New
#1
Security -- Some basic Questions
Note: see: Security with Someone Elses ActiveX
Following is somewhat duplicate post of above (with more questions)
------------------
Background
------------------
secpol.msc appears to be where Microsoft addresses system security.
But we have other areas such as Services that are running.
Also like most people I have some software written by someone else.
That software uses various API's in order to function. However, API's are a two edge sword.
They can be used for both good or bad.
So how does one determine what that software is in fact doing.
"CALL HOME" is a simple example of this issue.
----------------
Questions
'--------------
1) Is there anyway to determine what affects what on the system?
For example if one checks certain boxes in secpol.msc, will ths override a particular "service(s)"
and if so what "service(s) are affected. Conversely, if one toggles a service, will that override
settings in secpol.msc.
2) Wireshark and other software can be used to monitor traffic. However, for calls made from within,
such as "Call Home" -- that occur infrequently -- how does one identify that piece of software?
Example/Clarification:
DEP as I understand it is still dealing with an outsider (e.g. virus) getting in - or having got in -- and then accessing memory in a Process it is not supposed to have access to. What I'm trying to address is 3rd party software getting out and how to monitor it.
For example, say I install program A -- or -- receive an ActiveX control (or library) to be used to link to someone elses server. I need the program or the ActiveX. However, the vendor will Not provide the source code for the software or the ActiveX. Hence, I really have no knowledge what is embedded in that code. Just like Call Home, when the software is installed who knows what went on behind the scenes. With the ActiveX I have a little more control, but since it is interfacing with someone elses server, embedded in that ActiveX can be APIs calls to do whatever. While DEP --hopefully -- would limit access outside of the Process that is executing the ActiveX, the ActiveX still would have access to the code in which it is embedded and I'm NOT real sure what else (??? basis for question) . So can one control any of this or is it back to the "TRUST" issue with No VERIFY?
3) Is there a master list of where to go and what affects what in regard to system security?
Last edited by dw85745; 15 Feb 2019 at 13:56.