Someone posed a question to me the other day that i didnt have an immediate answer for...
"How does someone patch the parts of the Operating System that were captured in a ThinApp Package?"
i.e. If a Windows XP .DLL file later comes up as part of a security update, and yet it was patched in the XP Virtual Desktop we deliver, then how do we ensure that the applications that also captured that in packaging also get updated?
What good would it do to patch the underlying OS, if the applications carried with it a vulnerable version of the same files?
Wouldn't the vulnerability re-appear ad package run time?
IMHO, if you have some vulnerability in OS that can some bad code used to get priviledge access and you patch OS with security patch, you are alright. You are alright even your thinapped application is packed with vulnerability DLL. IMHO virus doens't _see_ into virtualized package. Vulnerability is isolated :smileycool:
Other issue would be if this vulnerability is for some service which is started in virtual buble on patched OS. In this case vulnerability is loaded into memory and viruses and _bad guys_ can get inside unpatched virtualized service.
I appriciate the response, but i'm not sure it gave me an answer to the question of what to do?
Can you take antother stab at an answer?
IMHO you should update OS and packages if it's bug that can cause failure of anything. I think there is no clear answer for your questions, because it depends how secure and up to date you want to be.
To implement pathes into virtualized packages I would do:
- Open virtualized application w/ bug
- Apply update (changes are saved into Sandbox)
- Test and turn off application
- Apply Sandbox changes into virtualized application using sbmerge.exe