Re: How to copy NVDA user settings before logging into windows without the need for add-ons that are installed in NVDA?


I suspect this is the same sort of message you get when you install add-ons, warning that add-ons may be malicious and telling you to be careful.  Others may wish to discuss the question, but if your add-ons come from the official NVDA add-ons site, you should have nothing to worry about.  All officially approved add-ons have been checked.

-----Original Message-----
Sent: Wednesday, December 22, 2021 10:00 AM
Subject: Re: [nvda] How to copy NVDA user settings before logging into windows without the need for add-ons that are installed in NVDA?

Activating the option in NVDA Settings to "Use currently saved settings during sign-in and on secure screens" brings up a dialog with the message: "Warning Add-ons were detected in your user settings directory. Copying these to the system profile could be a security risk. Do you still wish to copy your settings?" Given this message from NVDA itself, it is not unreasonable for a user to wonder how to save settings without add-ons for use in this situation even if they do not know of a specific security threat that the particular add-ons they have installed could present.

I agree that I have never heard of there being a security threat in practice, and this is probably a due diligence statement on NVDA's part, but the average user does not really have a good way of evaluating the potential risk that their add-ons might carry and could be made a bit nervous by this statement, especially with the news coverage of vulnerabilities found in software that was generally thought to be secure.

I suppose that there are some add-ons which a user might wish to have available during sign-in and on secure screens, but I would imagine that normally the settings that a user is concerned with preserving would be the speech and braille settings. It would be nice to be able to save settings minus any add-ons in this instance.



On 12/21/2021 3:35 PM, Brian Vogel wrote:
On Tue, Dec 21, 2021 at 02:26 PM, Ján Kulik wrote:
need to uninstall all add-ons to avoid security risk.
You need to be a lot more explicit, and detailed, about what exactly you mean by security concerns.

People have been using NVDA for years at the login screen and other secure screens, laden with add-ons, and I have never seen a single report of a security breach or concern because of that.

Vague discomfort does not constitute a security concern.  You have to have a very, very clear definition of what it is you think the issue is or issues are.  So far, that's not been forthcoming.

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill


Join to automatically receive all group messages.