It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by buddha
All firewall programs let windows do what it likes.
and you can not make the programs stop it.
I did once find a firewall that did it on XP.
but they did up dates! no you can not do it.
if you stop't all traffic.
windows installs a hook !
yes thats the name!
in every program, key board, screen.
Originally posted by staple
reply to post by abecedarian
TCP 192.168.1.100:49175 64.4.11.42:http ESTABLISHED 1324 CryptSvc [svchost.exe]
TCP is the Protocol
192.168.1.100 is the users PC on his private network.
49175 is the port number.
64.4.11.42 is the Microsoft private owned IP address.
The OP assessment is correct.
Originally posted by andy06shake
That svchost.exe can be a real resource hog sometimes, guess now we know why!
Originally posted by abecedarian
TCP 192.168.1.100:49175 64.4.11.42:http ESTABLISHED 1324 CryptSvc [svchost.exe]
192.168.*.* is a private address range, never to be directly connected to the Internet.
It is the default for nearly every home router out there.
192.168.1.100 is likely YOUR computer.
Why did you not run an IPCONFIG /ALL command just to verify?
So you're raising fear in people because your computer talked to itself?
No more fear, uncertainty and doubt, okay?
edit on 7/15/2013 by abecedarian because: (no reason given)
Originally posted by ispyed
OP I think it is a bit out of order for you to encourage people to turn off cryptsvc.exe. People will not be able to update their WIN boxes. This is a bit irresponsible.
See link: maximumpcguides.com...
I am like others concerned at the authoritarian behavior of Governments especially the USA and the UK.
As far as back doors go here is the plan: www.eff.org...
The FBI are "bigging it up" how they "go dark" on some suspects. (Lying bastards)
Originally posted by JBA2848
reply to post by sean
And I am interested in the second key for Microsoft. The one that used to be named NSAKey. Microsoft says they have never used there second key. I wonder if there is a way to track if the second key has ever been used by the NSA or anyone else?edit on 15-7-2013 by JBA2848 because: (no reason given)
Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Originally posted by SonOfTheLawOfOne
OP, this thread is way off-base...
The Crypto service is required by Windows for updating the OS, and the reason it talks to Microsoft's servers is to make a simple service call to validate the hash of certain assemblies against the Microsoft version, in an attempt to protect your operating system from someone taking over system-level libraries with their own.
For example, kernel32.dll - a core piece of the Windows OS, can be compromised by a malicious attacker to act as a proxy to your operating system. It's an easy way to Trojan your box without you knowing it, also known as rooting it. Most Windows services are hacked this way by malware and virii.
The Crypto service verifies that your libraries are up to date for specific services, not for anything nefarious, and connects to keep other services up to date that depend on those core operating system libraries. You NEED this service for any kind of SSL connections to websites, and it's been around for a very long time without any issues.
There are good reasons for the Network Service account not being available for use, but that's a different topic.
Bottom line, you're incorrect and making WAY more out of your discovery than you realize. Network admins and programmers have long known about these things, and anyone with Fiddler or Wireshark or Netstat can see what's happening, it's not nefarious.
Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Source
I'm not saying that it isn't possible for it to be exploited some day, but so far, it hasn't been, and there are plenty of hackers out there who have found every known exploit under the sun. IF this were one of them, it would have been closed up a long time ago, or exploited many times over.
By making people believe this is a BAD thing, they will turn around and try to disable it, making them 100000 TIMES MORE VULNERABLE!!! I strongly recommend that NOBODY do this.
~Namaste
Originally posted by sean
How is it way off base? I am just showing people that connections happen all the time with or without their knowledge. I am not saying this is a backdoor in this case, however and many viruses that do gain remote access use such ways. I know exactly what the service does, just like you said and what it's used for. You're preaching to the choir. You don't even find it odd in the slightest that a crypto service is connecting to a unencrypted server to send/receive data??? Not saying it's a back door but this connection should in the least be investigated for security risks. Who's to say I can't intercept and inject my own nefarious code??edit on 15-7-2013 by sean because: (no reason given)