Protecting a Windows Service from untrusted users

2020-02-11 06:45发布

How can I prevent users from tampering with, stopping or crashing a Windows Service that is doing work in the background that may take a while to complete?

Upon receiving a stop request, the service should wait until the work is complete before stopping.

There is the CanStop flag for services, but I'm not sure how to respond to the OnStop message. And if the user does try to crash the service, how can I prevent further tampering?


Edit: Generalised question from parental control to any background process.

3条回答
孤傲高冷的网名
2楼-- · 2020-02-11 07:09

What's your threat model? Without a threat model, it's impossible to figure out the right way to spend your effort.

For the moment, let's just consider preventing a service from being stopped, rather than the prevention or tampering or crashing.

T.E.D is correct in saying that if any admin wants to stop the service, you shouldn't normally try to prevent this. Otherwise how can the administrator do fault isolation, start Windows in bare-bones mode, and so on?

As you say, the ServiceBase.CanStop property is used to prevent service stopping. This property is normally used only by OS-critical services that must run.

In the main service thread, you could just ignore the OnStop event and loop forever. So the SCM would think the service was stopped, even though it's still running. This is rather nasty, but should work. The SCM is just issuing a stop request, not actually forcing the stop.

查看更多
Evening l夕情丶
4楼-- · 2020-02-11 07:25

Users have to have admin privs to stop services. I don't think there is a foolproof way to protect a program from someone who has admin on the box. If you don't want "untrusted users" stopping the serivce, don't give "untrusted users" admin privs.

There seems to be some tripping over this point, so let me clarify a bit. Suppose an administrator decides she wants to uninstall your program. That's normally only a few mouse clicks. Are you going to take steps to prevent that?

Think carefully about your answer here. Any program that purposely tries to prevent uninstallation by an administrator is by definition malware.

I know that it has been pretty much standard since NT came out to give all home PC users admin rights, so that they can install and play games to their heart's content. However, that isn't really nessecary anymore with Vista and Win7, and people should get out of that habit. It is very bad security practice, even for a "trusted" user.

Telling your users that they have to actually follow some security practices is not a bad thing. They will find they have to clean far less malware and viruses off their machines that way as well.

查看更多
登录 后发表回答