Educause Security Discussion mailing list archives

Re: Keyloggers in computer labs

From: "Syrigos, Panagis" <syrigos () UMICH EDU>
Date: Tue, 7 Feb 2006 10:21:00 -0500

Hello,

Here at the library of the University of Michigan we don't allow
administrator accounts to login to our labs. We have 3 labs with
workstations and one lab with terminals serviced by a TS server. We
require that each instructor notifies us beforehand (at least 3 weeks)
of the list of software they need to install and we determine whether
the software can be run in a locked down environment or not. If it's not
possible, we deny the request or, more often, try to find another app
that will do the trick for them.

All of the software we use can run in a locked down environment by
granting write permissions to the folder it was installed, or to certain
registry keys. FileMon, RegMon from www.sysinternals.com and RunAs that
is provided by Windows are the tools we use. Although we have not come
across something that just doesn't work, we are confident that if indeed
such a monstrosity exists, we can use "RunAs" in a batch file to run
just the app with admin privileges and not the entire session. 

If the instructor *has* to teach their students how to install a certain
piece of software, we are in the process starting to provide them with a
Virtual PC image that has no connectivity to the 'net. Once the class is
done, we will be trashing the image and copy a fresh image back to the
computers. 

HTH,
Panagis

Panagis Syrigos
System Administrator II
Library Information Technology
University of Michigan
------------------------------
And on the 8th day God said, "Ok Murphy, you take over."
  
-----Original Message-----
From: Kay Sommers [mailto:ksommers () VCU EDU] 
Sent: Monday, February 06, 2006 9:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Keyloggers in computer labs

How are you protecting your computer labs from the installation of 
keyloggers?   Lab managers want to use local administrator or power user

accounts on these machines so that various applications run properly,
but of course, that exposes these public machines to the possibility of
anything being installed.  Re-imaging or return point strategies such as
Deep Freeze still leave the machines vulnerable for a certain period of
time. 

What approaches are being used to protect public machines other than not
allowing privileged logins?

Current thread:

Re: Keyloggers in computer labs, (continued)
- Re: Keyloggers in computer labs James Cooley (Feb 06)
- Re: Keyloggers in computer labs Valdis Kletnieks (Feb 06)
- Re: Keyloggers in computer labs Lucas, Bryan (Feb 06)
- Re: Keyloggers in computer labs stanislav shalunov (Feb 06)
- Re: Keyloggers in computer labs Valdis Kletnieks (Feb 07)
- Re: Keyloggers in computer labs Gary Flynn (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs clementz.7 (Feb 07)
- Re: Keyloggers in computer labs Gary Flynn (Feb 07)
- Re: Keyloggers in computer labs Drake, Craig (Feb 07)
- Re: Keyloggers in computer labs Syrigos, Panagis (Feb 07)
- Re: Keyloggers in computer labs Les LaCroix (Feb 07)
- Re: Keyloggers in computer labs Brad Judy (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs Drake, Craig (Feb 07)
- Re: Keyloggers in computer labs Dave Koontz (Feb 07)