保护 Windows 服务免受不受信任的用户的侵害 [英] Protecting a Windows Service from untrusted users
问题描述
如何防止用户篡改、停止或使正在后台工作且可能需要一段时间才能完成的 Windows 服务崩溃?
How can I prevent users from tampering with, stopping or crashing a Windows Service that is doing work in the background that may take a while to complete?
收到停止请求后,服务应等到工作完成后再停止.
Upon receiving a stop request, the service should wait until the work is complete before stopping.
服务有 CanStop 标志,但我不确定如何响应 OnStop 消息.如果用户确实试图使服务崩溃,我该如何防止进一步的篡改?
There is the CanStop flag for services, but I'm not sure how to respond to the OnStop message. And if the user does try to crash the service, how can I prevent further tampering?
从家长控制到任何后台进程的泛化问题.
Generalised question from parental control to any background process.
推荐答案
用户必须拥有管理员权限才能停止服务.我不认为有一种万无一失的方法可以保护程序免受具有管理员权限的人的侵害.如果您不希望不受信任的用户"停止服务,请不要给不受信任的用户"管理员权限.
Users have to have admin privs to stop services. I don't think there is a foolproof way to protect a program from someone who has admin on the box. If you don't want "untrusted users" stopping the serivce, don't give "untrusted users" admin privs.
在这一点上似乎有些绊脚石,所以让我澄清一下.假设管理员决定要卸载您的程序.这通常只需点击几下鼠标.你会采取措施防止这种情况发生吗?
There seems to be some tripping over this point, so let me clarify a bit. Suppose an administrator decides she wants to uninstall your program. That's normally only a few mouse clicks. Are you going to take steps to prevent that?
在这里仔细考虑你的答案.任何故意阻止管理员卸载的程序都属于恶意软件.强>
Think carefully about your answer here. Any program that purposely tries to prevent uninstallation by an administrator is by definition malware.
我知道自从 NT 推出以来,它已经成为标准,它为所有家庭 PC 用户提供管理权限,以便他们可以随心所欲地安装和玩游戏.但是,对于 Vista 和 Win7,这已经不再是真正需要的了,人们应该改掉这种习惯.这是非常糟糕的安全实践,即使对于受信任的"用户也是如此.
I know that it has been pretty much standard since NT came out to give all home PC users admin rights, so that they can install and play games to their heart's content. However, that isn't really nessecary anymore with Vista and Win7, and people should get out of that habit. It is very bad security practice, even for a "trusted" user.
告诉您的用户他们必须真正遵循一些安全实践并不是一件坏事.他们会发现,他们也必须通过这种方式从他们的机器上清除更少的恶意软件和病毒.
Telling your users that they have to actually follow some security practices is not a bad thing. They will find they have to clean far less malware and viruses off their machines that way as well.
这篇关于保护 Windows 服务免受不受信任的用户的侵害的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
