Running CGoban with Integrity Level LOW

[RobertJasiek]

Preface

Windows Vista and Windows 7 use integrity levels that enhance and override classical access rights. The integrity level SYSTEM is used for the operating system's processes and files, MEDIUM is used for ordinary user processes and files and LOW can be used, e.g., for potentially less secure internet processes and files. Basically a program on a particular level may not access processes or files on any higher level. Therefore by setting your internet programs LOW you put them into a sandbox and protect the privacy and contribute to protect the integrity of your ordinary files and the system files. Hence it is a good idea to use each of one's internet programs at LOW integrity level. The following procedure describes how to do it.

Procedure

0. Use Windows Vista or 7.
1. Install Java to %PROGRAMFILES%\Java
2. Install CGoban.jar to %PROGRAMFILES%\CGoban
3A. If you use x64-Windows, then copy the x64-javaw.exe to %PROGRAMFILES%\CGoban, even though CGoban is x32.
3B. If you use x32-Windows, then copy the x32-javaw.exe to %PROGRAMFILES%\CGoban.
4. Install Sysinternals's ProcessExplorer and enable the "Integrity Level" column.
5. Install chml.exe and regil.exe from http://www.minasi.com/apps/ to %SYSTEMROOT%\System32
6. Start an administrative cmd.exe.
7. Goto %PROGRAMFILES%
8. chml cgoban -i:l -nw -nr -nx
9. Goto the appropriate %USERPROFILE%\AppData\Local\Temp
10. icacls hsperfdata_%USERNAME% /setintegritylevel (ci)(oi)L
11. Login with the user with which you use CGoban.
12. Start a non-administrative cmd.exe
13. regil hkcu\software\javasoft\prefs\org\igoweb\cgoban -i:l
14. Set CGoban's desktop link as follows (example for x64-Windows):
"C:\Program Files (x86)\CGoban\javaw.exe" -jar "C:\Program Files (x86)\CGoban\cgoban.jar"
15. Use the desktop link to connect to KGS.
16. Start an administrative ProcessExplorer and notice that javaw.exe runs with Integrity Level LOW.

Remarks

- The procedure is tested for Windows 7 Professional x64, Java both x64 and x32 installed, CGoban 3.4.5, GoWrite x64, OpenOffice x32.
- Be careful with changing access rights and the registry! You are responsible.
- If you are unlucky, then copying only javaw.exe might not work. Try some other approach: a) Run all your Java applications LOW and set the java-Directory to LOW. b) Duplicate the whole java-Directory and use one each for LOW or MEDIUM for your LOW or MEDIUM applications, respectively. c) Try javaw.exe in %SYSTEMROOT%\System32. Alter the desktop link accordingly. d) Likewise but java.exe. - Test all your java-based applications. If you see error messages like when trying to save, open or close, you might have to revert to MEDIUM.
- System Restore Poins often do not revert integrity levels; do that manually.
- Instead of chml and regil you might prefer to use the program "Integrity" from http://www.ah-shareware.de/
- chml sets CI and OI inheritance flags automatically.
- The flags NW, NR, NX mean NoWriteUp, NoReadUp, NoExecuteUp. Setting them all is the strictest choice.
- icacls sets NW only.
- It is essential to login with the user with which you use CGoban and to start a a non-administrative cmd.exe for using regil because only then will the correct user's registry key hkcu\software\javasoft\prefs\org\igoweb\cgoban be set to LOW.
- So far CGoban is the only application for which I have needed to set any registry key to LOW. For all my other internet applications like Firefox or Thunderbird, it has been sufficient to set integrity levels for folders and their files.
- Installing and using ProcessExplorer is optional.
- I am not sure yet whether a LOW hsperfdata_%USERNAME% is necessary or optional.
- If the CGoban programmer had told me of the usage of hkcu\software\javasoft\prefs\org\igoweb\cgoban, I would have solved the problem much earlier. Previously I simply did not know which registry keys to look for.
- Further information about security can be found here:
http://home.snafu.de/jasiek/vista_security_concept.html
See the section about integrity levels.

[Toge]

Why would this be necessary? CGoban isn't a piece of malware.

[oren]

Why would this be necessary? CGoban isn't a piece of malware.

It's not necessary, but if you have fun doing it, why not?

[RobertJasiek]

Why would this be necessary? CGoban isn't a piece of malware.

It is never necessary to protect one's PC, is it?:) Pretty likely CGoban is not designed to be malware. But...

Good programs can have programming bugs. Third persons' malware enjoys exploiting bugs of trusted programs, attach itself to them, or just abuse their communication process etc.

If before that the good programs and the good data are well protected, then the hijacking malware has no chance to do more than trivial harm.

In summary, it is good practice to take care of one's internet applications in time. (BTW, doing so also saves CPU ressources; anti-virus software becomes superfluous.)

[kirkmc]

Ain't Windows fun?

[Suji]

Why would this be necessary? CGoban isn't a piece of malware.

It is never necessary to protect one's PC, is it?:) Pretty likely CGoban is not designed to be malware. But...

Good programs can have programming bugs. Third persons' malware enjoys exploiting bugs of trusted programs, attach itself to them, or just abuse their communication process etc.

If before that the good programs and the good data are well protected, then the hijacking malware has no chance to do more than trivial harm.

In summary, it is good practice to take care of one's internet applications in time. (BTW, doing so also saves CPU ressources; anti-virus software becomes superfluous.)

Or, one can just trust that wms is competant.

Personally, I trust wms, therefore I wouldn't do this. Then again, I've never had a virus or malware (Knocking on wood).

[RobertJasiek]

Trusting wms is insufficient. That does not prevent programming bugs in CGoban, programming bugs in Java, security design gaps in either, either in Windows etc. Not having had malware until now is no guarantee not to have it in the next second.

I also think wms can be trusted as a person. Concerning CGoban security, having made it very difficult to run CGoban's javaw.exe LOW is to be criticised though. Each program must comply with the security design of an operating system under which it shall run. Integrity levels are one of the core and best security features of Windows NT 6.x.