Chat Prevention Program

Hey everyone, I need your feedback as what you think about this:

I wrote a program that prevents chat programs from being installed and/or being run.

The way it works is this...
It creates the appropriate directory that the chat program would create upon installation.
Then it modifies the ACL(Access Control List) to prevent access. Since most chat program installers use the admin account to install their crap, this prevents it from having access to the folder.

I have tested this process with Yahoo Messenger, AIM, and ICQ and it works. I have not tried with MSN messenger because I do not want to screw up the way Outlook works.

I logged in with a standard user account and went through the download/install process. It appears to download and tries to install, but once it starts the installer, it dies because it cannot access the folder.

Then it gives a message about why it failed.

What I want to know is this...What does everyone think about this and as Network Admins/Security Guru's, would you use it?

I appreciate any and all feedback


Thanks

 

In a corporate environment it would be a nice tool to have.

 

I am one of the 2 network admins at a school with a medium size network (200-250) and we have problems with students installing these chat programs and not paying attention in class.

Plus, with the rise of IM viruses, this would also prevent those.

Thanks for the input

 

Hi,

Given that users can choose to install to the default DIR or not... this would not be to effective. Access Control List should prevent the exe name from being run, dll from being executed and directory and listed associated files with the programs.

Regards,
fluxgfx.com

 

Very true and I have thought about that.

but, most users don't have a clue and do not know how to change directories, so it would work against those people.

I am working on a solutions for that as well, but I wanted to feedback from people in the business.

 

Excellent idea.

As someone that works on one of the largest corporate networks in the UK with over 2,000 servers and a further 12,000 individual units all connected on our system and in constant data stream and with some of our office units having net access, we were recently hit with an instance of the spybot32.worm. It appeared to have entered our system via an office user deciding to use an unauthorised chat program. Luckily it did not cause too much damage as it was caught by our extensive layered protection, but even so it did require many man hours to check that none of our remote units had been infected. The risk of not checking was too great to imagine the consequences. We could not sit back and allow this situation to possibly escalate once the intrusion became known.

A program that could prevent unauthorised instances like this arising would be most welcome and companies with large networks would happily pay for such protection. It is too easy for office staff to download and install chat programs and then start sharing files with the obvious dangers that our company was subjected to by just one irresponsible user.

It would only take one such worm on an out dated anti-virus program or unprotected system to cause untold damage to the network with the huge clean up then required. It is unimaginable the work this involves on large systems like ours.

 

I am going to get to work on finishing this.

The only problem that arrises...is that it can only be done on NT based systems because Win9.X systems do not rely on ACL's.

It also helps with some toolbars as well.

For instance, the Yahoo toolbar that downloads with the IM program would be prevented as well.

Maybe Paul would let me host a support forum here

Thank you for the feedback...keep 'em coming!

 

The program is underway and should be finished soon.

The chat programs I am set to deny for now are:
-Yahoo! Messenger
-AOL Instant Messenger (AIM)
-ICQ
-Jabber

Does anybody know of anymore out there that would be good to include?

I am not including MSN messenger because it is required to run Outlook properly and usually comes installed with Windows by default.


I appreciate any and all feedback!

 

Thank You very much!

I am designing it so you can select which ones you do and don't want to protect against and an "Undo" feature as well.

It will not run in real time, but rather prevent access to the programs totally.

First, it will prevent it from being installed.
Second, In case someone finds a way, it will prevent the app from running.

The program will be password protected and will not be required to install on any pc, but will be able to run from a disk (floppy or cd).

This will work great for businesses that use imaging software to duplicate the PC's in their offices. Just run it once on the machine before imaging and all the other PC's will be protected as well.


Thank you for the support, I Hope will help people out

I will keep everyone in the loop as to the status of it, and If anybody has any suggestions for design or anything, please let me know and I'll throw what I can into it.

Thanks again to everyone!!

 

The design of the program is in the final stages! Then I'll have to test it

I have a screenshot of the GUI if anybody would want to see it.
My only fear is that someone will take my idea and copy it.

If anybody wants to see it without me putting it on the forum here, let me know and I'll send it to ya...or give me the "Go-Ahead" and I'll stick it on here.


I would like some people's input of the GUI to tell me if like/dislike anything.

Thanks

 

Very good idea!

I actually did that with a piece of software I wrote a little while back..It's a totally legal way to copyright something.

The program is almost finished and I have begun testing it with success.

So far, I found it only works on "Pro" systems (NT, 2000 Pro, XP Pro, etc..) because they use NTFS permissions and ACL's for rights and access. The home versions do not, but I am working on something that should work for them too.

Thanks for all the advice.

 

The program is in it's final stages of testing now.
It works for any NT based system.

Currently it blocks:
*Yahoo messenger
*AOL Instant Messenger (AIM, AIM95)
*Jabber Messenger
*ICQ/ICQLite

I found a few other similar programs online that prevent chat program from running, but they require a real-time monitor.

Mine does not even need to be installed, just run once.

I will keep everyone posted when it is finished.

Thanks again for all the feedback

 

Thanks!

for version 1.0 (Current) I am excluding MSMessenger only because it can mess up outlook if misconfigured and I want to get the program out there for people to use before I do many more updates to it.

This is definately something that will be looked into for future upgrades.

 

I may have just found a quick and dirty way to disable MSMessenger and if it works, I will put it in the program as well ....hehehehe.

I love programming