Exploiting and Abusing Netscape Navigator

[Tim Kambitsch]

Bob Menk wrote recently to Web4Lib about a common problem with public web
stations:

> Next patron sits down to discover multiple offensive 
> open Netscape  windows that had been hidden behind an 
> inoffensive window, gets angry etc.
> 
> Anyone have suggestions as to how to easily clear all those
> multiple sessions between users?
> 

Here's a  summary of our environment that attempts to deal with his problem
and other public web station issues.  I've been meaning to document this for
awhile, so here's a draft even though I've left most of the details out:

(This is a really long posting):

Exploiting and Abusing Netscape Navigator
By Tim Kambitsch, Dayton & Montgomery County Public Library
v0.9  3/13/1998

Systems and PC managers spend a lot of time trying to keep their public
workstations running.  We have found that Windows NT Workstations using
mandatory roaming profiles have been successful in controlling the desktop. 
We use Netscape Navigator as custom shell instead of the Windows shell to
eliminate the start menu, the desktop, and the desktop. The
MS Zero Administration Kit tool runapp.exe is used to restart the custom shell
when users quit Netscape.

However, there are plenty of problems just with running Netscape in an public
environment.  The following outlines the tools we use to control out public
web stations and the steps we followed to secure Netscape and deal with some
of the behavioral problems of our patrons.


Tools:	Netscape Navigator V4.04 standalone
	Netscape Communicator Professional Edition
	Netscape Mission Control
	Microsoft C++  Resource editor
	

Part 1.  Hack Netscape Navigator V4.04 Standalone.  

V4.x is different than V3.x in that menu and dialog box resources are not in
the netscape.exe file.  There is a hidden file called resdll.dll in the
Netscape Program directory that you edit using Microsoft's C++ resource
editor.

Don't have C++?  Buy it! Its only $120.00 at Academic pricing (which applies
to public libraries) and worth many times that amount.

Don't know how to program?  Don't worry.  I couldn't program my way out of a
paper bag.  The resource editor shows you the dialog box or menu and a few
rights clicks will allow you to delete or gray out any menu item or button on
a dialog box. I believe others have documented this to the archive, so if you
really need help, look there.

Edit out the "New Window" menu option on the "File menu", and while you are at
it, edit out the "Open Page" and "Preferences" and other problematic Netscape
menu items.  I was pretty reckless and nuked lots of things.  I even edited
the Print Dialog box to tell people to be patient when printing.  

While stopping people from opening up new windows at will won't stop them from
having additional windows opened for them by the sites they visit, it will
help some in keeping patrons from hiding prohibited content behind "safe"
screen.


Part 2.  Further your "control" of Netscape with Mission Control

Netscape's Mission Control program is not cheap, but the $350.00 you have to
pay for it will be worth it if you have more than a few dozen machines.  With
it you can further modify the user environment.  For instance you can modify
the URLs that pop up when someone clicks on the "Guide" icon.  

Mission Control allows you to set just about every preference conceivable. You
can modify all the parameters, such a proxy settings, cache size, home URLs,
and Mail settings, followed link expiration. The output is a customized
Netscape.cfg file that you can then drop into the Netscape Program directory.
The neat part is that you can lock the settings to they cannot be changed by
end users. 

Part 3.  Use Auto-Admin feature of Mission Control

Where Mission Control really shines is in the "Auto- Administration" feature. 
This feature allows you to put all of the configuration information into a
javascript web page. The browser then loads this page at startup.  As a
result, the Netscape.cfg file only stores one configuration setting:  

"Go to the specified web page and get all the configuration and preferences
from there."

The great thing about this, is that you can make changes to your configuration
in one file and all your public machines will download those changes the next
time the program restarts.  Since this is a simple text file, I can even
telnet to my web server and make modifications that affect all of my public
machines.  I don't have to visit my 21 branches make changes.

Here is a sample set of settings that we use here in Dayton.

        userPref("browser.window_rect", "0,1,637,478");
        lockPref("browser.download-directory", "C:\temp\");
        lockPref("general.startup.mail", false);
        lockPref("general.startup.news", false);
        lockPref("general.startup.editor", false);
        lockPref("general.startup.netcaster", false);
        lockPref("general.always_load_images", true);
        lockPref("network.hosts.skey", false);
        lockPref("network.cookie.cookieBehavior", 0);
        lockPref("network.warn_cookies", false);
        lockPref("network.cookie.warnAboutCookies", false);
        lockPref("browser.startup.page", 1);

You can guess what most of these settings do. If not, visit:

	http://developer.netscape.com/

There are over 200 different settings I can control this way. I particularly
like, the "browser window rectangular setting" that allows me to control the
size and position of the Netscape Browser Window when users start it up
(regardless of how the previous patron left the window.) 

Another setting I like is:

	config("autoadmin.refresh_interval", 30);

This tells Netscape to reload the preferences every thirty minutes.  

You may ask "Why do that?"

Our library has a rule that users are limited to 30 minute sessions.  So after
30 minutes the preferences are reloaded.  Since Netscape's configuration file
is just javascript, I can add some other bells to the configuration.  Here is
an alert dialog box that comes up when the program starts again after 30
minutes:
               
alert("Internet Sessions are limited to 30 minutes while others are waiting. 
Please quit Netscape to preserve your privacy.)"

The user isn't disconnected.  So they can acknowledge the message and ignore
what it asks, but it does reinforce what our staff attempt to tell patrons
about quitting Netscape when they are finished.

You may notice that some of the configuration settings start with "lockPref"
and others are "userPref".  This signified which settings you want locked and
which you want users to be able to control.

Important -- Undocumented Feature!

Netscape says that the Auto-Admin feature is "only" available with Netscape
Communicator Professional Edition. But that would be a problem since the
Professional edition has all of those bells and whistles added, such as mail,
Composer, etc.

However, I found that you can get Netscape Standalone v4.x to 
take advantage of the Auto-Admin feature.  Here's how:

	A.   Download/Purchase the Professional Version
	B.   Install it in its own directory
	C.   Look in the program directory for ad3240.dll
	D.   Copy that file to your public workstations
		and place in the Standalone version's program
		directory.

You don't need anything more from the Professional Version on the public
workstation.  I was so surprised when I found this works.  I wonder why
Netscape doesn't support it?



Part 4.  Use a bogus proxy server with special purpose computers.

This is really optional, but an interesting application anyway.  

We have a number of workstations that we dedicate to bibliographic and full
text databases.  We want a few machines to be available for people wanting
magazine articles from our premium databases (while the rest of our
workstations are being used for "entertainment purposes.")  The challenge is
that all of these databases are web based and we don't want to keep policing
them.

So the solution was to use the tools mentioned above to create an even more
restricted version of Netscape that doesn't have any outside links. Even the
Pulsing "N" doesn't do anything. The Navigator menu is gone, the Window Menu
is gone. We have the configuration file set to locked with location bar
hidden.  

Still patrons want to surt the world can search to find links from one site to
get to another, to get to somewhere else. So we added the following to our
javascript configuration file.

	 with (ProxyConfig) {
                       function FindProxyForURL(url,host)
                       {
              if (isPlainHostName(host) ||
                dnsDomainIs(host, ".epnet.com") ||
                dnsDomainIs(host, ".elibrary.com") ||
                dnsDomainIs(host, ".hannah.com") ||
                dnsDomainIs(host, ".searchbank.com") ||
                dnsDomainIs(host, ".iacnet.com") ||
                dnsDomainIs(host, ".ohiobiz.com") ||
                dnsDomainIs(host, ".gale.com") ||
                dnsDomainIs(host, ".sirs.com") ||
                dnsDomainIs(host, ".roth.com") ||
		dnsDomainIs(host, "www.dayton.lib.oh.us"))
                             return "DIRECT";
                        else
                             return "PROXY dayton.lib.oh.us"
                       }
                     }

Without going into a lot of detail, this piece of javascript requires the
broswer to test the domain name of the desired site against the list of
domains listed above. If its one of our approved database vendors then they go
directly to the site without using a proxy server. 

If they attempt to go anywhere else, the browser attempts to pass the request
off to the specified proxy server.  But in reality that host isn't a REAL
proxy server! So the request fails.  The bogus server name needs to point to a
web server so an 500 error message is returned immediately, but any server
will do.

In version 1.0 of this document I'll discuss runapp and roaming profiles.

Tim

Tim Kambitsch,
Dayton and Montgomery County Public Library
kambitsch at dayton.lib.oh.us