Protecting a Windows Service from untrusted users

百般思念 提交于 2019-11-29 07:48:23

Users have to have admin privs to stop services. I don't think there is a foolproof way to protect a program from someone who has admin on the box. If you don't want "untrusted users" stopping the serivce, don't give "untrusted users" admin privs.

There seems to be some tripping over this point, so let me clarify a bit. Suppose an administrator decides she wants to uninstall your program. That's normally only a few mouse clicks. Are you going to take steps to prevent that?

Think carefully about your answer here. Any program that purposely tries to prevent uninstallation by an administrator is by definition malware.

I know that it has been pretty much standard since NT came out to give all home PC users admin rights, so that they can install and play games to their heart's content. However, that isn't really nessecary anymore with Vista and Win7, and people should get out of that habit. It is very bad security practice, even for a "trusted" user.

Telling your users that they have to actually follow some security practices is not a bad thing. They will find they have to clean far less malware and viruses off their machines that way as well.

What's your threat model? Without a threat model, it's impossible to figure out the right way to spend your effort.

For the moment, let's just consider preventing a service from being stopped, rather than the prevention or tampering or crashing.

T.E.D is correct in saying that if any admin wants to stop the service, you shouldn't normally try to prevent this. Otherwise how can the administrator do fault isolation, start Windows in bare-bones mode, and so on?

As you say, the ServiceBase.CanStop property is used to prevent service stopping. This property is normally used only by OS-critical services that must run.

In the main service thread, you could just ignore the OnStop event and loop forever. So the SCM would think the service was stopped, even though it's still running. This is rather nasty, but should work. The SCM is just issuing a stop request, not actually forcing the stop.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!