Ok. I finally have a worthwhile idea to pitch for the project. This one is security based and spurred on by the security article here, and in particular, this quote:
One clear symptom that you have a case of "Enumerating Badness" is that you've got a system or software that needs signature updates on a regular basis, or a system that lets past a new worm that it hasn't seen before. The cure for "Enumerating Badness" is, of course, "Enumerating Goodness." Amazingly, there is virtually no support in operating systems for such software-level controls. I've tried using Windows XP Pro's Program Execution Control but it's oriented toward "Enumerating Badness" and is, itself a dumb implementation of a dumb idea.
How difficult would it be to write a program that monitors all code executed by the system? This would look at programs that run, etc and decide, based on a list of rules, what is allowed to run. Anything else would be prevented and logged with the ability to allow it if it is a legitimate application.
Not being a programmer, I don't quite know the implications of this task such as processor time, memory usage, etc. but I think this would be a very useful feature for schools. Certainly it would stand as a big barrier to spyware, malware, adware, etc, as well as stopping staff & pupils trying to install unauthorised applications.
Can someone tell me if this is possible, and whether it can be added to the (potential) features list for the Edugeek Project?
well project (once i get my net connection sroted) is an admins tool kit in not so many words and adding it as part of project not an issue..
As for program side not sure problem is have to make sure that it very small as it need to run a lot if think of amount of work doing for example just do task list to see amount it would have to check before you start doing anything.
It is possible in vb to list all running application and with that information could compare every title against a safe list and the close the program that is not on the list
Comparing by window title can sometimes be unreliable as there are no strict rules applications adhere to and can change regularly, but it is certainly possible and a lot easier on resources. AFAIK, this is how Ranger does it.
using names as a basis for comparison is a bad idea, for instance, i could just rename a malicious piece of code to a process name that has been declared safe to run and voila, md5sums of the exes would be more useful, but would need to be updated when the program version changes
On a side note, doesnt windows group policies have a similar sort of system for safe program execution (which uses the path system and invariably can be bypassed with the method above)
@E1uSiV3: Yes, I know the exact GPO you are thinking of and it goes back to Win9x days, "Only allow the following programs to be executed" or similar wording. In Win9x it was possible to rename an EXE to something that was allowed, but as far as I know, the newer Win2K+ version of this GPO actually makes a hash of the file, which means that users can't rename EXEs they want to run - but secondly, when applications change, you must remember to re-do the hash of the EXE otherwise it might not run at all
I would have thought that the hashing for Windows System patches and the like would be fine just the application software would be the issue? I suppose it depends on how much software you run and how frequently it needs patching. As long as you run the update then make the changes I can't see a problem with that solution?
Indeed. The trouble is you get naff educational software that insists on having write access to .ini files it installs in the windows folder, despite the fact that it only ever reads settings from them.