[Resolved] Sneaky Programming

[Quiver318]

Quite by accident, I have discovered some sneaky coding in a major release of some very popular accounting software.

In short, I have installed this software into an encrypted volume and it works fine from there. But, when I close the volume (making the installed components unavailable, and secure) I have noticed that the MSI installer pops up whenever I open my web browser, and the installation is specific to this accounting software. The installer has somehow noticed that a DLL is missing, and it wants to put it back. Naturally, it can't because the volume is no longer mounted.

This DLL would seem to allow the accounting program to impersonate my browser for the purposes of getting past my personal firewall. If I had not discovered this, I think the accounting package would be phoning home with my accounting information, or spying on me.

My question to you is, how is the MSI installer even being made aware that the component is missing? Why does it come to life and try to put the file back, and how do I stop it so I can use my accounting software in peace?

Thanks,

Quiver

[JuggaloBrotha]

I've seen other desktop apps do that, you remove 1 dll and next time your try to run the app the MSI installer pops up and re-installs that dll.

I think it's something built into the MSI installer that detects that stuff, but I'm not sure.

[FunkyDexter]

To quote Tom Jones: "It's not unusual"

The last app I worked on used to do exactly the same thing. I have no idea whether it was a function of the MSI or the way it was deployed (Group Policies) but when a user ran the prog it would first go and look for any updates, new components etc. If we removed a component it would reinstall it. From a deployment point of view it's desirable behaviour and I always assumed it was something our configuration section had control over but I'm not sure.

[Quiver318]

Thank you both kindly for your replies.

I have learned that this action is a feature of the MSI installer, and I have been able to fix the problem quite simply. It turns out that an MSI file will "self-heal" if it is found that critical files have been 'called' but are missing, though I am not too sure if this is the default action. Microsoft refers to this as installation-on-demand, and advertising.

To permanently stop the action in an MSI file that has already been created, you can add a property to it using ORCA (a free MSI editor). To temporarily stop the action; you need only specify the same property as a command-line switch. The property is DISABLEADVTSHORTCUTS=1, in both cases. I have read somewhere that this propery is case sensitive, so you might issue it as I have in the example below.

Here is the DOS command-line, for example:
accounting_installer.exe DISABLEADVTSHORTCUTS=1

This method worked for me. The installer no longer comes up when I open my browser, or start Windows. Thanks for pointing me in the right direction of investigating the MSI installer, JuggaloBrotha and FunkyDexter!

[Kasracer]

Ah that's quite interesting. What accounting software was that, if you don't mind me asking?