Locking down Windows PC at runtime (like screensaver)

M

MichaelZ

New Member
Hi...

I use a Win7 desktop PC at work. So this doucheface, scumbag of a co-worker likes to mess with my computer whenever I have to leave the cubicle.
From the get-go I encrypted the system with TrueCrypt, so if the computer is turned off, he can't do me any harm.
The thing is, I can't really shut everything down every time I have to drain the lizard, or if the boss needs me in her office (she's old, don't get excited). There are lots of open files that I need to save. Sometimes there are downloads in progress, plus my TrueCrypt password is kinda long. Booting up and having to get back in business 5-6 times a day has been a real pain in the rear. There has got to be a better way of leaving my running PC unattended.

A screensaver with a password?... Nah... I need something better.. An app that runs on demand, not whenever I forget to move the mouse during the last minute.

Password protection is mandatory and here's what I have in mind..

A shortcut to an app on the desktop or a key combination that initiates system lockdown. And by that I mean:

1. The system remains fully operational. Everything keeps running. All the unsaved files are unharmed. All the downloads keep downloading.

2. No input can be made (mouse/keyboard) unless a password is entered or a special key combination is pressed... like ctrl+alt+space+7 (which is actually better). No CD or USB drive can initiate an auto-run procedure. There is no "magic switch" that can bypass this security measure.

3. The computer does not reveal its activities. Any windows or pop-up messages DO NOT appear. Even if the system wants to scream: THERE'S A VIRUS INSIDE ME! I'M ON FIRE! No messages, no pop-ups. Nothing can get through. Plus the system itself and the app remain stable and do not crash even if someone is pounding on the keyboard with their fists. Alright, the whole system CAN crash. A hard reset does not bother me, since whoever is trying to screw me over has to deal with AES encryption now.

4. The system appears to be frozen. By that I mean: If the mouse is moved, there's no stupid 'Enter password to unlock' dialog box. The password can be entered only if a special key combination is pressed. Or even better: the user sets a key combination that unlocks the desktop. Ideally, while the system is locked down, the program would display a full-screen image of my choosing, which would be a screenshot of a fake desktop with the mouse cursor somewhere in the middle. If anyone tried to mess with the computer while I'm away, they'd just think that my computer froze. Plus they'd have no idea what I've been doing. The time and date would appear to be way out of whack but that's only if anyone bothered to look there.


1, 2 and 3 are a must. no. 4 is optional.

Is there something like that out there? If not - it oughta be.
I'm not looking for anything free... 10-15-20 bucks for something like that sounds about right.

Thanks in advance.
 
Just press the Windows key + L. That will lock your PC. Then you can't do anything but stare at the logon screen until someone puts in either your password or logs in as a different user.
 
Thanx guys... Well, I'm not impressed by anything I've seen on the list. Even the ratings suck. Locking down with Windows key + L have always seemed kinda sketchy. I mean it's Windows we're talking about. There's gotta be a workaround or a bug that bypasses this thing... Something like: unplug the network cable, an error message pops up and you take it from there.. But if people here think that this measure is fairly safe, I'd like to hear about it..

The thing is that it's not that simple... I tried to make it sound simple, anyway. I do have to do something about leaving my computer unattended at work, however, my main concern is the machine I leave behind at home. It has to stay online pretty much 24/7. If someone knows my schedule and breaks into my house while I'm at work, they would literally have hours to try and break into my system. Why would anyone do that? Let's just say there's a potential financial gain. So I have to assume that whoever tries to break into my system is a skilled and determined hacker. I don't want to insult that person by dangling that silly log-in screen in front of him. Something tells me that taking care of it as easy as: plug in a USB drive with some magic code and you're in.
The way I see it, the best way is STEALTH. Let him/them THINK the computer is frozen. I WANT him to do a hard reset. Let them think they can just steal the hard-drives and get access to everything that's on there.

What I really need is a screensaver on steroids. I would also like to set a timer... just in case I leave the house w/o initiating the lockdown procedure.

When I was much younger I dabbled in coding. ASM32 to be precise. Even made a release but the software saw limited circulation. If this was 20 years ago I would code this thing myself. Now it's all gone. Anyway, I can't be the only guy who's thought of this. And like I've said before I am perfectly willing to pay for this kind of software. I don't want no worthless-piece-a-shit freeware. I need this thing to be ironclad and hacker-proof.
 
Last edited:
If Windows + L wasn't secure then companies like Pratt & Whitney wouldn't require their employees to lock their PC's when they walk away :rolleyes:

You're paranoid.
 
Not paranoid but realistic.
Watch a bit from this video. Skip to 7:55:

https://www.youtube.com/watch?v=qIOIe0nr6DQ

This exploit is a gross oversight, very typical of Microsoft.

Installing this backdoor takes literally one minute. It does not require any downloads, USB drives or any extraordinary skills. All that the perp has to do is to rename one or two files in the single minute the PC is left unattended in the unlocked mode.

The main issue with locking down the system using Windows' proprietary mode is that EVERYONE uses it. The technique described in the video is like Breaking Into Windows Systems 101. And once it's compromised, the intruder can take his sweet time to strike, whenever it's convenient because this backdoor is impossible to detect.

The dipshits I have to deal with at work are not that creative, so this may solve my little problem there. However, I still need something much stronger and much much less common for my home PC. For now I will use what I already have (because I don't have anything better), knowing that there are probably many more exploits to bypass that silly screen. In either case, I'm planning to give it a thorough shake. By which I mean: While the system is in the lockdown mode, I will attempt inserting CDs, USB drives, connecting USB devices. Then I'll try unplugging stuff: The network, the speakers, the monitor, a couple of hard-drives, USB devices. I want to see what happens.
 
Maybe I'm just looking to simplify this to a non-issue, but...can't you just tell him to knock it off or you're going to the boss and/or just go to the boss? One would think that a co-worker intentionally disrupting the work of and/or potentially causing the disruption/loss of data of another co-worker would be dealt with pretty swiftly by the Powers That Be.
 
MichaelZ said:
Not paranoid but realistic.
Watch a bit from this video. Skip to 7:55:

https://www.youtube.com/watch?v=qIOIe0nr6DQ

This exploit is a gross oversight, very typical of Microsoft.

Installing this backdoor takes literally one minute. It does not require any downloads, USB drives or any extraordinary skills. All that the perp has to do is to rename one or two files in the single minute the PC is left unattended in the unlocked mode.

The main issue with locking down the system using Windows' proprietary mode is that EVERYONE uses it. The technique described in the video is like Breaking Into Windows Systems 101. And once it's compromised, the intruder can take his sweet time to strike, whenever it's convenient because this backdoor is impossible to detect.

The dipshits I have to deal with at work are not that creative, so this may solve my little problem there. However, I still need something much stronger and much much less common for my home PC. For now I will use what I already have (because I don't have anything better), knowing that there are probably many more exploits to bypass that silly screen. In either case, I'm planning to give it a thorough shake. By which I mean: While the system is in the lockdown mode, I will attempt inserting CDs, USB drives, connecting USB devices. Then I'll try unplugging stuff: The network, the speakers, the monitor, a couple of hard-drives, USB devices. I want to see what happens.
Click to expand...
So you think the built-in Windows security mechanism when locking your your computer is less secure than some third party software? By your paranoia about it being as simple as renaming system files, anyone could go on your PC and remove that software as well. In fact, anything can be done if your computer is left unlocked, hence why we told you to lock it when you are away from your computer.
 
I would still argue that a well-built lockdown software would have the edge of being not as common as the Windows proprietary stuff and if implemented correctly, can remain ambiguous. The potential intruder would have no idea why my computer is always frozen when I'm not around. He wouldn't know how to go about it and if I'm gone for a couple of minutes, installing a backdoor would not be as easy.

With the Windows' desktop lockdown you literally do not need ANYTHING. You don't need to have all your hacking tools with you on a DOK. You don't need to plug it in, find the right file and run it. You don't need an Internet connection to download this stuff from a site.
One possible scenario would go like this: "Oh I see the guy just stepped out for a minute w/o logging off. He probably got distracted and forgot. Well, I didn't plan on hacking into his shit but since he always uses that lame-ass Windows desktop lockdown, I might as well break in and snoop around when he's out for lunch. Now, I don't have my usual hacking stuff with me but that's OK. Because all I have to do is rename a stupid file. I don't think I have enough time to D/L and install a trojan anyway but renaming this one file will only take a minute."

My point is.. with such widespread popularity of this inadequate "security measure", the intrusion can occur spontaneously, without any sinister plot, just because it's there and is easy as ****. Thank you again, Micro$oft.

The saddest thing is that if the desktop lockdown did not exist in Windows, there would be a much wider selection of 3rd-party security products from companies that have their shit together, as far as security goes.


I don't feel that I have to bring any more arguments. I am open to suggestions as to how to secure my desktop using 3rd-party software. Something good, please.
 
If this is in a company, you should also remember that most employee user accounts are limited in what they can do, they can't modify or delete system files.
 
You must log in or register to reply here.
Back
Top