How to protect Windows computer from service hijacking

amit08255 By amit08255, 5th Apr 2014 | Follow this author | RSS Feed
Posted in Wikinut>Reviews>Technology>Security

Are you a windows user?
You must read this article. Recently many windows users have complained about service hacking.
In this article we will discuss how hackers do service hijacking and how to protect yourself.

What is service hijacking?

Windows services is a common attack technique.
Service hijacking has prompted Microsoft to continue to harden the services infrastructure in windows computers.
Microsoft is hardening windows services from following attacks:---
1. Service resource isolation:-- Many windows services execute in context of same local
account such as - LocalService. If any of these services is
compromised, then the integrity of all other windows services
executing as the same user are effectively compromised as
well/ To protect windows users from this attack, Microsoft
has meshed up two new technologies:---
a. Service specific SID.
b. Restricted SID
By assigning each service a unique SID, service resources,
such as a file and windows registry key, can be ACLed to
allow only that services to modify them.
To mitigate services that must run under the same context
from affecting each other, Restricted SID are used.
The service SID, along with the Restricted SID, are added to
service process's restricted SID list. When a windows
Restricted process or thread attempts to access an object,
two access checks are performed:--- One using enabled token
SID and other using restricted SID. Only if both checks succeed
then access is granted. This prevents restricted services from
accessing any object that doesn't explicitly grant access to
windows service SID.

2. Least privilege Services:-- In windows vista and later, the privileges granted to a
a windows service are no longer exclusively bound to the
account to which the service is configured to run, privileges can
be explicitly requested.
To achieve this, Windows Service Control Manager has been
changed. Windows Services are now capable to providing the
SCM with a list of specific privileges that they require.
For windows services that shares processes, such as-
svchost.exe, the process token contains an aggregate of all
privileges required by each individual service in user group.

3. Service Refactoring:---- Windows has launched, service refactoring technology
which is a fancy name for running services under lower
privileged user accounts such as- Guest user account.
In windows vista and later versions, Microsoft has moved eight
services out of the SYSTEM context and into LocalService account.
Microsoft has launched six new service hosts(svchosts).
Launching svchosts has protected windows from malwares to
access SYSTEM services.

\Now its your turn to add some additional security in your windows computer to protect your computer from service hijacking.
You need to install security software and AVAST free antivirus is one of them.
You must install a firewall and an antivirus to protect your computer from such malwares.


Hack, Hack Wii, Hackers, Hacking, Hacking Ethics, Hacking Software, Hacking Tips, Hacking Tutorials, Windows 7, Windows 8, Windows Vista, Windows Xp

Meet the author

author avatar amit08255
I love to write articles.
I am admin of blog-

Share this page

moderator johnnydod moderated this page.
If you have any complaints about this content, please let us know


Add a comment
Can't login?