How to prevent others stop my service?

hello,
i write a service and not allow others to stop it,what can i do?
best regards
ding hao


Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/

In a word, ignore the SERVICE_CONTROL_STOP notice in your handler.

inline void CServiceModule::Handler(DWORD dwOpcode)
{
switch (dwOpcode)
{
case SERVICE_CONTROL_STOP:
// CRdUtils::DBGOUT(“SvcService::Stop command received.\n”);

// SetServiceStatus(SERVICE_STOP_PENDING);
// PostThreadMessage(dwThreadID, WM_QUIT, 0, 0);
break;

Best Regards
Raymond Zhang
xxxxx@intel.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of shark marian
Sent: 2005??4??21?? 13:18
To: Windows System Software Devs Interest List
Subject: [ntdev] How to prevent others stop my service?

hello,
i write a service and not allow others to stop it,what can i do?
best regards
ding hao


??? MSN Explorer: http://explorer.msn.com/lccn/


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@intel.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Recognize that the only people who can stop a service are administrators and
they have right to stop it. Anything that attempts to block this right is
fucking virus.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“shark marian” wrote in message
news:xxxxx@ntdev…
> hello,
> i write a service and not allow others to stop it,what can i do?
> best regards
> ding hao
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>

I dont want to enter in any polemics here, and I agree with you that things
are as you say Don,
but there are more and more “security” software is , or pretends to be for
the idiot user at home.
XP is such widely widespread, and used on so many idiot users desktops,
which run theyr account
as admin, and thus they open themselves to a wider range of attacks. Its
their mistake
I admit, but this is how things are in the wrold. There are hundredof
thousands of XP users which run as admin, and viruses are free to ravage
their systems, and the user behind the kbd has no ideea how to start ot stop
a service. They want to play games, many games requires admin rights
to be installed, they want a cheap firewall and a all in one security
solution, and not to be bothered
running under more secure accounts.

So there might be legitimacy behind such a question, and the author is not
necessarely a fucking virus writer, or a service which try to protect
himself is not necessarely a virus.

And did you ever wondered if there are ppl so paranoid in the wrold that
they dont trust their own admins ? Who knows , who knows …

Dan

----- Original Message -----
From: “Don Burn”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Thursday, April 21, 2005 3:24 PM
Subject: Re:[ntdev] How to prevent others stop my service?

> Recognize that the only people who can stop a service are administrators
> and they have right to stop it. Anything that attempts to block this
> right is fucking virus.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> “shark marian” wrote in message
> news:xxxxx@ntdev…
>> hello,
>> i write a service and not allow others to stop it,what can i do?
>> best regards
>> ding hao
>>
>> _________________________________________________________________
>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Sorry, I can’t agree here. Yes there are security products, but the bottom
line is that products that make it impossible to use standard management
practices are viruses, whether they are from an unknown or a large well know
company. There is a heck of a lot you can do make it harder to kill but
still allow a way to terminate cleanly. Doing stuff like totally blocking
the service is just wrong, sorry I’ve seen enough security products do the
wrong thing and need to be killed.

In this partucular case the gentleman has been asking questions on rootkits,
and other system hijacking techniques for months. Every time someone on the
forum asks what are you trying to achieve, he drops the thread, then comes
back with another question on hijacking. You are right, who knows, but it
when he won’t answer on his goal, but keeps trying to find ways to take
control of systems at some point you have to say, what is likely?


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dan Partelly” wrote in message news:xxxxx@ntdev…
>I dont want to enter in any polemics here, and I agree with you that things
>are as you say Don,
> but there are more and more “security” software is , or pretends to be for
> the idiot user at home.
> XP is such widely widespread, and used on so many idiot users desktops,
> which run theyr account
> as admin, and thus they open themselves to a wider range of attacks. Its
> their mistake
> I admit, but this is how things are in the wrold. There are hundredof
> thousands of XP users which run as admin, and viruses are free to ravage
> their systems, and the user behind the kbd has no ideea how to start ot
> stop a service. They want to play games, many games requires admin rights
> to be installed, they want a cheap firewall and a all in one security
> solution, and not to be bothered
> running under more secure accounts.
>
> So there might be legitimacy behind such a question, and the author is not
> necessarely a fucking virus writer, or a service which try to protect
> himself is not necessarely a virus.
>
> And did you ever wondered if there are ppl so paranoid in the wrold that
> they dont trust their own admins ? Who knows , who knows …
>
> Dan
>
>
> ----- Original Message -----
> From: “Don Burn”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, April 21, 2005 3:24 PM
> Subject: Re:[ntdev] How to prevent others stop my service?
>
>
>> Recognize that the only people who can stop a service are administrators
>> and they have right to stop it. Anything that attempts to block this
>> right is fucking virus.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> “shark marian” wrote in message
>> news:xxxxx@ntdev…
>>> hello,
>>> i write a service and not allow others to stop it,what can i do?
>>> best regards
>>> ding hao
>>>
>>> _________________________________________________________________
>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

It is absolutely so in a commercial environment, I totally
agree. But not necessarily in a home environment. If I’m the
only user and administrator - and remember, this is a “personal”
computer after all - I reserve myself the right of doing
anything my fancy strikes me with, even stopping a service. In
fact, my experience with corporate environments is that my
sysadmin is often the very enemy I’m trying to ward off, so,
yes, I would like to have certain rights on my personal computer
that not even the domain administrator has.

On the other hand, I do agree with you that the OP doesn’t
necessarily deserve an answer, not until he clearly states what
he’s up about.

Alberto.

----- Original Message -----
From: “Don Burn”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”

Sent: Thursday, April 21, 2005 8:24 AM
Subject: Re:[ntdev] How to prevent others stop my service?

> Recognize that the only people who can stop a service are
> administrators and they have right to stop it. Anything that
> attempts to block this right is fucking virus.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> “shark marian” wrote in message
> news:xxxxx@ntdev…
>> hello,
>> i write a service and not allow others to stop it,what can
>> i do?
>> best regards
>> ding hao
>>
>> _________________________________________________________________
>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@ieee.org
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com

Not exactly my first choice of how to word it Don, but I agree with the
setniment of what you are saying.

To attempt anything to block an Administrator from stopping any process on
a computer at the very least is a problem in and of itself. Besides, all
an admin has to do is delete all of the registry entries for the service
in question and reboot. Yeah, I know, the service could put in hacks to
monitor the registry keys and recreate itself immediately if it detects
tampering, but then there are ways around that as well.

Bottom line…there is NO legitimate reason to block a duly-authorized
admin from stopping almost any service on the machine. Period.

Greg

Recognize that the only people who can stop a service are administrators
and
they have right to stop it. Anything that attempts to block this right is
fucking virus.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“shark marian” wrote in message
> news:xxxxx@ntdev…
>> hello,
>> i write a service and not allow others to stop it,what can i do?
>> best regards
>> ding hao
>>
>> _________________________________________________________________
>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@pdq.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

>>Bottom line…there is NO legitimate reason to block a duly-authorized

>admin from stopping almost any service on the machine.

Dealing in absolutes , hahahhaha. I always found this funny. Then using in
the same phrase “almost any”. Decide please. Your phrase contains logical
contradictions.

Don, I wholhearthily agree with you.

But I was payed at least once to create what
I would call “abominations” over the OS. The customer wanted them there, and
he couldnt care less about what third parties thinked about implementation
or the golas set , and more important,
what was simply butchered to make it work. Including detection and bypassing
of 3rd party software. And I ensure you, my client was not dealing with
viruses, nor all-in-one security products.

> asks what are you trying to achieve, he drops the thread, then comes
> back with another question on hijacking.

True again. Chanches are the guy is doing what you say.

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, April 21, 2005 3:44 PM
Subject: Re:[ntdev] How to prevent others stop my service?

> Not exactly my first choice of how to word it Don, but I agree with the
> setniment of what you are saying.
>
> To attempt anything to block an Administrator from stopping any process on
> a computer at the very least is a problem in and of itself. Besides, all
> an admin has to do is delete all of the registry entries for the service
> in question and reboot. Yeah, I know, the service could put in hacks to
> monitor the registry keys and recreate itself immediately if it detects
> tampering, but then there are ways around that as well.
>
> Bottom line…there is NO legitimate reason to block a duly-authorized
> admin from stopping almost any service on the machine. Period.
>
> Greg
>> Recognize that the only people who can stop a service are administrators
>> and
>> they have right to stop it. Anything that attempts to block this right
>> is
>> fucking virus.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> “shark marian” wrote in message
>> news:xxxxx@ntdev…
>>> hello,
>>> i write a service and not allow others to stop it,what can i do?
>>> best regards
>>> ding hao
>>>
>>> _________________________________________________________________
>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@pdq.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Dan,

I understand there are reasons, for instance I hate hooking but once
wrote a product that hooked the complete system call table of Win2000. But,
when I did ask questions I made it very clear I was working for a firm whose
founders all came from the NSA or CIA, and that product was for limited
goverment use. Also, by the time I took it on, I had roughly a dozen
Windows drivers under my belt including a file system, this guy is a newbie
so even if he has a valid reason, he is playing in areas that can break a
lot of things.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dan Partelly” wrote in message news:xxxxx@ntdev…
>>>Bottom line…there is NO legitimate reason to block a duly-authorized
>>>admin from stopping almost any service on the machine.
>
> Dealing in absolutes , hahahhaha. I always found this funny. Then using
> in the same phrase “almost any”. Decide please. Your phrase contains
> logical contradictions.
>
>
> Don, I wholhearthily agree with you.
>
> But I was payed at least once to create what
> I would call “abominations” over the OS. The customer wanted them there,
> and he couldnt care less about what third parties thinked about
> implementation or the golas set , and more important,
> what was simply butchered to make it work. Including detection and
> bypassing of 3rd party software. And I ensure you, my client was not
> dealing with viruses, nor all-in-one security products.
>
>>> asks what are you trying to achieve, he drops the thread, then comes
>>> back with another question on hijacking.
>
> True again. Chanches are the guy is doing what you say.

Sorry, poor wording here. There are certain internal Windows services
that should not be stopped except by shutting down the system. Tehse
services however are written by (or on behalf of) Microsoft and are
created by the OS. Those are the only exceptions I can imagine to
allowing an admin to stop anything on the system.

I agree with Don on this issues. This guy is up to something no-good. If
he is legit, he should jsut come out and say what he is doing and why.
IMHO he should be banned from the list until he can priove to the admin
that what he is donig is legit. Ther are too many “hacker questions” he’s
been posing lately and I do not feel a list such as ours should assist him
in any way.

Greg

>>Bottom line…there is NO legitimate reason to block a duly-authorized
>>admin from stopping almost any service on the machine.

Dealing in absolutes , hahahhaha. I always found this funny. Then using
in
the same phrase “almost any”. Decide please. Your phrase contains logical
contradictions.

Don, I wholhearthily agree with you.

But I was payed at least once to create what
I would call “abominations” over the OS. The customer wanted them there,
and
he couldnt care less about what third parties thinked about implementation
or the golas set , and more important,
what was simply butchered to make it work. Including detection and
bypassing
of 3rd party software. And I ensure you, my client was not dealing with
viruses, nor all-in-one security products.

>> asks what are you trying to achieve, he drops the thread, then comes
>> back with another question on hijacking.

True again. Chanches are the guy is doing what you say.

----- Original Message -----
From:
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, April 21, 2005 3:44 PM
> Subject: Re:[ntdev] How to prevent others stop my service?
>
>
>> Not exactly my first choice of how to word it Don, but I agree with the
>> setniment of what you are saying.
>>
>> To attempt anything to block an Administrator from stopping any process
>> on
>> a computer at the very least is a problem in and of itself. Besides,
>> all
>> an admin has to do is delete all of the registry entries for the service
>> in question and reboot. Yeah, I know, the service could put in hacks to
>> monitor the registry keys and recreate itself immediately if it detects
>> tampering, but then there are ways around that as well.
>>
>> Bottom line…there is NO legitimate reason to block a duly-authorized
>> admin from stopping almost any service on the machine. Period.
>>
>> Greg
>>> Recognize that the only people who can stop a service are
>>> administrators
>>> and
>>> they have right to stop it. Anything that attempts to block this right
>>> is
>>> fucking virus.
>>>
>>>
>>> –
>>> Don Burn (MVP, Windows DDK)
>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>> Remove StopSpam from the email to reply
>>>
>>>
>>>
>>> “shark marian” wrote in message
>>> news:xxxxx@ntdev…
>>>> hello,
>>>> i write a service and not allow others to stop it,what can i do?
>>>> best regards
>>>> ding hao
>>>>
>>>> _________________________________________________________________
>>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@pdq.net
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@pdq.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

I do agree with all the views here. I’m not sure why I bumped into these
situation 3 times in real product developments, may be 4 times to be exact.
BUT THERE ARE LEGITIMATE CUSTOMERS who wants this service features.

My memory is not good, but has anyone tried to kill all the services after
logging as an admin. You might find that some of the Microsoft services are
not easy to kill ? Has anyone worked with the requirements that comes from
three letter guys that want that kind of solidity ?. May be some of you did,
but coming up with a legitimate solution is quite difficult, if not
impossible. AND FOR THIS VERY REASON I said “trusting admin is trusting
monkey”. AND I’M DEEPLY SORRY TO SAY THAT. And just for a note, after seeing
those requirement I found that I am no better than a Monkey.

All of those products are mainly based on *going out of the line*, and heck
of problem to get it right specially when it comes to different versions of
NT oses.

Now coming down the fact the OP tries to avoid telling what he is up to,
'caz OP does not giveaway his propritary info or 'caz it is malicious. If I
had a say, I will take the worst case and shut this thread down !

-pro

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, April 21, 2005 5:44 AM
Subject: Re:[ntdev] How to prevent others stop my service?

> Not exactly my first choice of how to word it Don, but I agree with the
> setniment of what you are saying.
>
> To attempt anything to block an Administrator from stopping any process on
> a computer at the very least is a problem in and of itself. Besides, all
> an admin has to do is delete all of the registry entries for the service
> in question and reboot. Yeah, I know, the service could put in hacks to
> monitor the registry keys and recreate itself immediately if it detects
> tampering, but then there are ways around that as well.
>
> Bottom line…there is NO legitimate reason to block a duly-authorized
> admin from stopping almost any service on the machine. Period.
>
> Greg
>> Recognize that the only people who can stop a service are administrators
>> and
>> they have right to stop it. Anything that attempts to block this right
>> is
>> fucking virus.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> “shark marian” wrote in message
>> news:xxxxx@ntdev…
>>> hello,
>>> i write a service and not allow others to stop it,what can i do?
>>> best regards
>>> ding hao
>>>
>>> _________________________________________________________________
>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@pdq.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

It really depends on what the person is after whether this is a valid case or not…

Since you point out that he’s been asking these dubious questions then its fair to assume ‘not’.

I just want to add something.

There are virus’s out there that disable the services associated with popular virus protection products and I’ve also seen cases where infected machines have had their hosts files updated so that all servers the popular virus software periodically check for their updates from are entered as 127.0.0.1… And even sneakier it put a big block of carriage returns in to make it look like the file was still fresh as the day windows was installed if you weren’t paying attention.

Yes its not good for these vendors to react this way… and Anti-virus products are notoriously crappy anyways.

Had this been from a different angle I can think of at least one simple method that isnt ‘too’ nasty to achieve this AND still allow an admin/user control of when the service is loaded or not. But since part of this info gives away what this malicious guy wants to do… I’ll keep it to myself :slight_smile:

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: 21 April 2005 13:49
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Re:How to prevent others stop my service?

Sorry, I can’t agree here. Yes there are security products, but the bottom
line is that products that make it impossible to use standard management
practices are viruses, whether they are from an unknown or a large well know
company. There is a heck of a lot you can do make it harder to kill but
still allow a way to terminate cleanly. Doing stuff like totally blocking
the service is just wrong, sorry I’ve seen enough security products do the
wrong thing and need to be killed.

In this partucular case the gentleman has been asking questions on rootkits,
and other system hijacking techniques for months. Every time someone on the
forum asks what are you trying to achieve, he drops the thread, then comes
back with another question on hijacking. You are right, who knows, but it
when he won’t answer on his goal, but keeps trying to find ways to take
control of systems at some point you have to say, what is likely?


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Dan Partelly” wrote in message news:xxxxx@ntdev…
>I dont want to enter in any polemics here, and I agree with you that things
>are as you say Don,
> but there are more and more “security” software is , or pretends to be for
> the idiot user at home.
> XP is such widely widespread, and used on so many idiot users desktops,
> which run theyr account
> as admin, and thus they open themselves to a wider range of attacks. Its
> their mistake
> I admit, but this is how things are in the wrold. There are hundredof
> thousands of XP users which run as admin, and viruses are free to ravage
> their systems, and the user behind the kbd has no ideea how to start ot
> stop a service. They want to play games, many games requires admin rights
> to be installed, they want a cheap firewall and a all in one security
> solution, and not to be bothered
> running under more secure accounts.
>
> So there might be legitimacy behind such a question, and the author is not
> necessarely a fucking virus writer, or a service which try to protect
> himself is not necessarely a virus.
>
> And did you ever wondered if there are ppl so paranoid in the wrold that
> they dont trust their own admins ? Who knows , who knows …
>
> Dan
>
>
> ----- Original Message -----
> From: “Don Burn”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, April 21, 2005 3:24 PM
> Subject: Re:[ntdev] How to prevent others stop my service?
>
>
>> Recognize that the only people who can stop a service are administrators
>> and they have right to stop it. Anything that attempts to block this
>> right is fucking virus.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> “shark marian” wrote in message
>> news:xxxxx@ntdev…
>>> hello,
>>> i write a service and not allow others to stop it,what can i do?
>>> best regards
>>> ding hao
>>>
>>> _________________________________________________________________
>>> ??? MSN Explorer: http://explorer.msn.com/lccn/
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com

Interesting. I see some of this in many places where ‘someone’ decides that
they are much brighter than the user. Of course, I see too many software
packages that remind me of a design for a pistol I thought up. The pistol
has two barrels pointing exactly 180 degrees from each other. When a bullet
is brought up from the clip, the barrel it goes into is random and
unpredictable. Computer software is a little less physically dangerous, but
with automobiles, airplanes, and warships being controlled by computers, not
much less dangerous.

For example, how about changing the first create user screen in Windows. It
has the first line separated from the others with each character a bright
yellow in red background - flashing too. It says this is the administrator
account. The other lines have a check box that defaults to limited user,
but allows power user to be chosen. Creating more members of the
adminstrator group would require running the computer management console to
get to the users and groups option. Of course, most software would have to
work without admin rights.

“Prokash Sinha” wrote in message news:xxxxx@ntdev…
>I do agree with all the views here. I’m not sure why I bumped into these
>situation 3 times in real product developments, may be 4 times to be exact.
>BUT THERE ARE LEGITIMATE CUSTOMERS who wants this service features.
>
> My memory is not good, but has anyone tried to kill all the services after
> logging as an admin. You might find that some of the Microsoft services
> are not easy to kill ? Has anyone worked with the requirements that comes
> from three letter guys that want that kind of solidity ?. May be some of
> you did, but coming up with a legitimate solution is quite difficult, if
> not impossible. AND FOR THIS VERY REASON I said “trusting admin is
> trusting monkey”. AND I’M DEEPLY SORRY TO SAY THAT. And just for a note,
> after seeing those requirement I found that I am no better than a Monkey.
>
> All of those products are mainly based on going out of the line, and
> heck of problem to get it right specially when it comes to different
> versions of NT oses.
>
> Now coming down the fact the OP tries to avoid telling what he is up to,
> 'caz OP does not giveaway his propritary info or 'caz it is malicious. If
> I had a say, I will take the worst case and shut this thread down !
>
> -pro
>
> ----- Original Message -----
> From:
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, April 21, 2005 5:44 AM
> Subject: Re:[ntdev] How to prevent others stop my service?
>
>
>> Not exactly my first choice of how to word it Don, but I agree with the
>> setniment of what you are saying.
>>
>> To attempt anything to block an Administrator from stopping any process
>> on
>> a computer at the very least is a problem in and of itself. Besides, all
>> an admin has to do is delete all of the registry entries for the service
>> in question and reboot. Yeah, I know, the service could put in hacks to
>> monitor the registry keys and recreate itself immediately if it detects
>> tampering, but then there are ways around that as well.
>>
>> Bottom line…there is NO legitimate reason to block a duly-authorized
>> admin from stopping almost any service on the machine. Period.
>>
>> Greg
>>> Recognize that the only people who can stop a service are administrators
>>> and
>>> they have right to stop it. Anything that attempts to block this right
>>> is
>>> fucking virus.
>>>
>>>
>>> –
>>> Don Burn (MVP, Windows DDK)
>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>> Remove StopSpam from the email to reply
>>>
>>>
>>>
>>> “shark marian” wrote in message
>>> news:xxxxx@ntdev…
>>>> hello,
>>>> i write a service and not allow others to stop it,what can i do?
>>>> best regards
>>>> ding hao
>>>>
>>>> _________________________________________________________________
>>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@pdq.net
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@garlic.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>

I like that double barrel with 180 degree orientation, a perfect example
:-). Shoot or be shot.

For the software, think about privacy ,online transactionsand spams are
enough to be quite dangerous, but there are more dangerous stuff and might
not be so wide spread.

And yes, something like the idea of console management or some such seems
reasonable. While in management console the system should be deprived from
outside connectivity, authentication mechansim has to be bullet proof, and
other stuff … And I’m sure there are works going on along these lines.
Admin has too much power, and once hijacked it is end of the game. And the
hijack could be of any form. As long as it goes to an unintended hand, it is
hijacked. Here a software entity could have many hands to hijack admin
privilages.

To me software is a combinatorial game, it does have its virtue being easy
to mix, for example do I need h2o or h2o2, and it has its power being
uncontrollable due to its explosive complexities so those designs are surely
complex but achievable I suppose.

-pro

----- Original Message -----
From: “David J. Craig”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Thursday, April 21, 2005 5:39 PM
Subject: Re:[ntdev] Re:How to prevent others stop my service?

> Interesting. I see some of this in many places where ‘someone’ decides
> that they are much brighter than the user. Of course, I see too many
> software packages that remind me of a design for a pistol I thought up.
> The pistol has two barrels pointing exactly 180 degrees from each other.
> When a bullet is brought up from the clip, the barrel it goes into is
> random and unpredictable. Computer software is a little less physically
> dangerous, but with automobiles, airplanes, and warships being controlled
> by computers, not much less dangerous.
>
> For example, how about changing the first create user screen in Windows.
> It has the first line separated from the others with each character a
> bright yellow in red background - flashing too. It says this is the
> administrator account. The other lines have a check box that defaults to
> limited user, but allows power user to be chosen. Creating more members
> of the adminstrator group would require running the computer management
> console to get to the users and groups option. Of course, most software
> would have to work without admin rights.
>
> “Prokash Sinha” wrote in message news:xxxxx@ntdev…
>>I do agree with all the views here. I’m not sure why I bumped into these
>>situation 3 times in real product developments, may be 4 times to be
>>exact. BUT THERE ARE LEGITIMATE CUSTOMERS who wants this service features.
>>
>> My memory is not good, but has anyone tried to kill all the services
>> after logging as an admin. You might find that some of the Microsoft
>> services are not easy to kill ? Has anyone worked with the requirements
>> that comes from three letter guys that want that kind of solidity ?. May
>> be some of you did, but coming up with a legitimate solution is quite
>> difficult, if not impossible. AND FOR THIS VERY REASON I said “trusting
>> admin is trusting monkey”. AND I’M DEEPLY SORRY TO SAY THAT. And just for
>> a note, after seeing those requirement I found that I am no better than
>> a Monkey.
>>
>> All of those products are mainly based on going out of the line, and
>> heck of problem to get it right specially when it comes to different
>> versions of NT oses.
>>
>> Now coming down the fact the OP tries to avoid telling what he is up to,
>> 'caz OP does not giveaway his propritary info or 'caz it is malicious.
>> If I had a say, I will take the worst case and shut this thread down !
>>
>> -pro
>>
>> ----- Original Message -----
>> From:
>> To: “Windows System Software Devs Interest List”
>> Sent: Thursday, April 21, 2005 5:44 AM
>> Subject: Re:[ntdev] How to prevent others stop my service?
>>
>>
>>> Not exactly my first choice of how to word it Don, but I agree with the
>>> setniment of what you are saying.
>>>
>>> To attempt anything to block an Administrator from stopping any process
>>> on
>>> a computer at the very least is a problem in and of itself. Besides,
>>> all
>>> an admin has to do is delete all of the registry entries for the service
>>> in question and reboot. Yeah, I know, the service could put in hacks to
>>> monitor the registry keys and recreate itself immediately if it detects
>>> tampering, but then there are ways around that as well.
>>>
>>> Bottom line…there is NO legitimate reason to block a duly-authorized
>>> admin from stopping almost any service on the machine. Period.
>>>
>>> Greg
>>>> Recognize that the only people who can stop a service are
>>>> administrators
>>>> and
>>>> they have right to stop it. Anything that attempts to block this right
>>>> is
>>>> fucking virus.
>>>>
>>>>
>>>> –
>>>> Don Burn (MVP, Windows DDK)
>>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>>> Remove StopSpam from the email to reply
>>>>
>>>>
>>>>
>>>> “shark marian” wrote in message
>>>> news:xxxxx@ntdev…
>>>>> hello,
>>>>> i write a service and not allow others to stop it,what can i do?
>>>>> best regards
>>>>> ding hao
>>>>>
>>>>> _________________________________________________________________
>>>>> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>>>>>
>>>>
>>>>
>>>>
>>>> —
>>>> Questions? First check the Kernel Driver FAQ at
>>>> http://www.osronline.com/article.cfm?id=256
>>>>
>>>> You are currently subscribed to ntdev as: xxxxx@pdq.net
>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@garlic.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>