How to copy NVDA user settings before logging into windows without the need for add-ons that are installed in NVDA?


Ján Kulik
 

Hi all
Is there another way to copy custom settings before logging in to Windows without having to ignore the installed add-ons in NVDA? So far, I have had to deal with the fact that all the add-ons I had to remove to avoid conflicts with NVDA before logging in to Windows can cause a security risk. Even if I banned their accessories, it wouldn't help. Is there another solution?


 

Hi.
I was wondering the same myself.
We don't need all those addons there. All we need is our personal voice prefference such as synth of choice, speed etc.
Nikos

On Thu, 16 Dec 2021 at 08:35, Ján Kulik <jan.kulik.szsle@...> wrote:
Hi all
Is there another way to copy custom settings before logging in to Windows without having to ignore the installed add-ons in NVDA? So far, I have had to deal with the fact that all the add-ons I had to remove to avoid conflicts with NVDA before logging in to Windows can cause a security risk. Even if I banned their accessories, it wouldn't help. Is there another solution?


Ján Kulik
 

Well, they mainly only solve mistakes, but nothing is said about the proposals.


 

On Thu, Dec 16, 2021 at 01:35 AM, Ján Kulik wrote:
Is there another way to copy custom settings before logging in to Windows without having to ignore the installed add-ons in NVDA?
-
Can you please rephrase and clarify?

What I get from the reply from Nikos is that a way is wanted to copy all customized NVDA user settings without also picking up all of the add-ons that may also have been installed.

But I don't know how you would propose to do that, or anything, really, on a particular machine prior to Windows being started since you don't have access to anything on the machine unless you are within a running Windows instance to gain access to it.

It would also help to have specifics about what, exactly, you mean by, "the add-ons I had to remove to avoid conflicts with NVDA before logging in to Windows can cause a security risk."  What is flagging this "security risk" and what could be identifying it prior to logging into Windows?

Additional information and clarification is required about what it is you're doing that is causing difficulty, as a starting point.  Then a clear description of what it is you're trying to accomplish. 
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

Science has become just another voice in the room; it has lost its platform.  Now, you simply declare your own truth.

       ~ Dr. Paul A. Offit, in New York Times article, How Anti-Vaccine Sentiment Took Hold in the United States, September 23, 2019

 


Rowen Cary
 

Hi,

I believe I understand what you mean, not all add-ons are suitable for being applied to the secure desktop, but the fact now is that NVDA can’t choose which add-ons can be applied to the secure desktop at all. This is really urgent, There is a related issue on github repo, and hope that NVAccess will consider implementing it as soon as possible.

Thanks


Ján Kulik
 

Hi
I'm talking about using NVDA settings on login and secure screens. There are add-ons installed, but now that I want to apply the current changes to the login and secure screens, I need to uninstall all add-ons to avoid security risk. If I use the current settings on the login and secure screens, the current add-ons that are installed in NVDA will also be copied to me. But if there is no other way, then I consider it a useless topic in this group.


Sarah k Alawami
 

I would not worry about it actually. I don’t really consider the add ons at start up a security risk. What makes you think they are?

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of Ján Kulik
Sent: Tuesday, December 21, 2021 11:27 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] How to copy NVDA user settings before logging into windows without the need for add-ons that are installed in NVDA?

 

Hi
I'm talking about using NVDA settings on login and secure screens. There are add-ons installed, but now that I want to apply the current changes to the login and secure screens, I need to uninstall all add-ons to avoid security risk. If I use the current settings on the login and secure screens, the current add-ons that are installed in NVDA will also be copied to me. But if there is no other way, then I consider it a useless topic in this group.


 

On Tue, Dec 21, 2021 at 02:26 PM, Ján Kulik wrote:
need to uninstall all add-ons to avoid security risk.
-
You need to be a lot more explicit, and detailed, about what exactly you mean by security concerns.

People have been using NVDA for years at the login screen and other secure screens, laden with add-ons, and I have never seen a single report of a security breach or concern because of that.

Vague discomfort does not constitute a security concern.  You have to have a very, very clear definition of what it is you think the issue is or issues are.  So far, that's not been forthcoming. 
 
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill

 


Greg Williams
 

Activating the option in NVDA Settings to "Use currently saved settings during sign-in and on secure screens" brings up a dialog with the message: "Warning Add-ons were detected in your user settings directory. Copying these to the system profile could be a security risk. Do you still wish to copy your settings?" Given this message from NVDA itself, it is not unreasonable for a user to wonder how to save settings without add-ons for use in this situation even if they do not know of a specific security threat that the particular add-ons they have installed could present.

I agree that I have never heard of there being a security threat in practice, and this is probably a due diligence statement on NVDA's part, but the average user does not really have a good way of evaluating the potential risk that their add-ons might carry and could be made a bit nervous by this statement, especially with the news coverage of vulnerabilities found in software that was generally thought to be secure.

I suppose that there are some add-ons which a user might wish to have available during sign-in and on secure screens, but I would imagine that normally the settings that a user is concerned with preserving would be the speech and braille settings. It would be nice to be able to save settings minus any add-ons in this instance.

Greg


On 12/21/2021 3:35 PM, Brian Vogel wrote:
On Tue, Dec 21, 2021 at 02:26 PM, Ján Kulik wrote:
need to uninstall all add-ons to avoid security risk.
-
You need to be a lot more explicit, and detailed, about what exactly you mean by security concerns.

People have been using NVDA for years at the login screen and other secure screens, laden with add-ons, and I have never seen a single report of a security breach or concern because of that.

Vague discomfort does not constitute a security concern.  You have to have a very, very clear definition of what it is you think the issue is or issues are.  So far, that's not been forthcoming. 
 
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill

 


 

On Wed, Dec 22, 2021 at 11:00 AM, Greg Williams wrote:
"Warning Add-ons were detected in your user settings directory. Copying these to the system profile could be a security risk. Do you still wish to copy your settings?"
-
"Could be" is a vague, CYA, catch-all term, commonly used.

While it would be nice to have add-ons separated out, and I would believe that could be done and am not arguing against it, I would answer this prompt in the affirmative without definitive reason to do otherwise.

Accurate risk assessment requires separating out risks that are reasonably probable from an action versus remotely possible.  Given what we know of NVDA and its add-ons, both over time and on who knows how many machines, any security risk is in the remotely possible and not worth worrying about at this time.

This is a situation where, in my opinion, a mountain is being made out of less than a molehill and that needs to be stated directly.  And it comes from a lack of accurate risk assessment.
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill

 


Gene
 

I suspect this is the same sort of message you get when you install add-ons, warning that add-ons may be malicious and telling you to be careful.  Others may wish to discuss the question, but if your add-ons come from the official NVDA add-ons site, you should have nothing to worry about.  All officially approved add-ons have been checked.
 
Gene

-----Original Message-----
Sent: Wednesday, December 22, 2021 10:00 AM
Subject: Re: [nvda] How to copy NVDA user settings before logging into windows without the need for add-ons that are installed in NVDA?
 

Activating the option in NVDA Settings to "Use currently saved settings during sign-in and on secure screens" brings up a dialog with the message: "Warning Add-ons were detected in your user settings directory. Copying these to the system profile could be a security risk. Do you still wish to copy your settings?" Given this message from NVDA itself, it is not unreasonable for a user to wonder how to save settings without add-ons for use in this situation even if they do not know of a specific security threat that the particular add-ons they have installed could present.

I agree that I have never heard of there being a security threat in practice, and this is probably a due diligence statement on NVDA's part, but the average user does not really have a good way of evaluating the potential risk that their add-ons might carry and could be made a bit nervous by this statement, especially with the news coverage of vulnerabilities found in software that was generally thought to be secure.

I suppose that there are some add-ons which a user might wish to have available during sign-in and on secure screens, but I would imagine that normally the settings that a user is concerned with preserving would be the speech and braille settings. It would be nice to be able to save settings minus any add-ons in this instance.

Greg

 

On 12/21/2021 3:35 PM, Brian Vogel wrote:
On Tue, Dec 21, 2021 at 02:26 PM, Ján Kulik wrote:
need to uninstall all add-ons to avoid security risk.
-
You need to be a lot more explicit, and detailed, about what exactly you mean by security concerns.

People have been using NVDA for years at the login screen and other secure screens, laden with add-ons, and I have never seen a single report of a security breach or concern because of that.

Vague discomfort does not constitute a security concern.  You have to have a very, very clear definition of what it is you think the issue is or issues are.  So far, that's not been forthcoming.
 
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill

 


 

On Wed, Dec 22, 2021 at 11:29 AM, Gene wrote:
Others may wish to discuss the question, but if your add-ons come from the official NVDA add-ons site, you should have nothing to worry about.
-
Not so anymore, because the official NVDA add-ons site (https://nvda-addons.org/) is now a marketplace hosting what I call "officially vetted" and "home grown" add-ons that have minimal vetting.

You are correct, though, that any officially vetted add-on should not be of any concern from a security standpoint (ignoring the issues that can arise from having password characters announced as one types them, and I would assume anyone using such an add-on would know when, and when not, to allow such announcement to take place).
--

Brian - Windows 10, 64-Bit, Version 21H1, Build 19043  

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

        ~ Dorothy Nevill