Controlling applications in Windows
Many current systems control the Windows Program Manager,
implying that this approach controls the users, too.
But what about all the functions in File Manager, and
the many macro systems available? Controls based on
Program Manager alone provide a false sense of security. File
Manager can be used to create new icons in Program Manager using the “drag
and drop” technique, and applications can be started from the Run menu or
by double-clicking. A number of applications are able
to launch the DOS shell. Most modern access control
programs include a function that blocks the facility to obtain the DOS shell. The macro systems in Word and Excel offer virtually unlimited
opportunity to the expert. For example, the
“Connect” command allows the user to establish new network
connections. It is obvious that unless we can prevent these commands being
issued, we cannot control what the user will be able to access. A
controlled version of File Manager that would be safe to use might have the following restrictions :
1. Applications cannot be started by double-clicking.
2. A series of menu options are removed, including the Run menu.
3. Program Manager is hidden when File Manager is active, to
prevent “dragging and dropping” files to create
new icons.
4. Executable files are not shown.
All Windows applications send and receive messages. Menus, list
boxes, etc. are displayed on the basis of these
messages. A small number of access control products on
the market are capable of controlling these messages.
Security FAQ
Windows Privacy Tools - http//www.privacywindows.com
| 
