Windows File Protection and Custom GINA

[Guest]

I have developed a cutom GINA which enables login thro' smart card.

But it can be deleted or changed by booting in Safe Mode, which is not desirable since it is a security product.

My question is - Can I add my GINA dll among the files which are protected by the "Windows File Protection (WFP) feature" ? And if so, how will that be done ? As i understand, these protected files can only be replaced thro' Service Pack installations\ Updates\Hotfixes etc.

Is there any way so that I can get my GINA under the security blanket of the WFP ? or any way to prevent deletion....??

any help....???!!

Richa Joshi

 

[Marco]

AFAIK wfp only protects files digitally signed by MS. If your gina dll is
not loaded in safe mode you may need to develop a boot driver that locks the
file and does not allow deletion. Your driver must support safe mode
otherwise that will not be loaded too.

If you are trying to protect your solution against administrators with
physical access to a computer then you are wasting time. You are better off
documenting the limitation of your solution .. which are the same of may,
many other security solutions. there are many other ways to get rid of your
gina if you are an admin.

--
Marco [ www.neovalens.com ]
--

I have developed a cutom GINA which enables login thro' smart card.

But it can be deleted or changed by booting in Safe Mode, which is not

desirable since it is a security product.

My question is - Can I add my GINA dll among the files which are protected

by the "Windows File Protection (WFP) feature" ? And if so, how will that be
done ? As i understand, these protected files can only be replaced thro'
Service Pack installations\ Updates\Hotfixes etc.

Is there any way so that I can get my GINA under the security blanket of

the WFP ? or any way to prevent deletion....???

 

[MSFT]

Windows File Protection is always disabled in Safe Mode- even Microsoft
files can be deleted.

Siddharth
PSS Security


--------------------

From: "Marco" <[email protected]>
References: <[email protected]>
Subject: Re: Windows File Protection and Custom GINA
Date: Mon, 2 Feb 2004 09:28:21 +0100
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.win2000.security
NNTP-Posting-Host: 158.64.60.60
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA0
5.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:20966
X-Tomcat-NG: microsoft.public.win2000.security

AFAIK wfp only protects files digitally signed by MS. If your gina dll is
not loaded in safe mode you may need to develop a boot driver that locks the
file and does not allow deletion. Your driver must support safe mode
otherwise that will not be loaded too.

If you are trying to protect your solution against administrators with
physical access to a computer then you are wasting time. You are better off
documenting the limitation of your solution .. which are the same of may,
many other security solutions. there are many other ways to get rid of your
gina if you are an admin.

--
Marco [ www.neovalens.com ]
--

I have developed a cutom GINA which enables login thro' smart card.

But it can be deleted or changed by booting in Safe Mode, which is not

desirable since it is a security product.

My question is - Can I add my GINA dll among the files which are

protected
by the "Windows File Protection (WFP) feature" ? And if so, how will that be
done ? As i understand, these protected files can only be replaced thro'
Service Pack installations\ Updates\Hotfixes etc.

Is there any way so that I can get my GINA under the security blanket of

the WFP ? or any way to prevent deletion....???

any help....???!!!

Richa Joshi