And the problem with these cases is that about half the stupid firms don’t
provide an appropriate kill switch for the program. I have turned down
requests for being an “expert witness” because a firm thinks their program
is “so important” they don’t provide a way to terminate it. I am not sure
any of the cases really ended in court, but I know some of the situations
the “we will protect our program against anything” were asking where are we
getting the money to pay our programmers after the enterprise customer was
done with them.
Mr Grig has it right, Use administrative privledge, worst case provide a
confirmation dialog to ensure that termination is what is really wanted.
Trying to stop termination is another one of these idiot chases like trying
to complete clean an infected system while it is running, you are not going
to be able anticipate all the potential ways.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Friday, October 17, 2014 8:59 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Blocking particular process from getting terminated
Yes they will kill process if they want.
denying a computer administrator to terminate a process is wrong, so process
self-protection should be avoided.
This is true 99% of the cases, the remaining 1% are those cases when a
process is vital for the system infrastructure security such as anti
malwares, IPS and IDS. Those kind of softwares have to protect themself from
malicious software trying to terminate their services and processes or
inject arbitrary code into their executable address space, so that’s when an
appropriate protection is vital.
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer