I’ve been playing lately with a little device I picked up in the local Fry’s store. It’s a “Wireless PC Lock”, and the idea is that there’s a pair of pieces – a USB stick, and what you might charitably call a fob (although when I tried to use it on my key ring, the button stayed pressed in my pocket, and I wore out the battery).
This is really a sweet little idea – a presence device so that you don’t forget to lock your PC when you walk away (you do lock your PC whenever you’re away, don’t you?)
Unfortunately, the software isn’t very well thought-out or well written. The device is capable of unlocking the PC as well as locking it, which is not good if you hang out on the other side of the wall from your PC. For me, that’s out in the corridor, but I don’t feel comfortable taking the chance that it’ll unlock as I’m standing chatting in an area where I can’t see my PC.
This is where we come to the second problem. Those sharp-eyed among you will note that you can’t programmatically unlock the PC. You have to enter a username and password to do so. The obvious way the developers on the Wireless PC Lock came up with for dealing with this was to pretend to lock the system – they put up a picture of dolphins (because dolphins and security – well, if I have to explain it…)) over every one of your programs, and they do their level best to prevent you from getting to anything but the dolphins until you’ve typed in your password.
I’m a suspicious person at heart – it can’t be too tricky to get around this, and my bet is that you simply insert a CD-ROM with Autoplay (although I do have that disabled, too) that runs a tool to kill the process that locks the system. It’s not too difficult to figure out the process.
So, I’m thinking it shouldn’t be too difficult to write a program that does the right thing – if you disappear from radio sight for a few seconds, or you unplug the USB stick, the system should lock – proper LockWorkStation lock. When you come back in range… nothing. You have to unlock manually.
This is a good thing, because the radio device has only a two-byte serial code that prevents others from getting the same number device as you – but those odds just aren’t good enough to act as an authentication factor. They are sufficient to act as a “presence not detected” factor.
Plus, I want my program to run as a restricted user – I don’t need to be administrator to lock my terminal, I shouldn’t have to be administrator to work with the Wireless PC Lock. Tune in here again in a few days, and we’ll see how I’ve done with my goal of producing a simple, more secure version of the Wireless PC Lock software.