Hacker News new | ask | show | jobs
by codeinstyle 2633 days ago
From Microsoft’s blog post:

Inspecting MateBookService.exe!main revealed a “startup mode” that revived the service if it’s stopped – some sort of watchdog mechanism meant to keep the Huawei PC Manager main service running.

I agree that it’s hard to prove malice, but why should any PC management software go out of their way to ensure that it never gets shut down?
2 comments
monocasa 2633 days ago
...because it's the hardware management service and if it goes down you're no longer managing the hardware?

Like this stuff is usually designed by EEs and they love their watchdogs at all levels. Having a watchdog is very standard for this stuff.

link
codeinstyle 2633 days ago
>...because it’s the hardware management service and if it goes down you’re no longer managing the hardware?

I’m no expert on device drivers but to my knowledge, Windows already allows you to manage devices and install drivers through Device Managers.

Then if drivers are already installed for the various devices and hardware components, what exactly is the hardware management service managing on top of the individual drivers?

I am asking this as the only plausible reason to be doing this (at least for me) is if Windows isn’t providing enough tools for device management that needs coordination between the hardware components on the machine, so I would appreciate someone with more knowledge to shed some light on the subject.

link
monocasa 2633 days ago
Device Manager only handles kernel drivers. Best practice is to put as much as possible into a highly privileged, but still user mode process so it can crash without bluescreening your system. If you assume that this code can crash (hence why it was delegated to user mode in the first place) it makes sense to code in a resurrection capability.
link
zaphirplane 2633 days ago
Windows services have a restart if I crash mode, why wouldn’t that be used instead. This seems about making sure the user can’t stop it from starting
link
monocasa 2633 days ago
It's a huge pain on the ass to setup right. Soft faults where the process is still running but is deadlocked don't get restarted for instance.
link
zaphirplane 2632 days ago
Same problem if you write your own supervisor except you are writing a process supervisor
link
mehrdadn 2633 days ago
Not commenting any way on the particular issue at hand, but to respond to your general question:

> why should any PC management software go out of their way to ensure that it never gets shut down?

The Windows 10 kernel itself goes out of its way to make sure the Windows update service isn't permanently shut down.

link