• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

XP Pro running processes without authenticated userid

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
martinroll
Just Arrived
Just Arrived


Joined: 09 Mar 2009
Posts: 0
Location: Ireland

Offline

PostPosted: Mon Mar 09, 2009 1:41 pm    Post subject: XP Pro running processes without authenticated userid Reply with quote

My XP Pro system is behaving very strangely, and I have noticed that it is running many processes without allocated userid's.

Normally all processes have an ID allocated.

Can someone point me somewhere where I can find a fix for this please?

Thanks,
Martin Roll,
Ireland.
Back to top
View user's profile Send private message Send e-mail
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Mon Mar 09, 2009 5:57 pm    Post subject: Reply with quote

Martin,

All processes run with a security context, its inbuilt within the OS.
Quote:
many processes without allocated userid's
What appears in the Username column in task manager? It could be there is a user created on your PC which consists of characters which cannot be displayed and they are being used to run processes. What processes are you seeing being execute with no name?

Matt_s
Back to top
View user's profile Send private message
martinroll
Just Arrived
Just Arrived


Joined: 09 Mar 2009
Posts: 0
Location: Ireland

Offline

PostPosted: Mon Mar 09, 2009 6:26 pm    Post subject: Reply with quote

Thanks for the reply.

I know that everything is supposed to run with a verified context. However, in my experience, what is supposed to happen is not always the case. Normally, all processes on my nachine are showing allocated a valid userid.

I do not have any ID on my system with unprintable characters. I know that it is possible to run processes with null userids, if you know how to, by-passing the normal security validation processes.

It would appear that something is malfunctioning on my system, allowing processes to run without proper authentication. I work as a Mainframe Security Sys prog, and we have default profiles at start-up so that system processes can run. I guess my system is running these processes under some default or anonymous id.

I am concerned that my system is exposed if the logon procedures have become compromised in someway.

The processes that run without ID's vary from start-up to start-up, as does the sequence of my startup programs...
Back to top
View user's profile Send private message Send e-mail
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Mon Mar 09, 2009 6:38 pm    Post subject: Reply with quote

Have you tried another tool such as pslist?
Back to top
View user's profile Send private message
martinroll
Just Arrived
Just Arrived


Joined: 09 Mar 2009
Posts: 0
Location: Ireland

Offline

PostPosted: Mon Mar 09, 2009 7:39 pm    Post subject: Reply with quote

OK. What would appear to be happening, is that during my system startup, process are starting up but not being authenticated immediately.

I guess that they just sit and wait for the authentication to complete, which could explain why my system keeps haging.

I've tried using various utilities to control my startup sequence, but nothing seems to do the job.

Do you have any suggestions for utilities that can make sure that the startup sequence always runs the same way? I'm used to SYSTEM tasks starting up before a user can logon, but my system seems to allow logon almost straight away, before the system is properly initialized.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register