Homeland Security at Home

 

By David Shamah, The Jerusalem Post, Dec. 17, 2004

 

They're cute when they're small, no doubt about it. And they stay that way for awhile. Yours may still be at that stage.

 

But never fear, your time will come. The older kids get, the more of a job they are to manage. And today's social climate doesn’t help matters. Where once you could control their behavior – for their own good - nowadays the world is determined to foist its own ideas and values upon them. If you live anywhere within shouting distance of a computer, radio or TV, be prepared for lots of sleepless nights.

 

Those of us with kids approaching or already in their tweens and teens know what I'm talking about. Even if you are sure your kids are "good" kids, you lose sleep over them, because there are plenty of bad influences out there. And the scary part is, the bad stuff can happen in any family.

 

It seems that civil liberties, both in society and within the family, are becoming luxuries that are more difficult to afford. Do all the extra stringencies travelers experience at airports around the world nowadays mean that society has become less "free?" Possibly, but given the threat of world terrorism, does society really have a choice? In the same way, letting kids have too much freedom these days can be a really dangerous thing, as well.

 

But at the same time, society limits you as a parent from taking actions that might help mitigate the risks. Corporal punishment is definitely out these days (not that it's such a good idea anyway), and if you come down too hard on the kids even verbally, there's a strong risk they're going to rebel. Family experts all agree that keeping the lines of communications open between parent and child is key. So drastic action of any type is out – even if it's called for. Anyway, we want to trust our kids; the way they relate to the world is a reflection of the way we raised them – all that hard work we put into raising them has to be worth something.

 

The truth of the matter is that most kids, even today, grow up more or less OK. A large part of the problem for us as parents is the mystery – the not knowing what really goes on in our kids' lives. Are the Web sites and chat rooms they frequent more or less innocent? We are pretty sure we can trust them, but can we trust the people they are communicating with on-line with? What about their e-mail and IM buddies?

 

As parents, we have to tread lightly when it comes to our kids' private lives if we don't want to alienate them. Learning as much as we can about what they're up to is essential, but it's not like they're going to reveal everything about their extracurricular activities – and what they won't tell is probably what we need to know the most.

 

But in a way, we've really lucked out, thanks to computers. Because so many of our kids' potentially dangerous activities and relationships are conducted online, a measure of control is definitely possible; all we have to do is figure out a way to get at their information without their realizing what is happening. This way, we can keep tabs on matters while giving them the freedom they crave.

 

There are a host of programs you can use in order to monitor a computer's on-line (and off-line, for that matter) doings. There are applications that will record keystrokes or capture images of sites, pages and documents. And you can always limit access to sites by using a filter program like Net Nanny to prevent kids from surfing to sites you disapprove of.

 

But each and every one of these methods leaves something to be desired. First of all, they can all be beaten, and almost any program touted by adults as a solution to kids' on-line freedom are listed on "app-killer" sites instructing those affected how to circumvent the application. Most of these security programs are obvious and do their work out in the open – which means that your kids are aware of what you are doing and will tailor their on-line behavior to accommodate it. But that doesn't mean they've curtailed their potentially risky activity; more than likely, it's just gone underground, and your task of finding out what you want to know will become even more difficult.

 

The trick is to figure out a way to get the information we need without tipping our hand – kind of like running a covert spy operation. I recently came across a method that may do the job without ruffling too many family feathers. The method is actually based on a weakness in the Windows infrastructure, and this may be the one time that Microsoft's infamous Registry insecurity works in our favor.

 

Computer-based information meant for private eyes, of course, is protected by passwords. Passwords are ubiquitous, used for e-mail clients, Web based e-mail, instant messengers, entry into Web sites, and other communications applications and protocols. But did you ever stop to wonder just how Windows knows a correct password from a dud? Obviously, that information must be stored somewhere in the registry.

 

Indeed it is; it is saved in a Registry area known as Microsoft Protected Storage. You can look in this registry listing if you want (HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider), but since it's encrypted, reading it straight out of Regedit won’t do you any good. What you need is an application that can interpret the code and render it back into plain text.

 

And because they can, most people – kids included – save their passwords on Web sites with AutoComplete, one of those indispensable services that compromise user security far more than they realize. Passwords saved with AutoComplete get saved in Protected Storage, awaiting the key that can unlock them and get you logged onto the information you seek.

 

That key comes in the form of an application called PSPV, Protected Storage PassView (http://www.nirsoft.net/utils/pspv.html), which will, like magic, lay out all the password information in your PC. Running the program produces a chart (exportable to an html Web page) that lists the program or Web page, user name, and matching password where applicable. The program lists not only Web page passwords, but Outlook passwords as well (meaning you can get the passwords to users' e-mail accounts) – and even Windows login passwords. This is dangerous stuff in the wrong hands, and if nothing else, it's an object lesson on how simple it is for hackers to get at your information. But we're on a mission here; all we're interested in is protecting our kids and making sure they don't get themselves into something they're not ready to handle.

 

It should be noted that PSPV does not distinguish between data - you get everything that was ever save in Protected Storage on the computer PSPV is running on. In some cases, it isn't clear exactly what a particular login or password is referring to. I suggest you run the program on some "control sites" – i.e., register for some services and accounts and save the passwords, then check with PSPV for a more clear understanding of how the program lists the information.

 

One thing PSPV doesn’t display is passwords for instant messengers like ICQ and AIM. For that you need another utility by the same author, called MessenPass (http://www.nirsoft.net/utils/mspass.html). MessenPass works on all the major messaging apps; once you're in, you can see what your kids have been talking about by checking their chat history (if it isn't being saved, you can make that adjustment the first time you log in; chances are they won't notice).

 

In researching these products – particularly PSPV – I came across a few anti-spyware Web sites that classify the program as a potential security risk. As I mentioned, it is definitely that in the wrong hands; it would be all too easy for a hacker to send you this program nefariously and set up a script where the information garnered could be saved in a file and secretly e-mailed back to its sender. But the program itself is perfectly safe – you don't even have to install it to get it to run (i.e., it makes no changes or adjustments to the registry).

 

But I know how you feel; you, like me, are most likely of two minds about this. Even though I've tried mightily via this article, I still haven't talked myself into the moral validity of this project (technically, it’s fantastic – you'll never forget or lose a password again). But we have to do something to defend our kids; there's just too much bad stuff going on out there, and we can't afford to pretend that "it can't happen here." Fortunately, PSPV and MessenPass give us a neat, elegant, quiet and secure way to do what has to be done. The kids don't ever have to know, and what they don't know won't hurt them (both programs are small enough to fit on a floppy; you don't even have to leave them on the computer, just in case the kids read this article and are able to identify the program). Even if they change their passwords, you're set; just run the programs again and the new passwords appear. Yes, it hurts the heart to have to do something like this; but it's the kind of thing your kids end up thanking you for when you tell them about it in the pre-wedding heart to heart, when they're about to embark on their new lives - healthy, happy, and alive.

 

ds@newzgeek.com