Tin Foil Hat Tool

Based on some of Nicole’s feedback, I decided to write a basic app that checked your .NET security settings for you — kind of like a very basic version of the Windows XP SP2 “Security Centre” tool which pops up and annoys you if you don’t have the firewall or Automatic Updates turned on. (Whilst I disagree with Nicole’s opinions on the role of CLR security, I do agree with her that we need to keep users more informed about the state of their machine).

Anyway, you can get the source for the app as a UUEncoded blob (I really need to organise some place to host binaries…). Copy the contents of that page (not including the menu, comments section, etc.) into a text file and save it with a UUE extension. Then open the file with WinZip or an archive utility of your choice and extract the contents somewhere on your machine.

Build the solution and copy the two output EXEs into the same folder. Then run CasHealthMonitor.exe and behold its unrivalled suckiness. Play around with CAS and make some “dangerous” changes (eg, caspol -en -cg 1 -levelfinal on) to see what happens (you’ll have to wait a few seconds). Then immediately revert your changes (caspol -en -cg 1 -levelfinal off) to reduce the chances of your machine being hacked.

Some notes:

·This application doesn’t prove anything; all it does is show you coloured tin foil hat icons depending on what the CLR reports for the various security zones, but there are various ways to spoof this (see below)

·I hate the way Notify Icons are implemented in the CLR. So many bugs / annoying behaviours

·I really wish I could have a proper Balloon notification window (see previous point)

·The app could be extended to use a config file mapping arbitrary evidence to arbitrary expected permissions (eg, you could map \serverfoobar to FullTrust and make sure it was doing OK)

·Don’t run this app on your production machines (all the usual disclaimers apply)

·The code is ugly; I’m not a Windows Forms coding expert

·In fact, I’m not any kind of coding expert

How it works:

Every ten seconds or so, the app spawns a little helper process (casstate.exe) that spits out some basic security information to stdout (it has to do this because policy is never reloaded by a process). This output is captured and parsed and the results are displayed in the tray icon / list view. The helper process checks a few things, but they aren’t foolproof:

·It checks if CAS is enabled, but a trojaned CLR install could lie about this state

·It checks to see if each Zone is using the default permission set for that zone, but a badly / maliciously configured system could have changed the contents of the Internet named permission set to be the same as FullTrust and this app would be none the wiser

Although I really don’t think there’s much value in this app, maybe you can learn a bit about resolving policy groups or something from it. Or, more likely, you can learn how NOT to program a system tray application in Windows Forms.

I wonder if Whidbey is any better…?

Comments (1)

  1. You could use http://www.gotdotnet.com to upload your samples, even if they are binaries….

    Wow, haven’t seen a zip distributed that way lately..