Security

Safety risk

Confidentiality, integrity, availability and usability

RunAsRob, RunAsSpc and RunElevated help in a lot of different workarounds and can make a system safer,
because you can reduce administrator privileges or you can update and patch a system and its environment by a simple way to close a security hole fast and uncomplicated on a vulnerable system.
Please note that start an application under another user context than the logged in user
or a reversible encryption, which is needed for the option, start an application from an encrypted file, are both generally classified as unsafe.
Consider that processes running from the main process inherit the permissions. This generally useful property can be unwanted in some cases.

These runas tools use extended validation code signing Certificates to prevent code manipulation or injektion.
AES encryption, debug protection, changed passwords, hidden algorithms are implemented
and they need no internet connection, but the tools are like a Swiss Army Knife.
In this extensive function they cannot have any security level.

There is no secure software and you get no serious warranty without exception from a security services provider,
you can just figure out a best balance between confidentiality, integrity, availability and usability.
To find the best balance you need knowledge about the software you use and its chance and risk. If you need more knowledge about these runas tools, send your question to runas@robotronic.net.

The more complex a software, the more trust you need in it and the more disastrous mistake you can configure.
RunAsRob, RunAsSpc and RunElevated are small with a clear architecture for an easy integration in Windows.
By combining the tools with Windows user groups, file and folder permissions, central policies or active directory organization units you can set very detailed privileges.
You don't need any training or another company to integrate these tools.
Alternatives are big software solutions with an own privileged access management.
Privileged Access Management PAM is a strategy to protect organizations by controlling user privileges, credentials, software, its usage and function.
See different PAM solutions on: Privileged Access Management
It is recommended to engage a Managed Security Services Provider (MSSP).

If you have any advanced questions please contact runas@robotronic.net

Known security bugs

Universal encryption key is used in RunAsSpc 4.0

Specification on Mitre CVE-2022-26660

RunAsSpc 4.0.0.0 use a universal and recoverable encryption key.
In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used, because encryption key is universal.
Recovery of the password used for encryption can used for Identity theft and privilege escalation.

Vulnarable is notified on 2022-03-01.
Thanks for the responsible disclosure to the cyber security team INTRINSEC
intrinsec.com

Solutions


Date: 2024-02-02
Data protection
Imprint