Homeland Security at Home
By David Shamah, The
They're cute when they're small, no doubt about it.
And they stay that way for awhile. Yours may still be at that stage.
But never fear, your time
will come. The older kids get, the more of a job they
are to manage. And today's social climate doesn’t help matters. Where once you
could control their behavior – for their own good - nowadays the world is
determined to foist its own ideas and values upon them. If you live anywhere
within shouting distance of a computer, radio or TV, be prepared for lots of
sleepless nights.
Those of us with kids approaching or already in their
tweens and teens know what I'm talking about. Even if
you are sure your kids are "good" kids, you lose sleep over them,
because there are plenty of bad influences out there. And the scary part is, the bad stuff can happen in any family.
It seems that civil liberties, both in society and
within the family, are becoming luxuries that are more difficult to afford. Do all the extra stringencies travelers experience at
airports around the world nowadays mean that society has become less
"free?" Possibly, but given the threat of world terrorism, does
society really have a choice? In the same way, letting kids have too much
freedom these days can be a really dangerous thing, as well.
But at the same time, society limits you as a parent
from taking actions that might help mitigate the risks. Corporal punishment is definitely
out these days (not that it's such a good idea anyway), and if you come down
too hard on the kids even verbally, there's a strong risk they're going to
rebel. Family experts all agree that keeping the lines of communications open
between parent and child is key. So
drastic action of any type is out – even if it's called for. Anyway, we
want to trust our kids; the way they relate to the world is a reflection of the
way we raised them – all that hard work we put into raising them has to be
worth something.
The truth of the matter is that most kids, even
today, grow up more or less OK. A large part of the problem for us as parents
is the mystery – the not knowing what really goes on in our kids' lives. Are
the Web sites and chat rooms they frequent more or less innocent? We are pretty
sure we can trust them, but can we trust the people they are communicating with
on-line with? What about their e-mail and IM buddies?
As parents, we have to tread lightly when it comes to
our kids' private lives if we don't want to alienate them. Learning as much as
we can about what they're up to is essential, but it's not like they're going
to reveal everything about their extracurricular activities – and what they
won't tell is probably what we need to know the most.
But in a way, we've really lucked out, thanks to
computers. Because so many of our kids' potentially dangerous activities and
relationships are conducted online, a measure of control is definitely
possible; all we have to do is figure out a way to get at their information
without their realizing what is happening. This way, we can keep tabs on
matters while giving them the freedom they crave.
There are a host of programs you can use in order to
monitor a computer's on-line (and off-line, for that matter) doings. There are
applications that will record keystrokes or capture images of sites, pages and
documents. And you can always limit access to sites by using a filter program
like Net Nanny to prevent kids from surfing to sites you disapprove of.
But each and every one of these methods leaves
something to be desired. First of all, they can all be beaten, and almost any
program touted by adults as a solution to kids' on-line freedom are listed on "app-killer"
sites instructing those affected how to circumvent the application. Most of
these security programs are obvious and do their work out in the open – which
means that your kids are aware of what you are doing and will tailor their
on-line behavior to accommodate it. But that doesn't mean they've curtailed
their potentially risky activity; more than likely, it's just gone underground,
and your task of finding out what you want to know will become even more
difficult.
The trick is to figure out a way to get the
information we need without tipping our hand – kind of like running a covert
spy operation. I recently came across a method that may do the job without
ruffling too many family feathers. The method is actually based on a weakness
in the Windows infrastructure, and this may be the one time that Microsoft's
infamous Registry insecurity works in our favor.
Computer-based information meant for private eyes, of
course, is protected by passwords. Passwords are ubiquitous, used for e-mail clients, Web based e-mail, instant messengers, entry into
Web sites, and other communications applications and protocols. But did you
ever stop to wonder just how Windows knows a correct password from a dud?
Obviously, that information must be stored somewhere in the registry.
Indeed it is; it is saved in a Registry area known as
Microsoft Protected Storage. You can look in this registry listing if you want
(HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider), but
since it's encrypted, reading it straight out of Regedit
won’t do you any good. What you need is an application that can interpret the
code and render it back into plain text.
And because they can, most people – kids included –
save their passwords on Web sites with AutoComplete, one of those indispensable
services that compromise user security far more than they realize. Passwords
saved with AutoComplete get saved in Protected Storage, awaiting the key that
can unlock them and get you logged onto the information you seek.
That key comes in the form of an application called PSPV,
Protected Storage PassView (http://www.nirsoft.net/utils/pspv.html),
which will, like magic, lay out all the password information in your PC.
Running the program produces a chart (exportable to an html Web page) that
lists the program or Web page, user name, and matching password where
applicable. The program lists not only Web page passwords, but Outlook
passwords as well (meaning you can get the passwords to users' e-mail accounts)
– and even Windows login passwords. This is dangerous stuff in the wrong hands,
and if nothing else, it's an object lesson on how simple it is for hackers to
get at your information. But we're on a mission here; all we're interested in
is protecting our kids and making sure they don't get themselves into something
they're not ready to handle.
It should be noted that PSPV does not distinguish
between data - you get everything that was ever save in Protected Storage on
the computer PSPV is running on. In some cases, it isn't clear exactly what a
particular login or password is referring to. I suggest you run the program on
some "control sites" – i.e., register for some services and accounts
and save the passwords, then check with PSPV for a more clear understanding of
how the program lists the information.
One thing PSPV doesn’t display is passwords for
instant messengers like ICQ and AIM. For that you need another utility by the
same author, called MessenPass (http://www.nirsoft.net/utils/mspass.html).
MessenPass works on all the major messaging apps;
once you're in, you can see what your kids have been talking about by checking
their chat history (if it isn't being saved, you can make that adjustment the
first time you log in; chances are they won't notice).
In researching these products – particularly PSPV – I
came across a few anti-spyware Web sites that classify the program as a
potential security risk. As I mentioned, it is definitely that in the wrong
hands; it would be all too easy for a hacker to send you this program
nefariously and set up a script where the information garnered could be saved
in a file and secretly e-mailed back to its sender. But the program itself is
perfectly safe – you don't even have to install it to get it to run (i.e., it
makes no changes or adjustments to the registry).
But I know how you feel; you, like me, are most
likely of two minds about this. Even though I've tried mightily via this
article, I still haven't talked myself into the moral validity of this project
(technically, it’s fantastic – you'll never forget or lose a password again). But
we have to do something to defend our kids; there's just too much bad stuff
going on out there, and we can't afford to pretend that "it can't happen
here." Fortunately, PSPV and MessenPass give us
a neat, elegant, quiet and secure way to do what has to be done. The kids don't
ever have to know, and what they don't know won't hurt them (both programs are
small enough to fit on a floppy; you don't even have to leave them on the
computer, just in case the kids read this article and are able to identify the
program). Even if they change their passwords, you're set; just run the programs
again and the new passwords appear. Yes, it hurts the heart to have to do
something like this; but it's the kind of thing your kids end up thanking you
for when you tell them about it in the pre-wedding heart to heart, when they're
about to embark on their new lives - healthy, happy, and alive.
ds@newzgeek.com