Do you sometimes wake up at night from a bad dream of ruthless hackers
somehow breaking into your company's PCs?
The nightmare may not actually be coming from outside your enterprise. If
your company has PCs that are open to the public to use, or machines
that more than a single employee has access to, the threat may already
have walked in your front door.
Consider the following cases:
• Every key you press.
Police last year arrested a man who had installed keystroke-recording
software on public-access computers at 13 Kinko's copy shops in
Manhattan. Federal prosecutors said he'd returned to the shops for
almost two years to collect any credit-card numbers or passwords that
other users typed while logging in to various online banking
or e-commerce services.
• A higher education.
In a separate indictment, the personal information typed in by more
than 4,000 individuals was allegedly recorded at Boston College by a
student who'd introduced key-logging software into more than
100 computers around the campus.
The Risk of PCs with Multiple Users
Even if your company isn't a library or an Internet café where
strangers can walk up to any number of workstations at will, you're
at risk. That's especially true if your PCs are in cubicles in an
open floor plan, you have workstations in a training room, or you
have machines that are used by different people during the day and/or
the evening.
Windows and other operating systems provide some tools to keep
sensitive information private, but these capabilities leave something
to be desired. For example, even if you implement Microsoft's user
login scheme, much of what one user does is visible to and affects
other users. Installing a new application for one user, for example,
usually makes that application — and the documents it deciphers
— available also to other users when they're logged in.
Protect and Verify
Into this maelstrom comes a new solution: FSLogic Inc.'s Protect 1.0.
This product, which sells for $58 to $80 per workstation (depending
on quantity), is software that installs on PCs, enhancing Windows' own
privacy protection with a much more robust version:
• No user overlap. When one user logs onto Windows after FSLogic
Protect is installed, any changes he or she makes are kept in a separate
storage area of the hard disk, unavailable to other users who log on.
Documents written by user A are not visible to user B, and applications
that user B installed are not visible to user A. This solves the
keystroke-logging software problem described above. The person who
installed the malicious program would see only his own keystrokes.
• True user persistence.
When an authorized user logs in on a PC after a long absence, he or she
sees the same set of applications, documents, and icons that were available
at the last logoff. This is true even if other users have made extensive
changes to the system in the interim.
• Rollback. Once the Protect application is running, users
can restore a previous configuration if a serious error occurs. This
guards against computer programs that cause conflicts when installed
for the first time.
Know Your Weaknesses
Protect uses a patent-pending technology called File System Layers
to work its magic. The program acts like a driver for the Windows file
system. It takes control of file-access functions even before Windows
has fully loaded. This allows Protect to decide who can and cannot
see which applications, files, and preferences.
Protect isn't infallible, however. Once you install it on public-access
PCs, you still need to take steps against threats that the software was
never designed to prevent:
• Boot Setup. A PC booted from a floppy disk, a CD, or a DVD
can reveal the contents of its hard drive if the removable disk
contains an operating system and a means of reading the hard drive's files.
You can configure the BIOS chip in most PCs to disable booting
from these removable media. But a malicious person can undo your BIOS setup
changes by accessing the setup routines later. To prevent changes to the
BIOS setup, you must password-protect the setup routine, which is a feature
that not all PCs have.
• Keyboard Dongles.
Although Protect would prevent a malicious person from capturing other
user's keystrokes with a software program, it can't guard against
hardware changes. Small plug-in devices that look exactly like the
connector end of a keyboard cable are widely available. The rogue user
simply plugs this little device into the keyboard port and comes back days
later to remove it and see every
keystroke that anyone typed. You can prevent this by sealing off access
to the back of your PCs by unauthorized people. You may wish to preserve
access to USB and FireWire ports on such machines for multimedia access,
however, since those ports usually can be configured as non-bootable.
• Hard Disk Removal.
In a more difficult physical exploit, the attacker unscrews a hard
disk from a computer case and slips it out of the building for later analysis
at leisure. This wouldn't be common in a place where trusted individuals
could see and question such disassembly taking place during working hours.
But in open-access areas where your PCs aren't constantly watched, you
must lock the PC cases or lock the PCs themselves inside a secure room or
cabinet.
The latter scenario, in which a person walks out with a hard drive that's
been unscrewed from its case, wouldn't be a security concern if Protect
encrypted all of the data in its File System Layers. Jared Blaser,
the CEO and a co-founder of FSLogic, says Protect 1.0 doesn't yet do
that. But he adds, "We're planning an encryption capability in version 2.0,
which is nine months off."
Conclusion
While recognizing the many different ways that unscrupulous users can
steal data they're not supposed to see, it's important to recognize what
Protect does well. It allows different users to use the same PC without
one user being able to see what another user has typed. And it allows
software to be installed by one user without it affecting the configurations
of other users, even if a setup routine goes awry.
More information on Protect is available at
www.fslogic.com.