SuccessMaker opens security holes for vandalism and viruses
Put simply, SuccessMaker creates a half-dozen folders in the root, then sets absurd access permissions on them.
Rather than giving users readonly access to program directories (where EXE and DLL files live) and modify access to data folders, they grant FULL CONTROL rights to all 6 folders for all users.
Say what? How often do you suppose students running SM need to change the owner of the files in these folders? Or set the file access permissions? What were they thinking setting Full Control?
Let's look at some of the opportunities for mischief this creates:
1) Any user (even students!) can simply DELETE these folders and everything in them. This makes the computer unusable until the IT department can re-install the SM software, whereupon they can simply delete it again.
2) Whatever data SM stores in the Student or Teacher folders is subject to being read (or changed) by any user on the computer.
3) Any viruses accidentally downloaded by users can store themselves in these folders. They can even attach themselves to the executable files there and spread to every user that runs SuccessMaker.
4) Malicious users with somewhat more advanced knowledge could even produce programs with login screens that emulate SM in order to grab credentials, then replace the normal programs with their own.
And that's just off the top of my head.
In an education environment, not all the people using the computers are angels. While you can *hope* that they won't choose to do anything inappropriate (or simply don't know how), the better plan is to take prudent steps to secure the computers. This philosophy helps protect you from both the accidentally careless users, as well as the deliberately malicious ones.
I have spoken to SM, but while they understood my concerns and were polite, they had no solutions to offer.
I'm hoping that someone else has already worked through this and has an answer here. Please tell me I'm not the only person who sees this as a serious security hole! If you have any information here, please share.
Even if you don't have a solution, I'd still like to hear from you if you consider this to be a problem. If SM doesn't have a fix, I have ideas of my own about how to correct this. But I could use some help from people who are more familiar with SM than I am.