Topics

NVDA, other processes, performance, and security

Perry Simm
 

Hello everyone!
I recently read on here that someone had observed NVDA wouldn't let some processes close normally. Specifically, the conversation was about processes belonging to MS Office. I'm a bit of a security nerd and I have a strong background in comp.sci. so I had a look to see for myself if that's actually the case. Sure enough, at least Excel and Outlook are affected by this on my system. That is, when I start one of those while NVDA is running and then close the application again, the process remains running in Task Manager. When I launch Outlook or Excel while NVDA is not running and then close the application again, the process goes away. So it does seem as if there is at least some kind of connection between NVDA running and other processes not closing normally. Whether that connection is direct or indirect, or in what software the bug is, I cannot say, of course, only that it is causal. Word doesn't show it for me by the way.
To my understanding, and I hope to be convinced otherwise, this has both security and performance implications. Security because any process unnecessarily left running increases the number of potential attack vectors; and performance because any process unnecessarily left running will consume resources in terms of memory, kernel data structures, and processor cycles. For anyone reading this and deciding whether or not to panic about security, I don't think there's any reason. This is not about current threats. I'm just theorizing about statistical averages and potential trouble somewhere down the road.
So my question would be if there is a roadmap for that to be looked into, or if it has even been addressed in the upcoming version 2018.3.
Cheers Perry

 

Hi,

I don’t think this was addressed in 2018.3 development cycle. The relevant code to look at in NVDA source code would be the C++ portion (NVDA Helper Remote DLL) or somewhere around there.

Cheers,

Joseph

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of Perry Simm via Groups.Io
Sent: Wednesday, August 29, 2018 5:15 AM
To: nvda@nvda.groups.io
Subject: [nvda] NVDA, other processes, performance, and security

 

Hello everyone!

I recently read on here that someone had observed NVDA wouldn't let some processes close normally. Specifically, the conversation was about processes belonging to MS Office. I'm a bit of a security nerd and I have a strong background in comp.sci. so I had a look to see for myself if that's actually the case. Sure enough, at least Excel and Outlook are affected by this on my system. That is, when I start one of those while NVDA is running and then close the application again, the process remains running in Task Manager. When I launch Outlook or Excel while NVDA is not running and then close the application again, the process goes away. So it does seem as if there is at least some kind of connection between NVDA running and other processes not closing normally. Whether that connection is direct or indirect, or in what software the bug is, I cannot say, of course, only that it is causal. Word doesn't show it for me by the way.

To my understanding, and I hope to be convinced otherwise, this has both security and performance implications. Security because any process unnecessarily left running increases the number of potential attack vectors; and performance because any process unnecessarily left running will consume resources in terms of memory, kernel data structures, and processor cycles. For anyone reading this and deciding whether or not to panic about security, I don't think there's any reason. This is not about current threats. I'm just theorizing about statistical averages and potential trouble somewhere down the road.

So my question would be if there is a roadmap for that to be looked into, or if it has even been addressed in the upcoming version 2018.3.

Cheers Perry

Brian's Mail list account <bglists@...>
 

Well access has had this issue for many years now, right back as far as I can recall in fact.

I do not know about xcel as I thought that closed ok. Certainly sometimes Access 2007 will and always had seemed to be stuck.

I did wonder if it was because my database has a lot of visual basic in it and the whole thing can get pretty confused I'd imagine.
Brian

bglists@...
Sent via blueyonder.
Please address personal E-mail to:-
briang1@..., putting 'Brian Gaff'
in the display name field.

----- Original Message -----
From: "Perry Simm via Groups.Io" <perry.simm=protonmail.com@groups.io>
To: <nvda@nvda.groups.io>
Sent: Wednesday, August 29, 2018 1:14 PM
Subject: [nvda] NVDA, other processes, performance, and security


Hello everyone!
I recently read on here that someone had observed NVDA wouldn't let some processes close normally. Specifically, the conversation was about processes belonging to MS Office. I'm a bit of a security nerd and I have a strong background in comp.sci. so I had a look to see for myself if that's actually the case. Sure enough, at least Excel and Outlook are affected by this on my system. That is, when I start one of those while NVDA is running and then close the application again, the process remains running in Task Manager. When I launch Outlook or Excel while NVDA is not running and then close the application again, the process goes away. So it does seem as if there is at least some kind of connection between NVDA running and other processes not closing normally. Whether that connection is direct or indirect, or in what software the bug is, I cannot say, of course, only that it is causal. Word doesn't show it for me by the way.
To my understanding, and I hope to be convinced otherwise, this has both security and performance implications. Security because any process unnecessarily left running increases the number of potential attack vectors; and performance because any process unnecessarily left running will consume resources in terms of memory, kernel data structures, and processor cycles. For anyone reading this and deciding whether or not to panic about security, I don't think there's any reason. This is not about current threats. I'm just theorizing about statistical averages and potential trouble somewhere down the road.
So my question would be if there is a roadmap for that to be looked into, or if it has even been addressed in the upcoming version 2018.3.
Cheers Perry

Perry Simm
 

Hello,
since I'm not an expert on what exactly is going on here: Is it a harmless annoyance, that is, are the affected processes just prevented from closing but not interfered with in any other potentially harmful way? I'd like to understand the mechanism so I can decide for myself whether it is a real issue or something that can safely be ignored.
Cheers Perry