password protection

I have made a password protection program for windows and it works fine except that even though I disable Ctrl-Alt-Del and remove my program from the list, if someone hits C-A-D as windows is starting but before my password program starts they find it in the list and can exit that task.
I have my program starting from two different places, from the system.ini, after explorer.exe loads and in the registry RUN key.
What am I doing wrong?
dtuckerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mark2150Commented:
Using windows...

Seriously, you have to have a bypass or the first time you make a programming error you'll have to reformat to get by it. Think about it. If there were an IRONCLAD password and you forgot it how would you get thru? If you don't provide an update function how are you going to make changes to the system? If you want security from boot until windows loads set a BIOS password.

M
0
vettrangerCommented:
Mark's correct about the use of a BIOS password. Windows is the wrong platform for this level of software security. You're not doing anything wrong, its just that 'It ain't gonna happen' with Windows.

0
mcriderCommented:
mark2150

Come on... You would NOT have to format if a program error occurred... All you would have to do is boot from floppy and edit manually...

0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

barnackyCommented:
Why don't you try changing the shell command in the system.ini.  Set Shell=yourprogram.exe instead of explorer.exe.  Just make sure that if the user types in the correct password, you shell Explorer.exe from your program.  Should work.  It's an interesting trick that works 95% of the time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcriderCommented:
barnacky, Now there's an idea I can get behind! ;-)

Cheers!
0
caraf_gCommented:
mcrider. Good luck! I've got all my partitions set up as NTFS.
0
caraf_gCommented:
barnacky, just out of interest, what happens the other 5% of the time?
0
barnackyCommented:
I was just referring to those people who are aware that the system.ini file is the source of the password protection.  I figured 5% was a good number.
0
mcriderCommented:
Caraf_g, take a look at Creating a Boot Disk for an NTFS or FAT Partition
http://support.microsoft.com/support/kb/articles/Q119/4/67.ASP

(the voices told me where to find it...)

Cheers!
0
dtuckerAuthor Commented:
I tried what you suggested and it worked perfectly except that when I Shelled Explorer.exe, up came explorer and not the shell explorer and also the taskbar didn't come up or anything in the startup folder.
what do you suggest?
0
mark2150Commented:
On systems *I* set up you CAN'T boot from floopy.

And if you can bypass with just a boot floppy then what's the point of trying to make it "ironclad" in the first place? You also have to stop <F8> and scandisk and safe mode.

Since there are these different ways to bypass the "ironclad" password system, why bother in the first place?

M
0
mcriderCommented:
mark2150,

If by saying you can't boot from a floppy on systems you set up you mean you disable the bios, all you have you to is remove the BIOS battery...

Cheers!
0
mark2150Commented:
No, I mean I take the friggen things *OUT* and lock the case.

I did this in a JAIL system we set up to keep the proprietary data out of prying hands. Medical records show HIV status and we wanted to make absolutely positively sure that someone didn't make a quickie copy of stuff to take home. All the data was kept on the file server with network security providing positive control. Only one system in the place had a floppy drive physically attached and that was secured. All cases were physically secured with padlocks so you couldn't remove the covers without cutting tools. No data got out of THAT system, nor did it *EVER* get any form of virus.

M
0
mcriderCommented:
Most people don't go to that extreme.
0
mark2150Commented:
If you want secure, that's how to get SECURE. Remember this is a *JAIL* we're talking about here. They know a *little* about "security". By definition jails are full of theives and others that would sorely like to get out.

While most criminals are not rocket scientists a certain percentage of computer users do run afoul the law. People have plenty of time on their hands and nothing better to do than scheme.

We ruggedized those systems six ways from Friday and then beefed them up some more. We used a layered security approach. Like a battleship, a single torpedo won't sink it. Yes, you'll have a breach here and there, but the watertight doors compartmentize the damage.

This means that the battleship can take hit after hit and keep firing, at reduced efficiency certainly, but it keeps running. In a like manner we designed our systems to be as tight as we possibly could. Bios passwords to boot, Lan passwords for any access. COMMAND.COM and related files hidden and locked. No floppy drives installed. Directories hidden with non-ASCII characters in their names. Intercepts on selected programs. Removal of selected programs. Regular sweeps of the workstation profiles. No external network access. No modems - anywhere. Network security over all. Monitoring and tracking software watching every command issued. Logs of all activities on all stations. Physical security of the workstations and their offices. TV cameras watching the machine stations.

On my LAN's I tell my users that I can read a floppy locked in their desk drawer - and I'm just barely exaggerating. I've pulled files off of secured machines two states away. I'll scan *ALL* your email or have the mail system send me a copy of anything it deems I'd be interested in - and you'll never know it.

Never met a windows "security" program that I couldn't beat if I had physical access to the workstation and my little black bag of tricks with me. If you want security, don't run it on windoze... If you *ARE* running on windoze, don't bother with security - I'll beat it.

M

PS
Have you heard of the M$ Word "spy" macro virus? Once you get infected it sends a duplicate of everything you save out to an IP address set up by the infector. No need to break in to get copies of your files, you automatically mail them to *ME* as you save...

Sleep tight! (evil grin)

M
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.