Hi,
How do official/semi-official PortableApps releases approach stealth with respect to the registry and AppData folders? Can they be relied upon to avoid one or the other or both, or do I need to check on a per-app basis?
More technically, I understand that the PAF works by emulating the program's folder structure to some extent but does it redirect or otherwise prevent read/writes to the registry or to outside (i.e. AppData) directories (esp. by external libraries)?
In particular, I've noticed a rash of apps that, even when downloaded as a "portable" version from the official vendor's website, will always write all over private Appdata folders, in large part because they're using CEF, Electron, and similar frameworks that, without internal modification, write there very extensively by default. It seems to be a behaviour deeply embedded within CEF.dll and related components because there exists no Electron/CEF app that doesn't act this way, as far as I've seen, and every CEF app has an identical telltale dir structure in %APPDATA%.
It's obviously not impossible to create a stealth app no matter what components you're using (even if you have to manually change the binary opcodes with a hex editor), but it seems prohibitively difficult with web-tech-on-desktop-based apps -- or else every developer using Electron/CEF is equally lazy (which also checks out). The total lack of stealth is just one of many reasons to dislike and avoid Electron-based apps. There's also their unnecessarily huge disk and RAM footprints for apps that could often fit into 1/100th the size if written using desktop technology and proper optimisation (it's not even like Python or C# or even C/C++/Rust with a basic widget framework is hard to use nowadays); the vast new and unmonitored attack surface they introduce by dint of embedding an entire web browser into every app (how many CEF users regularly update the lib/dll they build against?); and the speed disadvantages of Node and JS and thousands of NPM package pulls relative to native code. But this isn't a thread to bitch about Electron (as much as it's a worthy topic).
Thanks a lot, friendos.