[UNDER REVIEW] Windows Critical Process Rule User-Modification Vulnerability

Started by HJLBX, April 06, 2016, 02:47:40 AM

Previous topic - Next topic

HJLBX

Some critical Windows processes can easily be edited via Programs > Nonisolated programs

For example, services.exe, svchost.exe, dwm.exe, winlogon.exe, etc, etc

LOL... typical user starts to mess with the rules for such processes and they will quickly black-screen their system

Perhaps for System32 and SysWOW64 rule modifications there should be a stern, bold warning that modification can smash the user's system

Alternatively, for the most critical Windows processes include a bold, distinguishing color for the file name or explicitly designate such files as "Critical Windows System File"

Making it a multi-step process for the most critical Windows processes will require the user to take pause and consider what they are doing

Of course, it is already a multi-step process; have to enable Expert Mode, go in and modify rule

At the same time, you cannot completely disable the ability to modify rules for System32 and SysWOW64 file paths

Difficult problem... to protect users that don't know any better from themselves...

Something to consider

This one requires further discussion I think...

fixer

That's an interesting idea. Thanks for your suggestion. We'll definitely give it a think.