“Microsoft’s free Shared Computer Toolkit lets you configure a PC that can be used to search the Internet, look up resources, and run approved programs; it also stops users from making permanent system changes, running arbitrary programs, or introducing malware. Administrators on domain-based PCs have long been able to do this; the toolkit offers a similar level for any PC. You don’t need an IT degree – the kit leads an administrator through the steps of locking down a system.”
Finally microsoft has released a toolkit to secure the windows machine. This is the right path to take to win the minds of PC users back from other OSes.
Still they could have made it a bit easier though.
Microsoft thrives on complexity.
Edited 2005-12-29 23:51
The toolkit just addresses one of the reasons people look to other OS’s.
Windows users cannot undertand this until they “use” Linux. I don’t just mean install it and click around for a day or two. I mean REALLY learn the ins and out of it.
I will never go back to using Microsoft products at all. If I ever get bored with Linux, and all the applications for it, I will go the OS X route.
“Windows users cannot undertand this until they “use” Linux. I don’t just mean install it and click around for a day or two. I mean REALLY learn the ins and out of it.”
MOST users don’t have the slightest desire to learn a damn thing about the “ins and outs” of computers. They are little more than a “tool” to allow normal users to perform the task at hand.
You are falsely making the assumption everyday users give a flying f–k about what makes a computer do what it does….. THEY DON’T.
While all this computer shit is fascinating to those who are highly interested, it’s meaningless to those who are not.
[/i]MOST users don’t have the slightest desire to learn a damn thing about the “ins and outs” of computers. They are little more than a “tool” to allow normal users to perform the task at hand. [/i]
And that is exactly why Windows is in the state it is. People should be FORCED to learn about the systems before they are let loose with them.
What – in special Microsoft training camps? Hey – you could model them on Guantanamo Bay!
As long as you have physical access to a computer, it’s not indestructible, [not in the sense that I could use a hammer to trash it], because you can always try to reset it and boot from another medium, change administrator password, change the data on the WDP partition, discover bios password, etc.
Also, from experience I have in semi-locked down windows environments, either you disable lots of stuff and don’t let the user really do nothing but use internet explorer or something like that, or some of windows protections can be fooled, one way or another.
This is nothing new, but as the article points out, at least now it’s easier to setup, but it’s kinda of an hack using this WDP partition: “When WDP is active, it takes control of all programmatic requests to read or write data to the Windows drive. The write requests are trapped and stored without changing the drive itself.” — what the hell? Instead of really not allowing an app to change something (and save everything in ram/temp folder deleted on logout) and using a temp profile, you log what the user does and undo it? It’s too much of an ugly hack, it seems, and the need of an extra partition to do a simple thing like this is another example of the pile of quick “shortcuts” microsoft keeps integrating into windows.
“but it’s kinda of an hack using this WDP partition: ”
This is the same principal some CD based linux distributions use, except I seem to remember at least one of them will write the session to the CD at the end of a session rather than discarding them.
However, if you have to use windows, (And I have to admit for specialist tasks such as public access internet areas, it wouldnt be my first choice), it seems to be quite effective.
Any changes from Viruses and other Malware wouldnt survive reboot unless they specifically knew what they were attacking, AND knew how to work around it.
However, it seems to be a tacit admission that NTFS’s security model can be worked around by those dedicated enough. Which makes we wonder exactly how.
As for the second post about booting from other media:
Its pretty easy to lock down a machine so it will only boot from the HD. Yes, you can reset the BIOS password, but i think someone may query you taking the back of the machine, and this can be prevented by case locks anyway (Certinly everything I have seen from Dell recently has come with easy padlock attachment points.)
If you make your own, or have a pile of donations, you can put a hole through the top lip to put a padlock through. Personally I would remove the CD drive and floppy drive as well (If anyone still bothers with such things as a floppy drive).
I think the better “way” would be to do exactly how other linux distros do it: create a ramdisk and programs just write to it, and when you log off all changes are lost. I just don’t get the *need* for another partition, if there are other (simpler) ways.
Also, if you are using a bug or something to gain higher access than you are allowed, what’s preventing you from tricking WDP from thinking your are and administrator logging in and turning it off? And if your WDP partition fills up with logged changes, what then?
Also, reading the rest of the article, it prooves again the kind of hack it is:
“If you decide to uninstall the toolkit, you’ll want to be very careful.[…] Before uninstalling, you must work backwards through the steps in the Getting Started applet, turning off WDP and undoing the restrictions for all accounts. Only then can you safely uninstall.
You might think it would be easier to uninstall the toolkit by restoring an earlier drive-image backup, but even here you need to act with care. WDP uses a nonstandard configuration for both the main partition and its data storage partition. If your drive-imaging tool supports it, you’d have to delete both partitions and restore the image into the resulting free space. You’d also have to configure the tool to restore the Master Boot Record and mark the restored partition as active.”
“You might think it would be easier to uninstall the toolkit by restoring an earlier drive-image backup, but even here you need to act with care. WDP uses a nonstandard configuration for both the main partition and its data storage partition.”
Systems configured with this application are task-driven and built for a specific task. It’s was never intended to be something you would install at home, just to dick around with.
In other words; Uninstalling the shared toolkit would seem a technical exercise for those with entire too much time on their hands. The intended audience for this toolkit certainly isn’t going to attempt to uninstall it, shy of an MBR wipe.
Ah yes, there is always the higher level of function as written in the Tao, book 8 Hardware and Software, chapter 2;
ROFL – Right (sarcastic laugh)! Is anyone REALLY supposed to believe this. A secure version of Windows? I mean one that does have an internet connection and one that is actually in use? That just kills me. Please stop, my sides feel like they are about to rip apart.
I’ve got another one. I’ve got 5 million acres of prime real estate to sell you just east of Miami. Oh, and the Brooklyn Bridge? Yep, I’m seeing that too. ROFL
Well, if it’s not a bug in some critical component like a service, then this will work by eliminating simpler things like browser hijacking and such, just because it resets the profile every time the computer is restarted.
If its really eating *all* writes, then infection of a critical service wouldnt survive a reboot, cos it couldnt write it to disk *Unless* the virus involved knew exactly what it was attacking AND how to get around it.
Some of you are missing the point … yeah, it’s possible to get around this, as someone mentioned. You know, boot off a different medium, crack the Admin password, reset the CMOS …
That isn’t the point. The point is that the system is *safe* from the typical moronic user, or even from the public if this was a kiosk setup. You’re not going to find some guy throwing a Linux CD in and resetting the CMOS via the motherboard jumper *in a mall where the guy who supervises the kiosks is standing right there*.
Holy crap. Think, will you?
Well, if you’re at the mall of course you can’t do that kind of thing, but what if you’re in a public library or school? Popping in a cd or usb-drive doesn’t seem at all out of place. And that’s just an example. Shared pc’s aren’t always *that* public.
Still missing the point or not thinking.
On a shared PC that you wanted to make secure I’m presuming even the most idiotic monkey brained admin would set up a PC without a floppy drive or CD-ROM. It’s not hard (too hard for some of the intellectuals posting here though).
Or at a minimum, disable access to floppy, serial, parallel, USB, CD-ROM. Then disable access to BIOS. How hard is that? About 2 mins work.
Most libraries have digital cameras fixed at all access points. Our library has Dell computers that do not have either a floppy or a cdrom drive. Strange.
I have found an alternative approach that seems just as secure. I run Win XP in a virtual machine using VMplayer and then use a thin client to remotely display the desktop that is of course a guest user. It is locked down in that there are no apps to run besides IE6. I of course have a vm snapshot made; if there is a problem I just use the snapshot.
So far it works very well and saves on electricity and space. In theory, a library or whatever public place could run up to 16 Win XP VM’s using 4gigs of shared memory on a powerful server using thin clients.
Most libraries physically lock the cases away in cabinets under the desk, or don’t put floppy/CD-ROM drives in the systems altogether.
“Most libraries physically lock the cases away in cabinets under the desk, or don’t put floppy/CD-ROM drives in the systems altogether.”
You know that, and I know that….. But it sure spoils the fun and adventures of those who don’t.
You would have to be totally stupid and just recieved a cash enema to use anything beyond a simple flash device much less an entire pc on a simple kiosk in the first place, what are you thinking?
What are *you* thinking? What do you think those monitors with branded Internet Explorer and an XP start menu are running on that you see in the mall where ISPs are peddling their wares? Off a flash device?
f–ktard.
Xscale or dragonball, maybe transmeta crusoe on a 3×5 single board sandwich flash device running Windows CE of course, what a dumbass. Ask whoever boots and logs your pc in for you.
You should be banned from OSAlert, Linux Is Poo.
Did I hurt your feelings?
There there, now.
I setup a system to run as a kiosk with this a few weeks back to run at a trade show. I was more than satisfied with the results, and so were the users.
There were no configuration options remaining, no restart/logoff options, no run options, and way to get to a prompt. We locked the cpu in a cabinet with fans, and offered access to only the display, keyboard and mouse.(had to power down by switch to shutdown)
A few hundred people (likely) used the system, and it ran the same when I got it back as it did when I send it out.
Nothing is perfect but for what I used it for, it was close enough.
Sort of reminds me of the KDE kisok kit.
http://developer.kde.org/documentation/tutorials/kiosk/
I am already doing this at the school where I work. I am using a product called DriveShield which does what WDP does. Only, the password for the service is not tied in to the OS. So I can give the local user full admin rights, and they cant change anything. Beats having to reimage after a user gets done screwing things up.
Wouldn’t an indestructable PC be one that:
Is fanless, including the powersupply
is a thin client that netboots and saves user files + profiles onto a USB drive?
as long as the system is complex enough, it will almost never be secure. if it is by design secure, the system has now complexity. it is too simple and not very usefull. this belongs to all systems.
(-> goedel)
What about attaching files to e-mails? Could give you access to the harddisk and since allmost everything is executable….
I’m actually planning to put this on my uncle’s computer tomorrow… He’ll never need admin access and my little cousin is always dicking around and installing spyware-laden games. Now my cousin can install the games and it won’t affect a thing! Woot! indeed.
I’ll report back in a few months to tell how it all worked out.
Before you do this ask your uncle if he ever saves files to the hard disk! If he ever writes a word document with the intention of saving it then with this thing he won’t be able to. Neither will he be able to use a local e-mail client like outlook from one session to the next as the e-mail client won’t be able to write to its database. Nor will he be able to save internet bookmarks in his browser etc etc etc. This isn’t a tool to prevent kids messing up home PC profiles.
I understand, but it’s also pretty configurable. I would assume it lets you set simple options such as the ones you’re talking about.
Unfortunately, I probably won’t be setting this up for some time now anyway, but when I do I’ll report my experiences.
I myself have tried to make a very locked system and very secure out of windows (using “users” group, choosing hisecu security template and apply it through group policy object editor and installing a firewall and an antispyware and parenternal control software, and edited the GPO manually,registry tweaks,….and many many more)
BUT finally I got sick of all of this when people I do it for them always ask me to unlock features for them and to make windows more productive; I finally had it and started to run highly respected Linux OS like RHEL for those people and finally I didn’t hear any complains about it. They could browse the internet, chat, write letters, print, watch movies listen to audios (of course after installing Xine with w32codecs) and do almost every thing without crashes viruses, restrictions or any complains
that’s the way I’ve gone it when I’ve lent a machine to a ‘public computer day’ (introducing people to the internet) in our neighbourhood about four or five years ago – just used one of my Linux boxes running KDE. Nobody noticed the difference between mine and the other machines – except the guy running the event. After about an hour I found him staring at my screen (which was in use by a member of the public) – he turned to the guy (a retired coal miner) who was having the time of his life Googling up sites on local history and said “Wouldn’t you prefer one of the other computers?”, and received a baffled look, and a “No – this ones got a nice big TV on it, and it’s easier to read.”
Technological prfeerence reduced to the size of the monitor – fair enough.
Haven’t tried either, but FreezeX and DeepFreeze, think they are now renamed as anti-executable, seemed interesting.
http://www.faronics.com
Hey, cool. Thom Holwerda is now more insecure than Windows. Maybe he could get a similar add-on, like a psychiatrist. Unless his kernel is so unstable it needs a personality rewrite. Maybe he should upgrade to Linux. OK, so Linus is an ass, but he’s got a cooler chick. Must be doing something right.
Not to start anything…
OS X 10.2 could do this…
Oh, and… it’s only about 3 clicks…. BAM