👉 Overview
👀 What ?
Windows Integrity Levels (IL) is a security component of Microsoft's Windows operating system, which is designed to prevent unauthorized access to system resources. It is a part of Windows' Mandatory Integrity Control (MIC), a core component of the Windows security model. At its most basic level, an IL is a label that is assigned to an object (a process, a file, a registry key, etc.) that specifies the trustworthiness of the object. The ILs range from 'Low', 'Medium', 'High', to 'System'.
🧐 Why ?
Understanding Windows Integrity Levels is crucial as it is an integral part of Windows security model and plays a key role in limiting the potential damage that can be done by malware or a hacker. By assigning an IL to every object, the operating system can prevent a lower-integrity process from modifying or interacting with a higher-integrity object, thereby limiting the potential for malicious activity.
⛏️ How ?
To view the integrity level of a process on Windows, you can use the built-in 'Process Explorer' tool. In the 'Process Explorer', navigate to 'View' > 'Select Columns' > 'Process Image' tab, and check the 'Integrity Level' box. To change the integrity level of a process, you can use the 'icacls' command-line utility, although this should only be done by experienced administrators as it can have significant implications for system security.
⏳ When ?
The concept of Windows Integrity Levels was introduced with Windows Vista in 2006 and has been a component of all subsequent versions of the Windows operating system.
⚙️ Technical Explanations
Windows Integrity Levels (IL) is a crucial security feature in the Windows operating system that helps protect system resources from unauthorized access. It is part of the Mandatory Integrity Control (MIC), a core component of the Windows security model. An IL is essentially a label assigned to an object, such as a process, file, or registry key, indicating its trustworthiness. The ILs range from 'Low', 'Medium', 'High', to 'System'.
Understanding ILs is of utmost importance as they significantly limit the potential damage that can be caused by malware or hackers. By assigning an IL to every object, the operating system can prevent a process with lower integrity from modifying or interacting with an object of higher integrity, thus restricting potential malicious activities.
The ILs are technically implemented as an attribute of a security access token. Each process is assigned a token when it starts, and the token's IL is then used by the access control mechanism to determine whether the process should be allowed to access a particular object. The determination is made by comparing the IL of the process with that of the object. If the process's IL is lower than the object's, the process is denied write or delete access to the object. This mechanism is a salient part of the Windows security model as it can prevent a compromised process from altering system files or other critical resources.
To view or alter the IL of a process in Windows, tools like 'Process Explorer' and 'icacls' command-line utility are used. However, changing the IL should only be performed by experienced administrators due to its significant implications for system security.
The concept of Windows Integrity Levels was first introduced in Windows Vista in 2006 and has been an integral part of all subsequent versions of the Windows operating system.
For example, suppose you want to see the integrity level of a specific process, let's say "explorer.exe". Here are the detailed steps:
- Open 'Process Explorer' (you can download it from the official Microsoft website if it's not already installed on your system).
- Go to 'View' > 'Select Columns' > 'Process Image' tab.
- Check the 'Integrity Level' box and click 'OK'.
- In the main window, you'll see a column named 'Integrity Level'. Look for the 'explorer.exe' process and you'll see the integrity level assigned to it.
Now, if you want to change the integrity level of a file using 'icacls' command-line utility, you can follow these steps:
- Open the command prompt as an administrator.
- Navigate to the directory where the file is located using the 'cd' command. For instance, if the file is in the 'C:\Users\YourUsername\Documents' directory, you would type
cd C:\\Users\\YourUsername\\Documents. - To view the current integrity level of a file, type
icacls FileName.extension. For example,icacls test.txt. This will display the current permissions of the file. - To change the integrity level to 'Low', type
icacls FileName.extension /setintegritylevel L. For example,icacls test.txt /setintegritylevel L.
Please note that changing the integrity level of a file or process can have significant implications for system security, so it should only be done if you have a clear understanding of what you're doing. Always be sure to back up your system before making any major changes.