In a world where anything can be hacked, I want to add an additional line of defense. Specifically, I want SyncroLive and Splashtop services to be off by default and I’ll switch them on via script when I need remote access.
I thought this would be a simple script: net stop SyncroLive
That works for a few minutes until the service is started automatically. So, does Syncro include a watchdog that I also need to disable?
Splashtop isn’t installed unless it’s enabled in the policy. Syncro’s Backgrounding Tools are a critical component and you can’t implicitly turn them off.
I played with this a bit before. As Andy said, you would break other features in doing this. And Syncro will try to repair itself and fill log files with errors trying. It’s unfortunate the remote capability can’t be easily un-intertwined (it was acquired, not developed from scratch). I’m not sure how much of a security risk it really is though. If an attacker managed to get access to it, they’d probably have access to the rest of Syncro also and the remote access would be inconsequential at that point, they could do anything they wanted.
Thank you for the feedback.
I agree, if someone gains access via Syncro, they have full access. I was thinking more along the lines of reducing the attack surface in case of an unknown exploit. Since I can’t disable the background tools, I’ll just add some “alert the boss if…” style monitoring.