Preventing Rogue Services with Windows Service Hardening

by Pablo Martinez.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on windows  

You are here: Categories » » Windows

If you could map out the Windows attack surface, the biggest feature in the resulting landscape would be, by far, the system and third-party services that run in the background. Services are a tempting malware target for two reasons. First, most services are "always on," in the sense that they start when Windows loads and then remain running until you shut down the system. Second, most services run with a high privilege level that gives them full access to the system. Malware that manages to get into a computer can use the system services to perform almost any task, from installing a Trojan horse to formatting the hard drive.

To reduce the chance that a malware program could turn a system's services on itself, Windows Vista implements a new service security technology called Windows Service Hardening. This technology doesn't prevent malware from infecting a service. (That's the job of Windows Firewall and Windows Defender.) Instead, Windows Service Hardening is designed to limit the damage that a compromised service can wreak upon a system by implementing the following security techniques:

  • All services run in a lower privilege level.

  • All services have been stripped of permissions that they don't require.

  • All services are assigned a security identifier (SID) that uniquely identifies each service. This enables a system resource to create its own access control list (ACL) that specifies exactly which SIDs can access the resource. If a service that's not on the ACL tries to access the resource, Vista blocks the service.

  • A system resource can restrict which services are allowed write permission to the resource.

  • All services come with network restrictions that prevent services from accessing the network in ways not defined by the service's normal operating parameters.

Share
Leave a comment or ask a question
Total comments: 0

Windows Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Shrink/Extend a Partition on Windows 7 Hard Drive - If you use multiple partitions on your hard drive, you may want to shrink or extend one of them-after realizing you want more space on another one of the partitions. ( Create a New Partition.) (more...)
Windows 7 Schedule Defragmentation - Defragmentation helps speed up access to data on your drive. In this tutorial, you'll learn how to schedule defragmentation so you don't have to worry about ensuring your drive is defragmented. (more...)
Reduce Windows 7 Boot Time - Does your computer boot slowly? If you shut your computer down regularly, this can be a real pain. Anything more than about 45 seconds tests my patience and I've used computers tha (more...)
Windows 7 Change Account Picture - Your account picture is used for the login screen, your start menu, windows meeting space, and more. When you first set up your account, you can choose one of the default images. In this tutorial, (more...)
Windows7 Device Stage - Device Stage is a new technology in Windows 7 that helps you interact with any compatible device connected to your computer. Device Stage lets you see device status and run common tasks. This a cur (more...)
Windows7 Action Center - Windows Action Center is an improved version of Vista's Security Center. The action center alerts you to problems with your PC and lets you know how you can resolve them. Notifications are delivere (more...)
Enhance SATA Disk Performance in Windows7 - You can improve the performance of your SATA hard drive by enhancing write caching. If you are not sure whether or not you have an SATA drive in your computer, please check with your manufa (more...)
Speed up Your External Hard Drives in Windows7 - The default setting in Windows 7 disables write caching for external drives. This is done so that you can remove an external drive at any time without data loss. If you are willing to eject your dr (more...)
Use Windows7 ReadyBoost to Speed up Programs - Using Windows ReadyBoost is a great way to improve the performance of your computer when doing your day-to-day tasks. What is ReadyBoost? ReadyBoost uses a USB thu (more...)
Make Windows7 Shut Down Faster - As you install programs on your computer, it slows down-we all know that. However, what you may not know is that the programs install services. Windows is "kind" enough to patiently wait for these (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.