Eitan said; "Privileged users CAN START the procedure of stopping the service - BUT, the application vendor CAN (as part of the overall procedures performed when an application is being shut down) place a code section that forces a password prompt at the beginning of the stopping process and if the password is wrong - to stop the stopping process."
This is a description of a GUI interface, and not the underlying actions/permissions/rights. IOWs, it is possible for a developer to code something into their service which, when the service detects a shutdown request, causes that service to execute some action (such as prompting for a password). This does not mean that the service could not be "stopped". If a user has the right to stop a service, they also have the right to modify its startup behavior, including setting it to disabled or manual. Since that action has nothing to do with the running service, the service could be "stopped" by simply changing the setting and restarting the machine...at which time the service would not start. While I think its great that people like Eitan are entering into the security realm, I think properly stating the severity of issues is as important. When the discoverer puts such comments into their advisories, it should be vetted (pre or post publication). I do this with every post to NTBugtraq, which is why the volume is so low there. In this case, Eitan has overstated the severity of the issue, IMNSHO. Members of the Administrators and Power Users group have many ways they can manipulate the operation of a Windows environment (any version). They are "privileged users", and as such, must be endorsed to be trustworthy. If you cannot trust individuals using those accounts, then custom privileges should be assigned (leaving them out of pre-defined groups). You can stop them from shooting themselves in the foot, but you cannot stop them from intentionally modifying the operation of the system. Any expectation that you can is the real "false sense of security". Sygate have silently acknowledged this by not bothering to prompt for the password. This should be clearly documented, and if its not, that then is their mistake. Cheers, Russ - NTBugtraq Editor
