Latching onto an instance of MS Access using API

[StuartM]

Hi,

Is there any way for someone to latch onto a current instance of MS Access
running on the current machine using the API? I'm a bit concerned that this
may be a way to access objects in a secured database, but I'm hoping it's
just excessive paranoia on my part...

I'm not after any details of how they could do this (for obvious reasons!),
and I haven't attempted to test it as it could potentially be a lot of work
for nothing, but if it is theoretically possible then I want to find some way
of stopping it.

Cheers,

Stuart

 

['69 Camaro]

Hi, Stuart.

Is there any way for someone to latch onto a current instance of MS Access
running on the current machine using the API?

Yes. Malware commonly retrieves data from a compromised computer and sends
the information via the Internet to where the thief can collect the
information. Keystroke loggers are commonly used, but other methods are
available for those sufficiently skilled to harvest the information,
including the use of Windows API functions. There are still a lot of
security vulnerabilities found in Windows each month, many of which have
patches available, but some are as yet unpatchable.

I'm a bit concerned that this
may be a way to access objects in a secured database

Honestly, I wouldn't worry about this method of stealing data from your
computer if the valuable data that needs protection is stored in an Access
database. There are far easier methods of getting that information than to
use the Windows API functions. Tools for breaking Access security are very
inexpensive, and some are even free -- if one knows where to look to find
them.

but I'm hoping it's
just excessive paranoia on my part...

It's not paranoia. It's reality. Computer data theft happens every day,
because people don't know how to safeguard their data -- or because they
don't know that they _should_.

but if it is theoretically possible then I want to find some way
of stopping it.

One may prevent unauthorized users from accessing the Windows API by
eliminating viruses, worms, and malware from the computer. Another method of
prevention is to isolate the compromised computer from all network and
Internet connections until such time as the viruses, worms, and malware can
be removed from the computer.

The only ways to protect valuable data stored in an Access database is to
not have _any_ valuable data to store, or no Access database to store the the
valuable data in. There's no compromise here. If one has valuable data,
then it should not be stored in an Access database. Use a client/server
database for securing data, not a file-based database.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (e-mail address removed) and (e-mail address removed)

- - -
When you see correct answers to your question posted in Microsoft's Online
Community, please sign in to the Community and mark these posts as "Answers,"
so that all may benefit by filtering on "Answered questions" and quickly
finding the right answers to similar questions. Remember that questions
answered the quickest are often from those who have a history of rewarding
the contributors who have taken the time to answer questions correctly.

 

[StuartM]

Thanks for the info - much appreciated!

Stuart

Hi, Stuart.


Yes. Malware commonly retrieves data from a compromised computer and sends
the information via the Internet to where the thief can collect the
information. Keystroke loggers are commonly used, but other methods are
available for those sufficiently skilled to harvest the information,
including the use of Windows API functions. There are still a lot of
security vulnerabilities found in Windows each month, many of which have
patches available, but some are as yet unpatchable.


Honestly, I wouldn't worry about this method of stealing data from your
computer if the valuable data that needs protection is stored in an Access
database. There are far easier methods of getting that information than to
use the Windows API functions. Tools for breaking Access security are very
inexpensive, and some are even free -- if one knows where to look to find
them.


It's not paranoia. It's reality. Computer data theft happens every day,
because people don't know how to safeguard their data -- or because they
don't know that they _should_.


One may prevent unauthorized users from accessing the Windows API by
eliminating viruses, worms, and malware from the computer. Another method of
prevention is to isolate the compromised computer from all network and
Internet connections until such time as the viruses, worms, and malware can
be removed from the computer.

The only ways to protect valuable data stored in an Access database is to
not have _any_ valuable data to store, or no Access database to store the the
valuable data in. There's no compromise here. If one has valuable data,
then it should not be stored in an Access database. Use a client/server
database for securing data, not a file-based database.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (e-mail address removed) and (e-mail address removed)

- - -
When you see correct answers to your question posted in Microsoft's Online
Community, please sign in to the Community and mark these posts as "Answers,"
so that all may benefit by filtering on "Answered questions" and quickly
finding the right answers to similar questions. Remember that questions
answered the quickest are often from those who have a history of rewarding
the contributors who have taken the time to answer questions correctly.