Services

Services provide the important tasks of operating system. Therefore the ordinary applications shall have limited and controlled access to them, particularly if the applications are not authorized or recognized by sandbox engine.

Even though you can define service object for particular service using its name, in general it is usually sufficient to allow/prevent access to them using general object (all services). That means the application group either has or has not the right to access the services as a whole.

You can define access rights of specific applications to services through Services objects. When you define the Services object you may use it when building the rules and determine the access of application groups to it.

The Services objects may define several levels of access:

The seven service access alternatives are:

• Query service status
• Start service
• Stop service
• Remove service
• Open service
• Install service
• Control service

It is very important to control access to all levels, especially install service, in order to prevent trojans to install unwanted processes. Recent Klez worm was a very good example of the service controlling trojan horse. Klez worm installed a system service that was unstoppable from regular Services Control Applet. Therefore the only way how to remove Klez was to reboot in safe mode and use Virus removal tool to clean up infected executables.