Disabling unnecessary and potentially dangerous services

Hi Soya, what exactly was your question?

Quote:

‘Maybe because I didn’t perform things in the order presented in your instructions, but I always find this to be the case when removing the items in the Network properties (leaving only Internet Protocol (TCP/IP)):
Some of the services are no longer listed in service.msc, such as Computer Browser and Server.’

Answer no.1: As is stated on the site, it is absolutely necessary to follow exactly the originally given order of instructions to achieve the results mentioned.

Answer no.2: Yes, maybe it’s because of that you got this message (I did never encounter that yet, and I’ve used that thing on over 20 PC’s by now…

Answer no.3: You meant to say “services.msc”, not “service.msc”, right? :slight_smile:

Cheers
And always feel free to ask me further on this, friend

(In fact, it’s my fav cmd.script ever, even if rather simple, I think it’s very handy if you often have to do clean OS installs on other’s people’s systems.)

One last idea on your question:

Maybe you’ve already removed “Computer Browser” and “Server” by something like “nlite” before having installed your OS? Thanks for answering :slight_smile:

It must be the ordering that I didn’t followed because I don’t use NLite or the equivalent. I will probably use the script on the next reformat. Yes, I meant services.msc (sorry, I don’t usually type the full command because I created my own shortcut to it).

Quote:

I don’t use NLite or the equivalent

Which equivalent are you referring to?

Are you using VISTA?

If not, what OS were you running, having tried the script?

The script is not ready yet for VISTA use, as I mentioned, and I am not sure if it will ever support VISTA.
As VISTA’s closed source kernel is hindering many free developers to implement their security improvements, or, let’s say, is blocking them from developing reliable patches immediately after the disclosure of sec holes, I am not sure the people behind the script will go on developing it further, especially concerning the new governmental restrictions now being official law in Germany…

XP. I don’t use Nlite or anything extra programs like it. I haven’t tried the script - that it’ll keep in mind the next time I reformat a PC to start fresh and to start things on the right track. I don’t think it’s a good idea for me to run the script since I already completed certain steps in your instructions - the order alone is already incorrect on my PC (in addition, I’ve messed up with the registry and other things, but not enough to bother me).

Well, read this:

http://www.securityfocus.com/brief/567

German sites close, as anti-hacking law arrives
Published: 2007-08-13

Security researchers in Germany continued to pull down exploit code from their sites last week, scrambling to comply with a German law that makes illegal the distribution of software that could be used to break into computers.

The German law – referred to as 202(c) – went into effect on Sunday. Many experts have complained that the language of the law is very unclear, but a strict reading appears to make illegal the distribution, sale and possession of security tools which could be used to commit a crime.

In the latest move, PHP security professional Stefan Esser removed on Friday all exploit code from his Web site dedicated to the Month of PHP Bugs. While reasonable prosecutors would not likely pursue security researchers, the risk is too great, Esser stated.

“The big problem is that the (law) is not clearly written; it allows too much interpretation,” Esser stated in the comments to the post. “While our government says that they do not want to punish, for example, hired penetration testers, this is not written down in the law.”

Already, a number of other researchers have pulled their tools from their sites or shuttered their sites completely. Late last month, German research group Phenoelit shut down their site, but moved the content to the Netherlands. Earlier this month, the developers of the wireless scanner, Kismac, closed down their site in Germany as well and also said that they would reopen at a later date in the Netherlands.

The German cybercrime provision is the latest law to hobble security researchers’ ability to do their jobs. The United States’ Digital Millennium Copyright Act (DMCA) – which was written to provide better protections for copyright, but instead has been used to lock out competition – has been cited in lawsuits and prosecutions against a number of security researchers.

The German law was passed to meet the country’s obligations as a signatory of the Council of Europe’s Convention on Cybercrime, a treaty that the U.S. Department of Justice helped craft.

Posted by: Robert Lemos

Please visit the original site as well and read the comments of the site visitors…

Also read this one, please:

http://www.securityfocus.com/print/columnists/448

Achtung! New German Laws on Cybercrime
Federico Biancuzzi,

Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.

Could you introduce yourself?

Marco Gercke: I am a Lecturer for Law related to Cybercrime at the University of Cologne, Expert for the Council of Europe. My website.

What “cyber” things are covered by the new laws?

Marco Gercke: The new law implements the EU Framework Decision on Attacks against Information Systems. The Framework Decision needed to be implemented before the 16th of March 2007 - the implementation was therefore late. In addition the new law implements Art. 6 of Convention on Cybercrime.

The law criminalises a number of computer-related offences that were not or at least not up to the required extend criminalised previously. The most important changes are related to the following offences:

  1. Unlike most countries with computer-related criminal law provisions, the pure access to a computer system (that was not going along with further offences) was not criminalised. The new law criminalises the access to data and as a consequence the access to a computer system.
  2. Until the new law was implemented system interference (such as denial-of-service attacks) were only criminalised if they affected a computer-system from a company or official institution. Now attacks that affect private computers are covered as well.
  3. Criminalisation of the misuse of devices. The provision implements - as mentioned previously - Art. 6 of Convention on Cybercrime. With it’s implementation the preparation of computer-related crimes is criminalised if the crime is prepared by certain interaction with regard to passwords and computer tools.

Do you think that the new laws are more technologically up-to-date?

Marco Gercke: Yes, they cover the modern threats and up to a certain degree they are open for new technical developments. Nevertheless it is important to keep in mind that with regard to the fundamental “principle of certainty” in the civil law countries the laws needed to be precise. Therefore it might be necessary to address new scams that differ from the acts covered by the law with new laws in the future.

Do you think that the new laws clarify the subject or make it more complicated?

Marco Gercke: This question is difficult to answer. The implementation of the EU Framework decision is harmonising the laws within the EU and as a result enabling the parties to cooperate much better in international investigations. The implementation is - apart from some minor points - implementing the Framework decision in a very precise way. The possibilities of the national lawmaker was very much limited - therefore a complication would very much result from the EU Framework Decision and not from the implementation.

What was the situation regarding vulnerabilities disclosure with the old laws?

Marco Gercke: Under the old German Law the disclosure of security vulnerabilities of software could on a theoretical basis lead to a criminal responsibility for incitement or accessoryship. Never the less the majority of pure publications of software vulnerabilities will never lead to criminal liability as the liability is limited to very few case scenarios.

Situation regarding the old law:

  1. The disclosure of security vulnerabilities does not lead to a violation of criminal provisions under the Copyright Act (Urhebergesetz). Paragraph 106 of the Copyright Act, that sanctions the duplication and dissemination of copyright protected artwork is not applicable unless the disclosure of security vulnerabilities goes along with the duplication or dissemination of the (copyright protect) software or parts of this software.

  2. Paragraph 108b of the Copyright Act, that sanctions the interference with protection measures does not criminalise the pure disclosure of information.

  3. According to Penal Code (Strafgesetzbuch), the disclosure of security vulnerabilities does not lead to a violation of substantive criminal law provisions. Paragraph 202a Penal Code criminalises the spying of data. The criminalisation can in some cases even cover acts of gaining access to information systems (“hacking”). The pure disclosure of software vulnerabilities does not lead to a violation of Paragraph 202a Penal Code. The publication of security vulnerabilities can lead to criminal sanction by taking consideration Paragraph 26 and 27 of the German Penal Code.

The publication does only lead to a criminalisation of the person, who published it if:

* Somebody commits intentionally commits an unlawful act
* The published security vulnerability was used to commit the unlawful act OR the person who committed the unlawful act felt induced by the publication of the security vulnerability
* The person, who disclosed the security vulnerability, had the intention to aid or abet with regard to the unlawful act
* The person, who disclosed the security vulnerability, had at least some idea about the unlawful act that a third person committed

With regard to the last two aspects an analysis of a criminal responsibility needs to take into account the details of the underlying case. It can for example be important where the information is published. If somebody publishes security vulnerability in a “cracker” forum this can be an argument for his intention and with this his criminal responsibility. An important aspect can as well be the interaction between the publisher and the software company. If the information about existing security vulnerabilities is first of all forwarded to the software company and - after a reaction time - disclosed to the public this can be used as an argument against a criminal responsibility.

What will happen with the new laws?

Marco Gercke: The implementation of the Cybercrime Convention - that is just taking place - could change this situation as Art. 6 Paragraph 1 a ii is taking regard to “computer password, access code or similar data”.

Article 6 - Misuse of devices

1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

a. the production, sale, procurement for use, import, distribution or otherwise making available of:

   1. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with the above Articles 2 through 5;
   2. a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

b. the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches. 

If the disclosed information can be interpreted as “other data” the disclosure can lead to criminal sanctions. As the term “other data” is used in context with “password, access code” it is very likely that pure information about vulnerabilities will not be covered.

Does this cover the modification of personal devices such as videogame consoles or mobile phones that you have bought?

Marco Gercke: It is depending what you do with the devices. If you just activate functions that were disabled or something like this, the answer is no. The criminalisation of preparatory acts is limited to some very few crimes. Therefore the mentioned manipulation are in general not covered.

I am wondering if during the new lawsuits that will happen in future, the judge will have to completely ignore precedent verdicts made with the old laws…

Marco Gercke: Yes, with regard to those provisions where the wording changed they have to stick to the wording. An example is Paragraph 202a Penal Code. Under the old law hacking (without further criminal activity like data espionage) was not criminalised. Now the courts will have to prosecute those acts due to the change of the law. Nevertheless in some cases they will be able to keep the interpretation of certain legal terms if those terms have not changed.

Are these laws limited to Germany, or they will be applied to other EU countries and citizens?

Marco Gercke: The law is implementing international standards (EU Framework Decision on Attacks against Information Systems and Council of Europe Convention on Cybercrime). Therefore those provisions that are implemented in Germany will or have already been implemented in other countries.

Do you know if this framework has been adopted by UN (United Nations) or any other country outside EU?

Marco Gercke: No, not the framework decision. This will always be limited to the 27 EU States. But the Convention on Cybercrime (important because of Art. 6 - see above) was signed by non EU and non European countries. It is more detailed and going far beyond than the Framework decision. I was involved in various activities in East European Countries as well as African and Arabic countries that are at least planning to sign and ratify the Convention.

Do you expect to see a real crackdown on german security researchers and companies who might be breaking the new laws using “security evaluation tools”? Or maybe we could discover how these laws will be applied only after the first lawsuit?

Marco Gercke: This is depending on the way security researchers work. In those cases where a company orders the security researchers to test the system these tests are not criminalised by the new law. The situation is the same in those cases where the tests are processed in a closed environment (eg. in a laboratory). The practice to attack a system without permission first of all and then ask for the permission was criminalised before as well.

Ok, but I have heard from multiple sources that one of the worst aspects of the new laws was that security tools such as nmap (a port scanner), would become illegal. Just having them on your computer will be enough. Is it true? Every detail about this topic would be appreciated…

Marco Gercke: The risk is there. Unlike Art. 6 of Convention on Cybercrime, Paragraph 202c Penal Code does not limit the criminalisation to tools that are primarily designed to commit certain computer crimes. Therefore it will be necessary to wait for the first verdicts. It is very likely that the courts will limit the application of the software with the result that the possession without link to criminal activities will not be punished.

And, for all German COMODO visitors, here’s another interesting thing sent by
emsisoft a squared as a link to all German users:
(If interested in a translation, tell me)

Eine Geschichte über staatliche Malware - Der Bundestrojaner

Der Begriff “Bundestrojaner” beherrscht schon seit vielen Monaten etliche Med*enberichte und ist auch in fast jedem Forum ein brandheißes Thema. Im folgenden Artikel fassen wir zusammen, was es damit auf sich hat und erläutern unseren Standpunkt als Hersteller von Sicherheitssoftware.

Machen wir eine Zeitreise zurück nach Deutschland ins Jahr 2005. Damals wurde der frühere deutsche Bundesinnenminister Otto Schily von Heinz Fromm (Ex Präsident des Verfassungsschutzes) gebeten, eine Möglichkeit zu schaffen, um unbemerkt Computer verdächtiger Straftäter auszuspionieren. Was folgte, war eine Reihe von Gerichtsbeschlüssen, de, verkürzt ausgedrückt, ganz klar das heimliche Durchsuchen von Verdächtigen untersagen. Was bleibt ist de Möglichkeit, einen PC zu konfiszieren und dann den Festplatteninhalt genau zu durchleuchten.

Nun fragen Sie sich vielleicht, wieso so eine Unruhe herrscht, wenn denn de Onlinedurchsuchung verboten ist. Ganz einfach: Umstritten bleibt, ob de Onlinedurchsuchung als geheimdenstliche Maßnahme zulässig ist. So soll nach Ansicht des Bundesinnenministeriums de heimlichen Durchsuchungen von PCs für den Verfassungsschutz, den Militärischen Abschirmdenst (MAD) und den Bundesnachrichtendenst (BND) erlaubt sein. Auch gestatten einige Bundesländer, allen voran Nordrhein-Westfalen, das “Aufklären des Internets” per Verfassungsschutzbeschluss. Falls Sie in genau desem Bundesland wohnen und dagegen klagen wollen - das Bundesverfassungsgericht beschäftigt sich schon mit einem desbezüglichen Fall, der am 10. Oktober 2007 entschieden werden soll.

Zwischen den verschiedensten Meldungen, Gerüchten und Gerichtsurteilen bleibt vor allem eines: de Ungewissheit, ob Vater Staat sich Zugriff auf unsere per Internet vernetzten Computer verschaffen darf und vor allem auch kann. Für Unsicherheit sorgt dabei auch de Aussage einiger Sicherheitssoftwarehersteller, mit staatlichen Organen im Zweifelsfall durchaus zu kooperieren. Denn natürlich erlangt man nicht ohne weiteres den vollen Zugriff auf einen Computer. Dazu muss entweder eine passende Sicherheitslücke auf den Ziel-Systemen vorhanden sein, durch de man Schnüffel-Programm einschleust, oder aber es wird de Spionage-Software manuell online oder offline installiert. dese zeichnet dann de erforderlichen Daten auf und übermittelt sie an d*e Überwacher.

Eine solche Software, d*e jemandem versteckten Zugang zu einem Computer verschafft, nennt man im Allgemeinen Backdoor-Trojaner. So ist der Begriff Bundestrojaner im Grunde genommen ein Synonym für eine staatliche Malware. Detailinformationen zum Thema Trojaner finden Sie übrigens in unserer Knowledgebase: Trojanische Pferde im Detail

Sie sehen also, staatliche Trojaner, Remote Forensic (Fern-Forensik) Software Tools oder wie sie auch immer genannt werden, sind nicht etwa eine Zeitungsente, um das Sommerloch zu füllen. Wer möchte schon seinen PC einfach so und jederzeit durchsuchen lassen können. Eine von Kritikern oft genannte Problematik bei solchen “gutartigen” Trojanern ist, dass auch fremde Angreifer unter Umständen Zugang zum überwachten Computer erlangen könnten. Welche rechtlichen Folgen ein staatlich installiertes “offenes Scheunentor” zur Folge hätte, können Sie sich ausmalen. Verglichen mit dem Szenario, dass findige Hacker durch de gleiche Schwachstelle auf einem PC eindringen könnten, wirkt eine Onlinedurchsuchung durch de Polizei oder unseren Geheimd*enst nahezu harmlos.

Wir als Hersteller von Sicherheitssoftware möchten an deser Stelle ganz klar Stellung beziehen und versichern, dass wir auf keinen Fall bewusst eine Lücke in unserer a-squared Serie einbauen, um einen staatlichen Trojaner oder ähnliche Software gewähren zu lassen. Sollte es irgendwann einmal zu einem Gesetzbeschluss oder Gerichtsurteil kommen, welches uns dazu zwingt, so werden wir de Nutzer unserer Software umgehend darüber informieren. Bis dahin unterscheidet vor allem das Verhaltensanalyse-Modul von a-squared Anti-Malware (Malware-IDS) nicht zwischen “gutartigen” und bösartigen Schädlingen. So haben Sie als Nutzer immer d*e Möglichkeit, ein auffälliges Programm sofort zu blockieren.

Diskussionen zum Thema “Staatliche Malware” mit unseren Partner-Unternehmen aus der Antiviren-Branche zeigten auch, dass niemand bereit ist, eigene Versionen der Schutzsoftware für einzelne Länder zu erstellen. Der administrative und technische Aufwand, für jede Regierung deser Welt spezielle Abänderungen an der Software vorzunehmen, würde entweder in einem Rechts- und Klage-Chaos enden oder de Produktpreise durch den Mehraufwand vervielfachen. Der allgemeine Tenor aus der Security-Branche lautet: Kunden, d*e ihre Privatsphäre durch den Kauf von Sicherheitssoftware schützen möchten, haben Anspruch auf den bestmöglichen Schutz - ohne Kompromisse.

Hi again, Soya, I don’t really know how you managed to mess up your registry, but try this one:

http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

PS: Only use the registry function. It will help, I guess. All other functions might cause displeasure. Believe me.

Cheers

I messed it up lots of times through these past years and using RegSeeker carelessly. :-[ It doesn’t interfere with my daily use, so it doesn’t bother me. Anyway, don’t worry about it as we don’t want to trail off on the services topic here.

Still, without any discussing I want to get into further, the overall best registry tool is included inside TuneUp 2007, again, and maybe, one of last great Progs from Germany. You can try it for 30 days I believe…

Just in case you fall in love with this proggie, why not write a letter to our female German Chancellor? Tell her, kindly, to remove the bad law that now is lurking beneath our swamps. But rest assured, your voice will be as unheard as mine.

Cheers, though

Moderator’s edit: removed direct download; left link to download page/site

I don’t really think this should be the end of discussing the “nlite” topic.

Do you?

Cheers
Still the ol’ REBOL

Soya, Little Mac anywhere?

I’m out of ideas on what to disable. If I tried to disable anything more I won’t be able to log into Windows. (:TNG)

Isn’t winlogon.exe an unnecessary waste of resources? ;D

Hey REBOL, I “moderated” your post above, with the link to TuneUp, since it was a direct link to the download. Now it will direct the user to the site where they can choose to download or not; we prefer it that way. No offense intended. (:HUG)

LM

Hi, Little Mac, keep calm and rest assured that I will NOT kill you because of that selfish, fiendish deed of yours.

It does not (as almost anything going on on this thing called planet earth) really matter to me anymore.

Still, apparently, only sacred Soya, your holy self and me, the seventh son of the fifth son, are interested in that topic anyway. So…here’s the question of the day:

When shall WE THREE meet again?
In thunder, lighting or in rain?

When CPF 3 is done…
when that battle’s lost and won.

That will be ere the set of sun! [Hopefully]

Where’s the place???
Well, destiny…

There to meet with…Melih

Have a fine tea, yoghurt, ■■■■ or whatever you’re into. And feel free to criticise this Shakespearean poetry…

I’ll take all 3 for free, REBOL

You mean next month or the one after?

Hopefully on a that moderator yacht with his fear of motion cured:

http://www.cambridgenow.ca/images/newsimage/Tigers-yacht.jpg

Now I’m sure there are more than 2 people interested in this topic:

[attachment deleted by admin]

Beautiful sight, friend

But, remember, I’m only to be invited on a 3 stars yacht at this moment.
Fine pic, though.

1983 Beatles: I wanna be your man
2007 REBOL: I wanna be a global moderator on a forum that enables me to be a VIP on a five stars rated yacht courtesy of Melih and Co.

I will have one more (the last one for today) of my fine beers now.

That’ll do it, i hope.

I don’t wanna get depressed. Well, what a great pic.

Just one question:

Which kind of virtual grass is that one that seems to be so fertile on that carrier?

I hope it is tea or something, and nothing worse?

We’re not talking FinalFantasy 15 yet, hidden track BobMarley Bonus Edition Disc?

Or, are we?

:slight_smile:

Oh, I see, I’m to be on a four stars yacht with / or because of my last posting.

That gives me some hope…

Any congratulations?

It’s almost birthday…

Congrats on the stars, REBOL! It’s also getting closer to Christmas. I wonder what sort of wonderful present Comodo will have for us? :smiley:

LM