lotuseclat79
September 27th, 2005, 12:23 PM
Given: WinXP Pro SP2 (or your Windows version substituted here) OS fully booted up, libraries loaded, system state stable.
Given the following current design anomalies with Windows startup mechanism(s):
1) Windows starts up applications from many locations both in the registry and the Start Menu Programs folder which virtually guarantees that specific ordering cannot be guaranteed due apparently to concurrent startup threads which do not follow or can be tamed or imposed with an ordered sequence - as least AFAIK - please correct me if I am wrong about this or any assumption I make herein.
2) Windows has no mechanism for controlling startup in an orderly, secure way with emphasis on security that can be guaranteed by ordering.
3) Some applications have kernel-level hooked services (components) that may trigger startup of their associated client(user)-level apps, e.g. SnoopFree.
4) There exist startup controllers that introduce the concept of pauses between a sequentially order list of startup apps. IMO, this approach may be susceptible to a race condition (depends on the length of the pause interval) that would allow the next app in an ordered list to start up prior to the current app from completing its startup sequence (either exit; notify user of anomalies to be allowed or denied which should stop the pause clock associated with the next app (a zero value of which triggers it to start in the sequence) until all anomalies are decided upon, and then the pause clock should be resumed; or achieve a minimized icon state in the system tray)
5) Booting up a 24/7 broadband dsl or cable system may require somewhat different guards (HIPS?) to be in place as opposed to a dialup system - Note: this is not exactly an anomaly, but it is here as a design consideration.
Scenario: The loading of startup applications is about to start.
Objective is to guarantee security on application startup:
The plan is to bring up the lowest level kernel hooked components first, but first verify them by doing an integrity check on their signatures prior to allowing their associated client-level apps from starting up. Candidates for this level are integrity checking software, HIPS, Anti-keylogger, Anti-Virus, Anti-Trojan, and Firewall applications. Note: signatures also need to be either secured and/or verified first.
Chicken and egg issue:
If either the integrity checking software (which has no kernel-level component) or any of the kernel-level hooked services, or the signatures that would verify everything become compromised, then the entire notion of an orderly, secure sequential startup is rendered moot. This is the chicken and egg problem.
Problem: How to guarantee a secure, sequentially ordered startup with the following categories of application software:
Note: System Restore points should be scanned, but are not addressed here, and probably should be - perhaps as an associated shutdown verification component?
1) Signatures need to be verified first including system integrity checking software.
2) Integrity checking software runs and either verifies or notifies of anomalies which may be: newly installed software, changes to system objects made in previous session not yet seen by integrity software, or malware detected and to be dealt with.
3) Kernel-level component services associated with an ordered startup list are allowed to startup followed by their associated client-level software interfaces.
4) Host Intrusion Prevention Software must be verified then started up
5) Anti-virus, Anti-Trojan, Anti-Spyware, Privacy Management software ditto
6) ISP control software and
7) HW monitoring software
The control of the ordered list would proceed, not by introducing a pause clock for each application, but by using either a start-token, a mutex, or semaphore - all of which could provide a barrier or guard against multiple simultaneous startups.
All assumptions are open to constructive criticism - comments, evaluation and discussion are encouraged!
-- Tom
Given the following current design anomalies with Windows startup mechanism(s):
1) Windows starts up applications from many locations both in the registry and the Start Menu Programs folder which virtually guarantees that specific ordering cannot be guaranteed due apparently to concurrent startup threads which do not follow or can be tamed or imposed with an ordered sequence - as least AFAIK - please correct me if I am wrong about this or any assumption I make herein.
2) Windows has no mechanism for controlling startup in an orderly, secure way with emphasis on security that can be guaranteed by ordering.
3) Some applications have kernel-level hooked services (components) that may trigger startup of their associated client(user)-level apps, e.g. SnoopFree.
4) There exist startup controllers that introduce the concept of pauses between a sequentially order list of startup apps. IMO, this approach may be susceptible to a race condition (depends on the length of the pause interval) that would allow the next app in an ordered list to start up prior to the current app from completing its startup sequence (either exit; notify user of anomalies to be allowed or denied which should stop the pause clock associated with the next app (a zero value of which triggers it to start in the sequence) until all anomalies are decided upon, and then the pause clock should be resumed; or achieve a minimized icon state in the system tray)
5) Booting up a 24/7 broadband dsl or cable system may require somewhat different guards (HIPS?) to be in place as opposed to a dialup system - Note: this is not exactly an anomaly, but it is here as a design consideration.
Scenario: The loading of startup applications is about to start.
Objective is to guarantee security on application startup:
The plan is to bring up the lowest level kernel hooked components first, but first verify them by doing an integrity check on their signatures prior to allowing their associated client-level apps from starting up. Candidates for this level are integrity checking software, HIPS, Anti-keylogger, Anti-Virus, Anti-Trojan, and Firewall applications. Note: signatures also need to be either secured and/or verified first.
Chicken and egg issue:
If either the integrity checking software (which has no kernel-level component) or any of the kernel-level hooked services, or the signatures that would verify everything become compromised, then the entire notion of an orderly, secure sequential startup is rendered moot. This is the chicken and egg problem.
Problem: How to guarantee a secure, sequentially ordered startup with the following categories of application software:
Note: System Restore points should be scanned, but are not addressed here, and probably should be - perhaps as an associated shutdown verification component?
1) Signatures need to be verified first including system integrity checking software.
2) Integrity checking software runs and either verifies or notifies of anomalies which may be: newly installed software, changes to system objects made in previous session not yet seen by integrity software, or malware detected and to be dealt with.
3) Kernel-level component services associated with an ordered startup list are allowed to startup followed by their associated client-level software interfaces.
4) Host Intrusion Prevention Software must be verified then started up
5) Anti-virus, Anti-Trojan, Anti-Spyware, Privacy Management software ditto
6) ISP control software and
7) HW monitoring software
The control of the ordered list would proceed, not by introducing a pause clock for each application, but by using either a start-token, a mutex, or semaphore - all of which could provide a barrier or guard against multiple simultaneous startups.
All assumptions are open to constructive criticism - comments, evaluation and discussion are encouraged!
-- Tom