Tim Elhajj

Off the Microsoft stack!

Network Service: Threat or Menace?

Leave a comment

In the Spider-Man comic, J. Jonah Jameson, the Editor-in-Chief of the mythical Daily Bugle, launches a smear campaign against our hero with the headline, “Spider-Man: Threat or Menace?”*

Like Jameson’s ongoing vendetta against Spider-Man, some people believe that using one of the built-in user accounts—like Network Service or Local Service—for a service account is always a bad idea. A service account is an identity that you assign to software so that it can interact with other services or computers. In the last iteration of our product, we gave customers the option to use one of the built-in accounts, instead of creating a user account, and I discovered just how strong this knee-jerk response is for some people.

Don’t get me wrong: some times using one of the built-in accounts is a bad idea.

For example, if your service account requires more than the most basic privilege for your software to run, you definitely don’t want to use a built-in account. If you ever find yourself adding a built-in account to the local Administrator’s group, you know you’re in trouble. Why? Well, for one, the built-in accounts have no passwords. Moreover, you can’t even assign a password. You’ll get an error.

Holy cow. What is this business of assigning software an identity with no password, you say? That doesn’t sound too secure!

Well, there’s the rub. In fact, these type accounts came out of Microsoft’s trustworthy computing initiative right after the turn of the century. The idea was that moving forward, developers would build applications so that tasks that require high privilege go to a local identity other than the service account. This identity can be more easily locked down. Think about it. Before all our computers were networked, a computer was much easier to secure. Software that needs to use a service account to access the network or interact with other services needs to do so with a low privilege account, so that if it is compromised, the attacker gets nothing of value. The built-in accounts have permissions equivalent to an account in the local user group and no password.

I’d argue that if you’re spending time changing passwords on user accounts for software built in the last five years, you’re wasting valuable security cycles better spent doing some other security related task. Network Service: If you use it appropriately, it can increase security.

*See noted American linguist Mark Lieberman‘s post on Language Log for the origins of this popular false accusation meme.

Author: Tim Elhajj

Tim is probably walking his dog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s