Is a Windows installer that doesn't require admin rights dangerous?

Question

I use Atlassian SourceTree on Windows, and one thing I like about it is that it doesn't require admin privileges to install or update. I happened to mention this to our ISSO (Information System Security Officer), and he was not a fan. He said that not requiring admin was dangerous because (to paraphrase) "If it's not asking you for approval, you never know what it's going and changing in the background!"

Now, this person has a tendency to be overly-cautious, so I am skeptical of his assessment. I had always thought that if a program doesn't ask for administrator permissions, it's because it doesn't make deep enough changes to need them. To add to that, our work computers are extremely locked down, so I find it hard to believe that all an installer has to do to get by our security features is to not ask for permission.

So what's the real situation? Can an installer that can run without administrator privileges really be that dangerous?

Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/72588/discussion-on-question-by-david-k-is-an-installer-that-doesnt-require-admin-rig). — Rory Alsop, Feb 02 '18 at 13:57
Chrome also has a non-admin install. What would your ISSO say about that? — Neil, Feb 02 '18 at 15:41
I'd answer, but am not allowed - sorry. But I think the issue of requiring admin privileges depends entirely on the functionality of the code, and therefore, can't truely be debated here. What is more important is whether or not a policy is in place that any code which is installed, is installed with a signed certificate. The UAC will pop up indicating certificate details, and a policy can be created to forbid unsigned, self-signed, or untrusted signers. — Andrew Jay, Feb 05 '18 at 12:44
TeamViewer installs without admin rights, and it is functionally a keylogger. Non-admin software can be very dangerous on Windows. — Aleksandr Dubinsky, Feb 05 '18 at 14:28
Even if it asks for your approval, that doesn't mean you know what it is doing once you give it approval. Your ISSO sounds like has been spending his weekends at Camp FUD. — TylerH, Feb 05 '18 at 15:34
Frankly, I'm shocked that someone in such a position as your security officer could be so ignorant. That's terrifying. I would strongly question other decisions this person has made. — Brad, Feb 06 '18 at 00:54
Relevant [XKCD](https://xkcd.com/1200/), "Authorization" (although the ISSO would probably advise you not to access Dropbox, Facebook, gmail, PayPal, and your bank from your work PC...) — david, Feb 06 '18 at 17:23

score 269 · Accepted Answer · answered Jan 31 '18 at 17:09

269

Installing something without needing admin privileges is no more dangerous than running a no-install program with standard user permissions. This is also less dangerous than installing something WITH admin privileges (or indeed, running anything with admin permissions).

Running a random program downloaded off the internet, of course, is potentially dangerous - even if it doesn't require admin.

If your ISSO's concern is "you're running random internet code, and the author of that code makes it easy for you to be lazy about asking me to vet it", then this is quite valid and factual. (you might debate the cost/benefit, but it is valid)

If the concern is "this installer is more dangerous than other installers or no-install programs because it doesn't escalate its access level", then no, this is factually incorrect.

answered Jan 31 '18 at 17:09

Soron

2,809
1
12
19

70

+1 for including a potential ISSO point of view. Sometimes there is a good reason under the hood, and it's just harder to communicate than they excuse reason. – Cort Ammon Jan 31 '18 at 18:41
6

@CortAmmon Anyone who can't communicate this simple concern is incompetent and not to be trusted in my book. Even if they know what they're doing, what other wrong things are they telling people to do because they can't be even remotely clear? – jpmc26 Jan 31 '18 at 21:21
8

@jpmc26 What if it's not so easy? What if the reason for the issue is highly contextual and requires a deep understanding of their job? For example, what if the reason for why they need to vet the code is actually a nuanced discussion being held with upper managment that they aren't supposed to talk about yet? – Cort Ammon Jan 31 '18 at 21:45
6

@CortAmmon "I'm supposed to review your software," is not deeply contextual. I mean sure, maybe the hows and whys aren't easy to explain, but it's *really* straightforward as a policy. If the ISSO said what the OP described and meant that instead, that is an utter failure of communication. If they're not supposed to discuss a new policy, they shouldn't have even said anything to the OP about not liking it. I guess I'm jumping the gun a little, though, as if it's a very one-off thing and the ISSO is usually clear, it could be a bad day, but still, it's hard to get it that wrong. – jpmc26 Jan 31 '18 at 21:50
60

people, even intelligent people, miscommunicate simple ideas all the time. Look at the quote from OP: "If it's not asking you for approval, you never know what it's going and changing in the background!" Now, assume that this quote is not 100% the verbiage used by ISSO. What if he said: "_Even_ if it's not asking you for approval, you _still_ never know what it's going and changing in the background." Which is a much more salient point. – Segfault Jan 31 '18 at 23:51
10

It's worth noting (as @Segfault alludes to) that the OP literally says "to paraphrase" just before quoting the ISSO's objection. Whether the ISSO's objection is reasonable or daft depends on exactly what the objection was, hence why I've included a response for the two interpretations that I find most likely (given the non-verbatim quote we have). – Soron Feb 01 '18 at 12:11
3

*"This is also less dangerous than installing something WITH admin privileges"* This isn't necessarily true. The program files for a program that has been installed on user directory without admin privilege can be modified without elevated permission. If this program has a bug that allowed an attacker to trick the program into overwriting its own program files, then the attacker may exploit that vulnerability to gain access to the machine in situations that would've failed with admin-installed application, where the program files would be read only. – Lie Ryan Feb 01 '18 at 14:54
4

The software is a software used as part of software development. It's arguably pointless restricting what software developers can install, doubly so if said software actually doesn't need privileges, because at least in theory, the software developer could just write the damn software themselves. – Phil Feb 02 '18 at 12:20
2

@Segfault: Aha. The English "even if" is thoroughly misunderstood, even by so-called native speakers. But whichever way it is, either the asker or the ISSO got it wrong. From the question the situation does appear to indicate that the ISSO was wrong. – user21820 Feb 02 '18 at 15:55
@user21820 I have never had an experience where a native speaker had any difficulty grasping the distinction made by *Even if*. – KRyan Feb 08 '18 at 14:28
Since a long-ish edit was suggested: the possibility of program files being edited by other userland code is a valid threat, but under a different threat model than (my interpretation of) what's presented in the question (as it's neither "dangerous", not something that "it [the installer/program]" is directly doing). If someone's got a (short!) phrasing that expresses that there's an additional risk under a different threat model, that'd be a good way to edit that in. – Soron Feb 09 '18 at 13:33
@KRyan: Believe me, some do. For example, some of them believe that in the sentence "Even if you walk carefully, you may trip." one can elide the "even". Ridiculous? – user21820 Feb 14 '18 at 11:43

score 82 · Answer 2 · edited Jan 31 '18 at 17:37

82

Well, if it doesn't need admin rights, that means that it can only do what a regular user can. Of course, you won't really know what the installer is doing (but do you ever really know?) but you can be assured that it won't be able to do anything that an unprivileged user can't, so I don't see the problem if you trust the source.

edited Jan 31 '18 at 17:37

answered Jan 31 '18 at 16:20

DevopsTux

861
6
10

7

Even better, a program (or installer) that doesn't need admin rights should actually be more secure than one that does. Since a privileged program can change stuff that are a lot more dangerous to change than a non-privileged one can. – John Hamilton Feb 01 '18 at 07:02
2

@JohnHamilton: but if it can modify stuff for the account you use all the time, it's hardly "a lot" more secure, unless it's truly a multi-user system. Taking over the primary account is only slightly / somewhat less bad than taking over the whole machine; e.g. it could still be ransomware. – Peter Cordes Feb 01 '18 at 11:57
7

Or, to say it with the usual xkcd: https://xkcd.com/1200/ – Matteo Italia Feb 01 '18 at 16:01
3

Unless there is an unpatched vulnerability in the Operating System/architecture. Then it can do more than a regular user can, and without first getting someone to look it over scrupulously because it didn't require admin privileges. – Nacht Feb 02 '18 at 05:39
"*You can be assured that it won't be able to do anything that an unprivileged user can't*" - So I can be assured that it, too, can find a vulnerability in the OS and gain admin access? – Nic Feb 02 '18 at 15:32
2

Well, just like an unprivileged user could exploit a vulnerability and gain admin access. – DevopsTux Feb 02 '18 at 15:51
2

@JohnHamilton The main reason programs on Windows require admin rights for installation is that it prevents the program folder from being changed by a non-admin. This is especially important when the application runs at elevated privileges at any time (which would allow arbitrary escalation of privileges for *any* user or program on the machine), but even without elevation, it can be the open door for trouble. Granted, the attacker must have some access already to exploit this, but there's plenty of bugs around that can do just that. Download a single file in the right location and boom :) – Luaan Feb 03 '18 at 22:43
1

@Jordi as opposed to installers that ask permissions, avoiding the need for an unpatched vulnerability. That reduces the likelihood significantly. – Deanna Feb 04 '18 at 01:34
@Jordi I meant "what a regular user can" in the general sense that I thought you meant in your answer - which is to say what regular users can do on most machines, i.e. not accessing system files. Of course if a vulnerability exists a "regular user" can take advantage of it just as much as any software, but usually a regular user doesnt want to do this. – Nacht Feb 05 '18 at 22:02

Thomas Carlisle · Answer 3 · 2018-02-01T15:47:08.240

27

On the windows platform, whether an app installer tiggers UAC (User Account Control) is not up to the app and the app cannot circumvent UAC. If the app install requires to do anything that would require admin, UAC will be triggered. This would include writing to system directories or registry settings that are system wide.

If an app install doesn't trigger UAC, that indicates the app is installing under the non-admin user's profile directory, and only setting registry under the user's own profile. It is certainly possible for a user to install malware, and the malware designed to only mess with that user's files/settings, the damage will not extend system wide.

In the context of ransomware threats, this means ransomware that targets only the user's own files would fly under the UAC radar.

To protect against that and satisfy your ISSO's concerns, your organization would need policy and protective tools to prevent running any app that is not provided by the company and certified. That is incredibly hard to do effectively, and to do that would require a very large investment in staff to certify apps as the business needs demand them.

Obviously, the above is only true if UAC has not been disabled or tampered with. It used to be fairly common for people to disable UAC because it was an annoyance, as apps that really shouldn't need admin would trigger it. For example, it used to be common (and still happens) where running a game requires elevation because the game does and auto-update at each run. These days, apps are better behaved and UAC really should not be disabled.

Updated for clarification following good comments:

It should be mentioned that when logged in as a user with local admin, there are ways of circumventing UAC. For best protection, one should not have admin rights for their everyday account, and create another with admin rights. UAC will prompt for that admin credentials when system wide settings are changed or software installed, but UAC can't be circumvented entirely if UAC is enabled.

edited Feb 01 '18 at 15:47

answered Jan 31 '18 at 16:34

Thomas Carlisle

809
5
9

16

Triggering UAC prompt is of course in app's control. In fact, there are only two ways to do it: have a line in app manifest that indicates that app should always be run as admin, or explicitly (from the code perspective) run an app as admin. UAC prompt will not automagically pop up when privileged operation is attempted. Installer is no way a special kind of program and can't handle it differently. To create an illusion that UAC prompt is done in the middle of app execution it simply spawns another process that triggers UAC prompt. – n0rd Jan 31 '18 at 19:51
3

There are UAC bypasses a plenty out there – McMatty Jan 31 '18 at 20:42
15

This is incorrect. If an operation requires administrator privileges and the process doesn't launch with them, then the operation would simply *fail* (error). Some applications will launch new processes with the privileges to make the UX smoother (instead of making the user launch again manually), but nothing in the OS just automatically asks for the privileges when a process does something that needs them. @n0rd On the other hand, MSIs aren't applications. They're files that get executed by built in OS components. So those components might have some magic built in – jpmc26 Jan 31 '18 at 21:13
1

It's worth saying that under no circumstances does just forbidding the app help (which I can see being the outcome if people who don't know what they are doing are in charge), either make the security stricter or don't worry about it. A virus isn't going to ask for elevated permission's when it doesnt need to "just to be polite" so expecting legitimate programs to do so helps no one – Richard Tingle Jan 31 '18 at 21:18
3

@n0rd: There are actually 3 options for the app manifest: `require-Administrator` (your always-admin), `asInvoker` (launch without elevation, even if admin) and `highestAvailable` (admin if possible for user). See https://msdn.microsoft.com/en-us/library/bb384608.aspx. There are 4 ways to run elevated executables, but the first (UAC disabled) will of course not show UAC dialogs. – MSalters Jan 31 '18 at 22:37
5

I meant that an app cannot choose to not trigger UAC and still perform system-wide changes. – Thomas Carlisle Jan 31 '18 at 22:37
Just in case people skip over n0rd and McMatty's spot-on comments, I'll reiterate that **UAC is broken and has been from the start**. It must not be relied upon. – forest Feb 01 '18 at 03:31
1

@forest relied upon from which perspective? – rackandboneman Feb 01 '18 at 11:46
The issue, I think, is that when logged in as a user with local admin, there are ways of circumventing UAC. In my answer above, I was assuming the case being discussed was a regular user logged in. If one is looking for best protection, take away admin rights of your everyday account and create another with admin rights. UAC will prompt for that admin ntials when system wide settings are changed or software installed, but UAC can't be circumvented. Again, still assuming UAC is enabled. – Thomas Carlisle Feb 01 '18 at 11:58
@rackandboneman Relied upon from the perspective of being effective at authenticating a _physical user_ (as opposed to software pretending to be a person). There are various PoCs available that show how UAC can be bypassed by local software in differing scenarios. – forest Feb 02 '18 at 13:07
1

For the record: in the default configuration, and by design, UAC does not provide a security boundary. That can present a risk if you've misunderstood what it is supposed to do. If you log in as a standard user, UAC works as well as could reasonably be hoped - you're still potentially vulnerable to social engineering, but there's not much that could be done about that without completely redesigning the OS. And even if you insist on logging in as an admin user, you can still get a reasonable level of security by setting UAC to "always prompt". – Harry Johnston Feb 02 '18 at 21:14
3

@HarryJohnston Agreed. I am not aware of any exploits to UAC that work when UAC is set to "Always notify" and the user isn't an admin. Note this exploits "Requirements" section. https://github.com/L3cr0f/DccwBypassUAC – Thomas Carlisle Feb 02 '18 at 22:23
@forest Has been broken from the start? I'm pretty sure it's only been broken since Windows 7, in the name of user convenience (the good old "why am I getting prompts all the time and why don't applications talk to each other?". If you don't like that convenience, bump your UAC settings all the way up and/or use a non-admin account. UAC is only considered a security boundary on a non-admin account, and it comes at a severe UX cost (mind you, nothing a Linux user wouldn't be used to - but hardly something that a normal Windows user will accept). – Luaan Feb 05 '18 at 09:28
That is correct, Microsoft made it possible to change windows settings (including the setting that controls UAC behavior) without triggering the UAC prompt in order to appease the complaints. As long as the logged in user is a local admin, they can change a lot of settings without triggering UAC. – Thomas Carlisle Feb 05 '18 at 15:55
TIL the UAC prompt can only be triggered by launching a process with admin rights and not for a single operation within a program. – Clonkex Feb 06 '18 at 21:42

score 16 · Answer 4 · answered Jan 31 '18 at 18:21

16

One additional threat for program installations that do not require administrator rights is that the installation can be modified by user level code. This allows for silent (no admin access required) updates, which means that the program behavior can change without warning. This also allows an adversary to insert code and tamper with the program silently (no admin access required).

answered Jan 31 '18 at 18:21

AstroDan

2,226
13
24

1

This was the same issue I was thinking. You're going to type your git password into SourceTree; if another app wanted to get access to your account, it could capture your keystrokes (however, antivirus might quarantine the malicious app as a keylogger), try to get the auth cookie from git's memory (again, antivirus might detect this), or overwrite the SourceTree app with a tampered version. – Carl Walsh Jan 31 '18 at 23:40
5

Yes, but if your installation is being modified by user level code then you already have some virus running on your computer. I'd say that the problem would be worse if the installation *did* require admin rights, because a virus could modify the installer binary before you run it and you would grant it admin rights, causing a privilege escalation of the virus. – Feb 01 '18 at 00:58
2

@CarlWalsh: Even if the installer did require admin the program itself doesn't, that would be a security risk in case there's a bug in the program. – Feb 01 '18 at 00:59
3

@Runemoro The thing is, there's a big difference between "running arbitrary code" and "saving a file to disk". And "saving a file to disk" is all it takes to execute arbitrary code (within the privileges of a given target application) if you can save in an app's exe directory. Are you sure there's no process anywhere on your machine that could be remotely exploited to save a file to the right place? Especially bad if there's an elevated app in an insecure place, but even for non-elevated apps, it can still gain access to anything the app can access - perhaps your passwords, logs, chat... – Luaan Feb 03 '18 at 22:51

score 12 · Answer 5 · answered Jan 31 '18 at 17:16

If it's not asking you for approval, you never know what it's going and changing in the background!

Wether the installer requires or not admin rights, you don't know what it is doing unless you're tracking/monitoring system changes.

What you know however, is that if it doesn't ask for admin rights, it can't make any change that requires admin right (alter system files, system registry, drivers, etc.).

Is an installer that doesn't require admin rights dangerous?

It could be, but no more that an installer that require admin rights, in fact it's theoretically less dangerous.

But either way, you shouldn't run any installer you can't trust on a sensible environment wether it requires admin rights or not.

martinstoeckli · Answer 6 · 2018-01-31T16:54:30.683

6

The application still has to ask for elevation if it needs more privileges, independend of its installer. On the other hand, if an application is maleware, it can run its harmful code in the installer already.

So actually it is the other way round, if neither the installer nor the application ask for elevation, it can do less harm, than if one of them ask for privileges.

When writing an installer, one tries to use as little privileges as necessary. Usually this determines, whether the program can only be installed on a per-user base, or if it can be installed for all users.

So if it is enough to write to the registry branch [HKEY_CURRENT_USER] there is often no need to ask for elevation, when the installer needs privileges to write to [HKEY_LOCAL_MACHINE] or to do other things only an admin should be allowed, it has to ask.

edited Jan 31 '18 at 16:54

answered Jan 31 '18 at 16:33

martinstoeckli

5,149
2
27
32

1

I think this is an excellent answer. Atlassian could mollify OP's supervisor by adding code to request admin privileges (and then not use them) but that would make the code less not more secure. Perhaps in an obscure corner of the program there is `rm -rf /`. Without admin privs, the program would fail. With admin privs, the program would succeed in ruining the user's day. – emory Jan 31 '18 at 16:55
1

@emory: That's actually not how Windows works. Users that have admin provs still need to invoke those privs on a process by process basis, using UAC. – MSalters Jan 31 '18 at 22:41
@emory: Correction -- if you are using a system *capable of running Windows*, you have already given up on security. Even if you have replaced Windows with another OS, the vulnerabilities that plague Windows-capable platforms exist below ring 0 and thus are problems regardless of OS. – Ben Voigt Feb 01 '18 at 16:57

score 4 · Answer 7 · answered Jan 31 '18 at 22:53

What it means

If an installer doesn't require admin rights, then it is installing software for the current user only, rather than system-wide.

What are the security impacts?

The software you are installing can only run under your own user account, so it has no way of modifying or damaging the system at superuser/admin level and affecting other users or system services. In this regard it is more secure than running a software installer that requires admin rights.

However, that doesn't mean the software itself can't do bad things, like any software, such as spying on you, spamming unwanted network traffic, messing with your files in your account, etc. None of this, however, is specific to the method in which software is installed.

Why system admins may not like it

It gets around any policy they may have around users installing software such as an approval process.

Is their concern justified?

Yes and no. While it isn't any more of a security risk to the system itself than anything you can already do in your user account (such as write scripts, run your own binaries or compile your own software), there are still some reasons IT departments may like to be notified or consulted anyway.

Some IT departments like to keep a record of what software exists on users' computers for the purpose of auditing. If the user installs software without IT knowing about it, then that software can still do nefarious things such as attack computers over a network, send spam, use up lots of resources on the machine, leak confidential documents and so on. So even though it may not be able to risk the system integrity for other users on that system, it still may perform things that are unwanted.

Even well-meaning software may have vulnerabilities which can cause problems if not kept up to date. If an IT department knows about software installed on users' systems it can ensure they get kept up to date.

Summary

What this all boils down to is that there is no inherent security risk in an installer that installs for a single user and doesn't use admin rights. What an IT department may be concerned about is simply the act of installing software without notifying them.

score 1 · Answer 8 · answered Feb 01 '18 at 03:18

An installer that does not ask for admin rights is safer than one that does ask, …

Unless, you have admin rights and granted them to the installer.

As an example, I have an installer on my MacBook that is able to install applications in /use/local/bin without asking for my admin password (called ‘brew’ for the curious). The only way that is possible is for brew to have been given admin rights when it was installed. Now MacOS has something called SIP that prevents even admin from making some types of changes. As far as I know, Windows has no equivalent. (But I haven’t used Windows in almost four years.)

That said, even without admin privileges, a program you installed can possibly do nasty things to you. Another answer has mentioned some of those things. But any program can do some of those, not just an installer.

AliceDTRH · Answer 9 · 2018-02-01T07:18:02.090

A large number of installers can simply be extracted without administrator rights using third-party tools such as universal extractor and don't actually truly require administrator rights. By giving installers access to administrator mode you give them access to every part of your computer, an installer that runs without those rights only has access to the files that don't require administrator rights.

However, it is true that you never know what ANY third-party program does, unless you check for yourself. All you can do is make sure the program comes from a trusted source, doesn't have any known viruses (using an antivirus/virustotal) and lastly you could use something like universal extractor to see what the script does or even use it to extract the files from the installer directly. And obviously, make sure the boss is okay with the programs you're running/installing.

Do keep in mind that not every installer can be extracted in this fashion and that some installers do in fact require administrator rights to install things like drivers or enter things into the registry.

score 0 · Answer 10 · answered Feb 02 '18 at 09:53

To add to the existing answers, there is a flip side disadvantage to an installer which doesn't need admin rights if the software which is installed does need admin rights to run.

If the installer does not use admin rights, the software cannot possibly be installed in the (protected) Program Files folder. By installing locally rather than globally it is possible for a malicious actor to modify the program, or install custom add-ins, from a local rather than administrator account. This could potentially lead to an escalation of privilege if someone then runs that program as an administrator.

The conditions needed to achieve this practically however are very remote. It's more of a theoretical vulnerability rather than a real world one.

score 0 · Answer 11 · answered Feb 03 '18 at 15:00

Your ISSO is just plainly wrong.

First, if I managed to create an installer that doesn't need admin privileges but is actually malware (for example sends all your documents to me), then it is trivial for me to make it ask for admin privileges. I'd really be wondering how asking for admin privileges would make that installer safer.

Not asking for approval doesn't mean the installer can do anything it likes. It can only do things that don't require approval. It can't do these things without approval. The installer with admin rights can do anything on your computer and mess it up completely. The installer without admin rights can do anything in your user directory and mess it up completely - which is less than the installer with admin privileges can do.

Now damage isn't necessarily done by malice, but often by stupidity (aka bugs in the installer). With admin rights, an installer has the ability to mess up your whole computer unintentionally. Without admin rights, that risk is hugely reduced.

(As mentioned earlier, on recent MacOS systems "admin privileges" and "root privileges" are not the same at all, which is used to protect the operating system even from code with admin rights).

score 0 · Answer 12 · answered Feb 05 '18 at 09:22

It simply means that it cannot do what an Administrator can do. If some action requires Admin-rights, then the process execution will require Elevation. Since SourceTree isn't asking for elevation, it won't do anything that can harm the system.

For example, it cannot:

Install a Windows Service
Start or Stop any service
Stop any elevated process
Install Device Driver (signed or not, that's not the point).
Read/Write protected registry
Format a drive
Change disk partition
Change system time
Shut down the machine
Start a system-wide process profiler
Read protected directory.
Change boot configuration.
Change security policy
. . .

Therefore, it is better and safe that installer (or any program) is not asking for Admin-mode run.

Note that you can start/stop some services as normal user. This is usually done for update checks, e.g. Mozilla installs a service that you can run as normal user which does the actual update. — Johannes Kuhn, Feb 11 '18 at 00:05

score -1 · Answer 13 · answered Feb 06 '18 at 09:46

For completeness: An installer which takes privileges it SHOULD NOT have silently (by one of the methods described in various comments) would indeed not only in bad taste but an added security risk - it could in some cases be instrumentalized by other malware that would otherwise not be capable of downloading an exploit tool like that to the local machine.

Example: Installer is whitelisted with an anti-malware solution by a user that knows the software is not malicious in itself. Actual malware (or a dedicated attacker), who would be stopped from directly using the same vulnerability, could conceivably turn that installer, if still laying around in eg the local downloads folder, into a confused deputy by modifying it or running it in a crafted environment.

this seems more like a general comment to other answers than an answer to the question itself — schroeder, Feb 06 '18 at 09:58

score -1 · Answer 14 · answered Feb 07 '18 at 17:34

Atlassian SourceTree can, in a sense, be viewed as a program capable of creating covert channels, that according to the ISO 27001 standard, require mitigation. The argument for this is that it is a Git client capable of pulling in a vast body of source code over https.

Is a Windows installer that doesn't require admin rights dangerous?

14 Answers14