Security, again

Bill Moseley moseley at netcom.com
Tue Feb 4 11:47:42 EST 1997


At 09:33 PM 2/3/97 -0800, Paul Alford wrote:
>Sorry to rehash, but our institution just purchased a windows security
>program called WINLOCK

I have a hard time not responding to these security questions ;)

I assume you are talking about Winlock for Windows 95.

I have never used this program - haven't be able to download a test version
-- so I'm guessing.  But when I looked at it in the past (at their web
site) it looked as if they were implementing security using the Windows 95
registry settings.  If this is true, then there are some concerns.  If
Winlock has additional security beyond the built-in security of Windows 95,
such as file-level security, then it may be okay.

Windows 95 does offer some built-in "restrictions", but used alone they
don't provide enough security.

There are a number of security programs that are just basically an
interface for the registry settings (Winlock?). Some people recommend that
you can implement security with the Policy Editor (PC Mag).  These tend to
be bad solutions unless very carefully done, meaning more than just the
registry settings.

>after turning down my request for Fortres & IKIOSK.

That's too bad.  Fortres is quite good - they claim now to even provide
registry security, which can protect program settings from changes.
But IKIOSK is a great tool that I highly recommend for everyone.  Imagine,
you get a new copy of Netscape and it has a new menu item that you need to
disable - one minute with IKIOSK and it is done.

>like Netscape Wallpaper.

BTW - the simple solution to the Wallpaper problem is to make the wallpaper
file readonly.


>Related issue:  Has anyone developed a checklist of desirable features or
>functions for assessing security programs?  If so, can you share?

I don't want to use up more space here, but take a look at the
in-need-of-updating web pages at
http://infopeople.berkeley.edu:8000/Security/.  But basically it comes down
to:

1) protecting the boot stage of the computer (CMOS security, Virus control)
2) controlling what programs can be executed (Virus control)
3) protecting files on the hard disk from changes/deletions
4) with Win 95, protecting the registry which contains program settings
5) prevent creation of Windows startup files wininit.ini and winstart.bat

The Windows 95 registry "restrictions" don't fully provide any of these.

One place to test your security is at a file/open dialog - see what you can
do with the right-mouse, or drag-n-drop.

Feel free to email me for further discussion.


Bill Moseley
mailto:moseley at netcom.com


More information about the Web4lib mailing list