Beware of Live 11's default install!

Hi gang!

I know this is offtopic, NI doesn't have an offtopic section and I wanted to get this out in the open one way or the other. Why not post on the Abe's forum? I can't, at my own request even, and this idiocy isn't making it very appealing to even bother over there. Honest: crap like this is what triggered me to request my account to be de-activated over there.

I hope you guys (NI) will allow this.... if not, no trouble from me, I tried, then I only hope you don't mind too much. I had to try...

Beware of Live 11's default installation!
So I pre-ordered Live 11 because Ableton Live forms the heart of my home studio, together with Maschine and Reason's rack device/plugin ("RRP"). Today I learned that Live 11 was out! Yah, leave it up to Ableton to open up pre-orders without making their customers pay (fun fact: Ableton & Native Instruments are the only audio companies where I'd even consider a pre-order (I am still in 100% agreement with my Komplete 13 pre-order!)).

Back to the business at hand:

I installed Live 11 ('suite'). And I am appalled. The installer starts with an 'elevation' (= getting admin rights) and then it defaults the installation into c:\programdata. This is a HUGE problem! Why? Try creating a new folder in "C:\program files" and "c:\programdata", unless you trashed your system you'd notice a difference. A HUGE difference: by default program files cannot be tampered with on Windows 10. Not unless you give the process permission.

Follow Live's 10 "brilliant" installer and your audio software is WIDE open for attacks, and you wouldn't even see it coming.

This is SO bad....

"Fun" fact: I noticed, intervened, removed and re-installed. And now I don't even have an icon:



This is bad.. on so many levels, most artists won't even realize they're opening themselves up to SO many issues here. c:\programdata\ableton\live11.. what are these idiots thinking?

Harsh words... I don't take them back after working within ICT administration for over 20 years. This is beyond stupid.

 

…and why isn’t the ableton forum full of complaints regarding this?…

 

You're now assuming that most artists have in depth knowledge about computer security, or even care about it. I can easily imagine that a regular user wouldn't understand the big fuss at all; all they're seeing is Live 11 getting installed into a different folder. Which is good because now there's no risk of it affecting Live 10.

I'm also aware why Live does this: because of their automatic updates. If they install in '\Program Files' then the program can't automatically update itself without the user elevating their permissions. In \ProgramData this isn't an issue because it's not protected against tampering by the OS. ... however this still leaves the software wide open for attacks, because now any process can tamper with it.

Each to their own, but I consider this a very poor judgement call.

 

Hopefully you posted this on their forum too

 

No, I got my user account removed from that place because I started to dislike it over there. However, I am planning to contact Ableton support to share my concerns about this later in the weekend.

 

If you're so paranoid you shouldn't be on the Internet...

But I'm curious now, what kind of 'attacks' are you talking about?

 

I'm not paranoid at all. In fact, this doesn't bother me in the least because I simply installed Live into its proper place of "Program Files".

Having said that.. there's a fine line between paranoia and taking things to extremes. In fact, a little paranoia isn't a bad thing at all where ICT security is concerned.

I think I already explained as much above?

The main issue here is that if a default location can be considered dangerous (and it can here) then this provides a "static target". In other words: if someone is using Live 11 (or 10) then there's a good chance that they used the default install location, which means you have a perfect attack vector because the executables are wide open for infection, and if you're dealing with a new kind of virus, malware maybe even ransomware then a virus scanner might not pick this up, and your "last line of defense" (which would be Windows) wouldn't be the wiser either.

Sure, this may seem like a non-issue for some but then you obviously have no idea how quickly a "static target" can spread within the world of computer virii. Once it gets better known it'll soon become one of the many things which a virus tries to attack by default.

 

That's a lot of ifs...

A virus doesn't enter you PC by itself. On my PC there is no active antivirus running because this only slows everything down (for example a VST scan by a DAW will trigger a scan of all those DLL files by the antivirus, slowing down the proces tremendously), and Windows firewall is also disabled.
And yet my PC is clean because I don't download anything from untrustworthy sites and I also don't open every attachment of every email I receive.

Just using some common sense goes a long way.

 

Absolutely true.

See, the reason for my "paranoia" if you will is because of regular users. It's my experience that a large majority of musicians will know a lot about the software they're working with while still being mostly clueless about the underlying operating system. Those are the people I'm worried about here, not people like you and myself.

 

It's a non issue and Live has been installed to ProgramData since Live 9:


If you can find a case that it has created an issue then certainly discuss and raise concern with the devs, but I cannot recall any issue on the forums in all this time (4 years or so), nor do I consider it to be an issue on my end. Sure, it is not "conventional" but just like being killed on the street by an axe murderer, the risk is always there but to get through life you play the odds.... Maybe i'm just one of the clueless users who don't understand but an example of exactly what/how could be an issue would be welcomed, not just "because it could if..." I'm interested to know exactly how something would happen and how Live would facilitate it, you haven't actually explained at all how it would happen, only it is not protected, what is a plausible scenario that could help someone understand what the issue is?... I run programs from multiple locations on my system, not just the program folders location, never had any virus or trojan issues since the 90s.

Since there has never been a report of an issue nor has anyone else raised a concern it's probably more a cautionary statement that it's not "as secure" as it could be, not an impending doom type thing like it's made out to seem.

 

My system is locked down so no files can be written without authorization, but then i am an infosec nut