[WEB4LIB] IKiosk Security Lapse

Denis F. Kirk dkirk at winselect.com
Fri Oct 30 16:44:45 EST 1998


Jeff,
This problem was addressed about 3 months ago.
We now supply a solution built into the WINSelect
AutoConfiguration file (wsauto.wsx). The file comes with 
the software and can be downloaded from our WEB site at;


http://www.winselect.com/products/download_wsauto.htm

To implement the solution use the Import function under Tools and 
Click on the WSAUTO.WSX file. This will display a list of Browsers. 
Select the item "Prelogin Task Manager 4.00.47 (disabled)" from 
the bottom of the list and save the changes.

This will not prevent the TaskMan Dialog Box from 
appearing but all the functions will be disabled.

Denis F Kirk



At 08:14 AM 10/30/98 -0800, you wrote:
>Greetings From Fairest NJ:
>
>I've been using Winselect Policy / Kiosk 3.3.1 on our public Internet
>PC's to good effect for some
>time now.  However, our ever-curious teenagers have (unwittingly)
>brought the following security lapse to my attention:  if you reboot the
>PC, when Windows 95 (or 98) starts up again you can click repeatedly
>with the mouse where the "Start" button
>eventually shows up.  This easily brings up the Task Manager.  From
>there you can choose "Run Applications."  A default box comes up.  If
>you ignore this box and  choose "Browse," a new box comes up. You cannot
>enter a pathname into this browse box, which is as it should be, since
>access to the hard drive has been turned off. But if instead of choosing
>the "Browse" option, you stick with the first, default box which
>appears, you CAN enter a pathname, e.g. "c:\command.com."  And into DOS
>we go.
>
>I suppose you could also bring in "command.com" on a floppy and upload
>too, if you allow access to the A: drive.
>
>Thought you should know.  I've brought this to the attention of Hypertec
>(http://www.hypertec.com).
>
>Cheers,
>JP
>
>--
>Jeff Papier
>Network / Internet Librarian
>South Brunswick Public Library
>Monmouth Junction, NJ
> 



More information about the Web4lib mailing list