«

So I was going to install some freeware from Tucows to compliment my
graphics program and it asked me to get .NET Framework first. I have been
seeing this at the Windows Update and went there to get caught up. After
restarting WinXP Home, I now need to log in (never did before) and see that
the other 'personality' is the .NET Framework thing.

Is this some sort of spyware deal that is MS supported? Can I just tell it
to remove that personality and still have the .NET software work? I like to
have a system that is secured tight and am not sure I like the smell of
this... should I be OK with it?

"Jess Fertudei" <> wrote in
news::

> So I was going to install some freeware from Tucows to compliment my
> graphics program and it asked me to get .NET Framework first. I have
> been seeing this at the Windows Update and went there to get caught
> up. After restarting WinXP Home, I now need to log in (never did
> before) and see that the other 'personality' is the .NET Framework
> thing.
>
> Is this some sort of spyware deal that is MS supported? Can I just
> tell it to remove that personality and still have the .NET software
> work? I like to have a system that is secured tight and am not sure I
> like the smell of this... should I be OK with it?
>
>
>
>
>
>

Other personality, what are you talking about? Do you mean user-id? Are
you talking about the ASPNET user-id/account that is installed in the
system when the .NET Framework is installed?

http://msdn.microsoft.com/netframewo...get/default.as
px

If an application/program running on your machine needed the .NET
Framework installed, then you would have gotten some kind of clear
indication or message stating that the .NET Framework had to be
installed.

..NET Programming will make it out to the consumer in
applications/programs one day. And there may even be a few that have done
so for specialized applications. But .NET at this time is mostly being
used in a corporate/business environment for corporate/business
solutions.

To be honest, I don't think you need the .NET Framework installed on the
machine. Or the other thing you can do is leave it and disable the ASPNET
account on the computer, if that is what is causing you issues when you
boot the machine.

> I like to have a system that is secured tight and am not sure I
> like the smell of this...

Not to be smart here. But if you don't have to login to XP how secure and
tight can it be?

http://www.uksecurityonline.com/husdg/windowsxp.php

Duane

"Duane Arnold" <> wrote in message
news:Xns945096C45BA2Ddarnold92insightbbco@204.127. 199.17...
> "Jess Fertudei" <> wrote in
> news::
>
> > So I was going to install some freeware from Tucows to compliment my
> > graphics program and it asked me to get .NET Framework first. I have
> > been seeing this at the Windows Update and went there to get caught
> > up. After restarting WinXP Home, I now need to log in (never did
> > before) and see that the other 'personality' is the .NET Framework
> > thing.
> >
> > Is this some sort of spyware deal that is MS supported? Can I just
> > tell it to remove that personality and still have the .NET software
> > work? I like to have a system that is secured tight and am not sure I
> > like the smell of this... should I be OK with it?
> >
> >
> >
> >
> >
> >
>
> Other personality, what are you talking about? Do you mean user-id? Are
> you talking about the ASPNET user-id/account that is installed in the
> system when the .NET Framework is installed?
>
> http://msdn.microsoft.com/netframewo...get/default.as
> px

Sorry, yes I mis-spoke mis-typed whatever... I meant to say that it created
new user accounts. I am indeed talking about this ASP.NET Machine account
that it installed as well as a 'guest' account.

>
> If an application/program running on your machine needed the .NET
> Framework installed, then you would have gotten some kind of clear
> indication or message stating that the .NET Framework had to be
> installed.

right... like I said in the original post, I was prompted by the software I
want to install that I needed .NET, but rather than use the link they
suggested I went to the MS site to get it.

>
> .NET Programming will make it out to the consumer in
> applications/programs one day. And there may even be a few that have done
> so for specialized applications. But .NET at this time is mostly being
> used in a corporate/business environment for corporate/business
> solutions.

I guess it's here, although this is a specialized plug-in for my graphics
software.

>
> To be honest, I don't think you need the .NET Framework installed on the
> machine.

If I could find another software to do what I want I would... but I have
asked in the graphics groups I participate in and no others seem to be
available in free/shareware

Or the other thing you can do is leave it and disable the ASPNET
> account on the computer, if that is what is causing you issues when you
> boot the machine.

I haven't messed with accounts... but I guess that I could look around and
see what I can do with that suggestion in control panel I guess. Then
what... enable it long enough to install the software or does the software
depend on this to be active all the time? How does this interaction take
place?

>
> > I like to have a system that is secured tight and am not sure I
> > like the smell of this...
>
> Not to be smart here. But if you don't have to login to XP how secure and
> tight can it be?

I guess I should say that nothing is perfectly tight... but I do use good
software and hardware firewalls I do not install *anything* that needs or
might ever want to phone home. I've disabled all the messenger crap and get
very good reports at any security site I test.

>
> http://www.uksecurityonline.com/husdg/windowsxp.php

Thanks for the link... I'll try to look it over later or tomorrow.


So... I guess the question at this point is: do .NET Framework applications
'phone home' and do they compromise my machine?

Thanks for replying and for any contributions you or anyone else may
contribute to this thread.

"Jess Fertudei" <> wrote in
news::

> Sorry, yes I mis-spoke mis-typed whatever... I meant to say that it
> created new user accounts. I am indeed talking about this ASP.NET
> Machine account that it installed as well as a 'guest' account.

If an application/program is written using ASP, VB or Visual C++ .NET
programming language, it's going to use the .NET Framework that must be
installed on the machine for the program to function. The .NET Framework is
given an account on the NT based O/S so that elements that may be called
upon in the .NET Framework by a .NET application can function.

As far as the Guest account is concerned, you can disable it. And if you're
using NTFS on the NT based O/S, then you can take it a step further and
delete the Guest account out of the Account Access rights for the entire
drive like <C> and all sub folders will have the Guest account deleted as
well.

http://www.petri.co.il/disable_the_g...ount_in_xp.htm

> right... like I said in the original post, I was prompted by the
> software I want to install that I needed .NET, but rather than use the
> link they suggested I went to the MS site to get it.
>
>>
> I haven't messed with accounts... but I guess that I could look around
> and see what I can do with that suggestion in control panel I guess.
> Then what... enable it long enough to install the software or does the
> software depend on this to be active all the time? How does this
> interaction take place?

If you disable the ASPNET account and the application runs without the
account, then it may be OK. I guess you'll find out.

>
> I guess I should say that nothing is perfectly tight... but I do use
> good software and hardware firewalls I do not install *anything* that
> needs or might ever want to phone home. I've disabled all the
> messenger crap and get very good reports at any security site I test.
>
It's good that you have done the things above.

Malware such as a Trojans can go undetected and can take down a FW or AV.
And they can also circumvent any of it and get out, completing the phone
home.

So, one should look around a little bit every now and then for themselves
and see what's happening and not think that the security blanket is some
kind of stop all solution.

Active Ports (free) to look at port connections, Process Explorer or
PRCview (both free) to look at processes and what is being used by the
processes.

http://www.windowsecurity.com/articl...n_Horses_and_R
ootkit_Tools_in_a_Windows_Environment.html

You may say no one is coming after my little setup. And I'll say to you why
not? You're on the Internet with everything else. And they have got to
practice on someone before going after bigger game.

The bottom line is that everything is secondary to the O/S. The buck stops
at the O/S. And you have one that has the means to protect itself, if you
know to enable its protection features.

Like implementing TCP/IP Security (in the link provided) and possibly IPsec
to supplement the protection of a FW or router.

http://lists.gpick.com/pages/IP_Security_(IPSec).htm


> So... I guess the question at this point is: do .NET Framework
> applications 'phone home' and do they compromise my machine?

The .NET Framework is not an application. It is framework like the
framework of your house that must be installed on the computer so that an
application that has been written in a .NET language such as ASP, VB and
Visual C++ .NET can function.

The .NET Framework is installed on all my machines and the ASPNET account
is not disabled or deleted.

Oh, nothing is 100% *hack* proof. One just tries to make things more
difficult in the hopes they will go elsewhere.

Duane

"Jess Fertudei" <> wrote in
news::

> So... I guess the question at this point is: do .NET Framework
> applications 'phone home' and do they compromise my machine?
>

I should clarify. The answer is YES. A program written in one of the .NET
program languages can make a phone call home just like its predecessors
that are/were written in Visual Basic and Visual C++ version 6 through 5
and ASP 3.0 through 2.0 or any program written in versions of the
programming languages prior to the mentioned versions can make a phone all
home, just like any other program that has been written with the purpose of
compromising the machine.

Duane

"Jess Fertudei" <> wrote in
news::

> So... I guess the question at this point is: do .NET Framework
> applications 'phone home' and do they compromise my machine?

Applications can phone home reguardless of whether they were written with
..Net technology or not. If it's a program that is trying to spy on you,
yes, it can use .Net to phone home. If it is a program trying to spy on
you and doesn't use .Net, it can still phone home by using standard APIs.
If you find a calculator written in .Net, it doesn't mean it is spying on
you and phoning home.

--
AIM: FrznFoodClerk
email: de_on-lag@co_cast.net (_ = m)
website: under construction
Need a technician in the south Jersey area?
email/IM for rates/services

Drive Image 7 wouldn't install until NET.Framework was installed first. I
did so and it messed up my user accounts in XP, I lost e-mails, dial up
settings and much more. Many posts about this in XP newsgroups.

--

Kenny

"Cigarettes are killers that travel in packs."


"DeMoN LaG" <n@a> wrote in message
news:Xns9451287116AE1Wobbly@216.168.3.30...
> "Jess Fertudei" <> wrote in
> news::
>
> > So... I guess the question at this point is: do .NET Framework
> > applications 'phone home' and do they compromise my machine?
>
> Applications can phone home reguardless of whether they were written with
> .Net technology or not. If it's a program that is trying to spy on you,
> yes, it can use .Net to phone home. If it is a program trying to spy on
> you and doesn't use .Net, it can still phone home by using standard APIs.
> If you find a calculator written in .Net, it doesn't mean it is spying on
> you and phoning home.
>
> --
> AIM: FrznFoodClerk
> email: de_on-lag@co_cast.net (_ = m)
> website: under construction
> Need a technician in the south Jersey area?
> email/IM for rates/services