Hello,
I bought the iNet Protector 3.0 Small Business License in yesterday. Today when I have installed the program on a client I doing some security test of the program and found out one strange thing, during the tests I found that a standard user can without any problem inactive the service "Internet Protector System Service (a part of iNet Protector) under Services. This feels not good at all and I hope there is a fix for this.
Best regards
Claus
Securing iNet Protector service
-
Karlis
- Site Admin
- Posts: 3605
- Joined: Mon Jul 15, 2002 5:24 pm
- Location: Riga, Latvia, Europe
- Contact:
Re: iNet Protector unsecure?
Of course it will be possible to stop this and any other service if you have not secured the access to Management Console.
This article covers how to do that:
http://www.pctools.com/guides/registry/detail/1303/
This article covers how to do that:
http://www.pctools.com/guides/registry/detail/1303/
Re: Securing iNet Protector service
A standard user should not be able to deactivate the service "Internet Protector System Service" even if they have access to the Management Console.
I checked this out and a standard user can actually do this. It means that at next reboot the the Internet protection will be disabled. It is however not possible to stop the service immediately.
Other security related services in Windows are not possible to deactivate. E.g. if you try to deactivate the service "Event Log" as a standard user you will get a "Permission is denied" message. It seems as the permissions on the service "Internet Protector System Service" are not set properly at installation.
Edit:
Securing the service turned out to be quite easy (but don't try this if you don't have good knowledge of Windows, you might break the installation):
1. Download the SubInACL tool from Microsoft: http://www.microsoft.com/downloads/deta ... laylang=en
2. Open a command window as administrator
3. Change directory to C:\Program Files\Windows Resource Kits\Tools
4. Run the following command:
subinacl /service InternetProtectorService /revoke=everyone
(if you are not running the English version of windows you might have to substitute everyone with something else)
5. Done. Standard users can no longer deactivate the service Internet Protector System Service
kollo
I checked this out and a standard user can actually do this. It means that at next reboot the the Internet protection will be disabled. It is however not possible to stop the service immediately.
Other security related services in Windows are not possible to deactivate. E.g. if you try to deactivate the service "Event Log" as a standard user you will get a "Permission is denied" message. It seems as the permissions on the service "Internet Protector System Service" are not set properly at installation.
Edit:
Securing the service turned out to be quite easy (but don't try this if you don't have good knowledge of Windows, you might break the installation):
1. Download the SubInACL tool from Microsoft: http://www.microsoft.com/downloads/deta ... laylang=en
2. Open a command window as administrator
3. Change directory to C:\Program Files\Windows Resource Kits\Tools
4. Run the following command:
subinacl /service InternetProtectorService /revoke=everyone
(if you are not running the English version of windows you might have to substitute everyone with something else)
5. Done. Standard users can no longer deactivate the service Internet Protector System Service
kollo