When to allow a global hook?

Discussion in 'ProcessGuard' started by djg05, May 28, 2005.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Not sure when a global hook should be allowed. Obviously if the app runs without then that is the end of it. But I have just loaded a program that will not run without it. It is activicon.exe
    http://freeware4u.com/modules/mydownloads/viewcat.php?cid=66

    It is asking for
    global CallWindProc hook.

    Opinions please.
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi djg05,

    My rule-of-thumb is that if it is a trusted program and it needs global hooks then I give it. I have one trusted program that asks for it, but it runs fine without it, so I don't give it the privilege. I am not familiar with this program, but apparently, Activicon needs this hook in order to manage its windows display. The choice is yours whether you want to give it the hook.

    Rich
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks Rich

    That is about as far as I got. What I don't know is if you allow a global hook to a program that you mistakenly trusted. Where/what can it do? For instance if you have protected your f/w can it override it or whatever?
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi djg05,

    If you feel like you would like to take away rights from a program, you can always go to the Protection or Security tabs, click on the program, and remove or change rights as you see fit. If the program doesn't run, you may have to give the rights back.

    I hope this answers your question.

    Rich
     
  5. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Hi Rich

    No - not quite the point. I do understand what you are saying.

    What I am really getting it is what can a program do with a global hook it is has nefarious intentions.

    So the situation is "I trust this app, but unknown to me it has a hidden agenda"

    I hope that makes it clearer.
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi djg05,

    Very good point. I have had an experience with a so-called trusted app that was requesting hooks which I was dubious about. I denied permission. At the end, it was the right move.

    If you have a specific circumstance, you might want to discuss the software and the hook that is being requested so that the experts on this forum can give you some advice.

    As I look over my current list, the only programs that have global hooks are a handful of Windows modules (maybe 3) and a handful of security apps from trusted sources.

    Rich
     
  7. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks Rich

    It was activicon in particular I was concerend about, no particular reason, just being cautious. However in the meantime I have come across another method that does not need any special privilege. For anyone interested here is the link.
    http://www.annoyances.org/exec/show/article02-137
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Rich, can you provide details about this experience -

    1) what was the trusted application,

    2) why would it request a dubious hook,

    3) how did you decide it was dubious,

    4) and why was denying permisison the right move.

    Thanks,

    -rich
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Rmus,

    The application was trying to install a service and requested a global hook. I decided that it had no reason to do this, so I denied it authority - which I normally do for all applications unless it is a security app.

    The application ran O.K. and never thought much about it. Afterwards, there were discussions on a user group of some activity that the application was performing that would be quite intrusive to privacy. This intrusion was quite substantial and actually spelled out in the TOA, though hidden away. Some users were concerned, others weren't. I was glad that I had denied the application hooks that it required.

    Basically, no application gets to install services or hooks unless they require them to operate. And even then, I only give these capabilities to my most trusted applications. At this time only my most highly trusted security/Windows apps are given this permission. I have no reason to loosen these restrictions at this time.

    Rich
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Rich

    What was the application?

    Pete
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello Rich,

    Pretty hard to follow what you are talking about, not knowing what the application is.

    You say
    How do you determine whether a hook or service is required? On what did you base your decision to deny in this case?

    -rich
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    I rather not speak about specific applications that I have encountered, but basically, I never give hooks to any applications - other than security and Windows apps that I trust. In all cases, the applications, even the Watcom tablet app, seem to run O.K., so it never bothers me nor do they follow up.

    Rich
     
Thread Status:
Not open for further replies.