The nightmare may not actually be coming from outside your enterprise. If your company has PCs that are open to the public to use, or machines that more than a single employee has access to, the threat may already have walked in your front door.
Consider the following cases:
• Every key you press. Police last year arrested a man who had installed keystroke-recording software on public-access computers at 13 Kinko's copy shops in Manhattan. Federal prosecutors said he'd returned to the shops for almost two years to collect any credit-card numbers or passwords that other users typed while logging in to various online banking or e-commerce services.
The Risk of PCs with Multiple Users
Even if your company isn't a library or an Internet café where strangers can walk up to any number of workstations at will, you're at risk. That's especially true if your PCs are in cubicles in an open floor plan, you have workstations in a training room, or you have machines that are used by different people during the day and/or the evening.
Windows and other operating systems provide some tools to keep sensitive information private, but these capabilities leave something to be desired. For example, even if you implement Microsoft's user login scheme, much of what one user does is visible to and affects other users. Installing a new application for one user, for example, usually makes that application — and the documents it deciphers — available also to other users when they're logged in.
Protect and Verify
Into this maelstrom comes a new solution: FSLogic Inc.'s Protect 1.0. This product, which sells for $58 to $80 per workstation (depending on quantity), is software that installs on PCs, enhancing Windows' own privacy protection with a much more robust version:
• No user overlap. When one user logs onto Windows after FSLogic Protect is installed, any changes he or she makes are kept in a separate storage area of the hard disk, unavailable to other users who log on. Documents written by user A are not visible to user B, and applications that user B installed are not visible to user A. This solves the keystroke-logging software problem described above. The person who installed the malicious program would see only his own keystrokes.
• True user persistence. When an authorized user logs in on a PC after a long absence, he or she sees the same set of applications, documents, and icons that were available at the last logoff. This is true even if other users have made extensive changes to the system in the interim.
• Rollback. Once the Protect application is running, users can restore a previous configuration if a serious error occurs. This guards against computer programs that cause conflicts when installed for the first time.
Know Your Weaknesses
Protect uses a patent-pending technology called File System Layers to work its magic. The program acts like a driver for the Windows file system. It takes control of file-access functions even before Windows has fully loaded. This allows Protect to decide who can and cannot see which applications, files, and preferences.
Protect isn't infallible, however. Once you install it on public-access PCs, you still need to take steps against threats that the software was never designed to prevent:
• Boot Setup. A PC booted from a floppy disk, a CD, or a DVD can reveal the contents of its hard drive if the removable disk contains an operating system and a means of reading the hard drive's files. You can configure the BIOS chip in most PCs to disable booting from these removable media. But a malicious person can undo your BIOS setup changes by accessing the setup routines later. To prevent changes to the BIOS setup, you must password-protect the setup routine, which is a feature that not all PCs have.
• Keyboard Dongles. Although Protect would prevent a malicious person from capturing other user's keystrokes with a software program, it can't guard against hardware changes. Small plug-in devices that look exactly like the connector end of a keyboard cable are widely available. The rogue user simply plugs this little device into the keyboard port and comes back days later to remove it and see every keystroke that anyone typed. You can prevent this by sealing off access to the back of your PCs by unauthorized people. You may wish to preserve access to USB and FireWire ports on such machines for multimedia access, however, since those ports usually can be configured as non-bootable.
• Hard Disk Removal. In a more difficult physical exploit, the attacker unscrews a hard disk from a computer case and slips it out of the building for later analysis at leisure. This wouldn't be common in a place where trusted individuals could see and question such disassembly taking place during working hours. But in open-access areas where your PCs aren't constantly watched, you must lock the PC cases or lock the PCs themselves inside a secure room or cabinet.
The latter scenario, in which a person walks out with a hard drive that's been unscrewed from its case, wouldn't be a security concern if Protect encrypted all of the data in its File System Layers. Jared Blaser, the CEO and a co-founder of FSLogic, says Protect 1.0 doesn't yet do that. But he adds, "We're planning an encryption capability in version 2.0, which is nine months off."
While recognizing the many different ways that unscrupulous users can steal data they're not supposed to see, it's important to recognize what Protect does well. It allows different users to use the same PC without one user being able to see what another user has typed. And it allows software to be installed by one user without it affecting the configurations of other users, even if a setup routine goes awry.
More information on Protect is available at www.fslogic.com.