Services are an important part of the operations of the Windows Operating System. Services are to Windows Operating System what daemons are to the UNIX like operating systems. Services are basically programs which run in background and provide functionalities which are either required by the Operating System components or some application installed on it. For example, when we insert a USB pen drive, Windows will automatically detect it and offer actions based on the content it finds inside the pen drive. This becomes possible by the ‘Plug and Play” service which is built into Windows.
Services are not only used by the operating system but also by important software installed on the system such as the antivirus program. In many cases, if you install a program which is used to monitor something while the system is running, it will install a service. If you disable the service related to the program, the program may stop working, lack functionality, crash or hang. Whatever happens in that case depends on the way program has been coded. For example, if you disable the service required by the antivirus, the antivirus program will not be able to scan the system for infected files.
Services can be used for great and very useful purposes; and just like any powerful medium, they too can be used to create havoc. There have been several deadly computer viruses which have used the service feature of Windows Operating System to start themselves automatically. For example, when you install antivirus software, it will install the service which actually makes a program run in background. The same feature can be used by a malicious program to steal data, infect files and so on.
Since services play an important place in the attack surface of Windows, it is important that they be analyzed when analyzing changes made to the attack surface by a software installation. It is not only needed to test the possibility of some malicious program but also to check that particular software installs its required services in the way it is expected. Once again Attack Surface Analyzer helps the system administrator to enumerate and find the differences between two states of the system and the services and their configurations in those two states. It was never so simple before Attack Surface Analyzer.