem.
     
    Last edited: Mar 2, 2021
  11. Simchris

    Simchris NI Product Owner

    Messages:
    877
    My system is locked down so no files can be written without authorization, but then i am an infosec nut