Keep user from ctl+alt+del to kill app 2

[jadams0173]

I've read on this forum that disabling or circumventing the ctl+alt+del keys is anything from VERY dangerous to not possible. So how do you keep a user from killing an app this way? I have an app that the users are killing this way instead of entering the data.

I have looked into ways to make it not show up in the task list but have been unsuccessful at this. Any suggestions?

 

[Ovatvvon]

Oh, I got that part of it, and appreciated it; don't get me wrong.

I was just addressing the more serious part of it, because I felt it needed to be, just to be on the safe side.


-Ovatvvon :-Q

 

[strongm]

>I know how you can keep your VB app from displaying ... I'll relook up how I did it in an old application

It's as easy as app.taskvisible=false

>programs also tack on computer identifying information so that if the Government gets ahold of the program (or any truly savvy programmer),

What on earth are you on about?

 

[Ovatvvon]

That sounds about right strongm. I just don't normally use it, so couldn't remember. Suppose you could've posted that a long time ago.

What am I on about? Basically, the more the application development interfaces such as Visual Studio .NET (etc) advance, more security is built in (because of all the virus' etc) that allow for "creator tracking". There are small fragments of information that are stamped to an application. These can be processor ID's, or various other things.

Hope this helps.

-Ovatvvon :-Q

 

[strongm]

>you could've posted that a long time ago

Could have done, but a) a simple key word search on say "hide task manager" in this forum finds a number of hits on the subject with this very solution and b) the conversation quickly moved on from this trivial point, as we're really talking about a corporate culture issue not a programming issue.

>processor ID's

Oh, I doubt it, not unique ones

>allow for "creator tracking".

I'm not aware of such information being embedded in .NET programs, let alone VB6 (which is what we are talking about here). Perhaps you can provide a reference?

 

[CaptainD]

How about a gate that requires a magnetic card code to open. Swipe the card to go in and out that sets the time. Search for tool tracks time in and out. Ties the two together.

http://www.kanecal.net/mag-stripe-reader-scanner.html

 

[Hypetia]

Talking about the original issue, is it possible that disabling access to Task Maganer can help solving the problem?

You cannot disable Ctrl+Alt+Del key combination but you can disable access to Task Manager.

We use this technique for restricting operator access on HMI stations from where they monitor and control plant operation. Disabling access to taskmgr.exe and explorer.exe leaves nothing on the desktop but the HMI software which is configured to run with Windows startup. They cannot execute any other program, or access Task Manager which also allows to run other program from File menu.

Disabling access to taskmgr.exe is easy. With NTFS, you can deny all security permissions to the exe file for the user under which the operator interface software is running.

This is a standard and documented procedure and we don't have any issue with it.

 

[Ovatvvon]

strongm,

I heard about this a few years ago on the news. I'll see if I can find something about it online later tonight or tomorrow after work.

-Ovatvvon :-Q

 

[strongm]

I suspect that you may have heard about the Office GUID

Back in 1999 Microsoft was found to be embedding identifying GUIDs in Office documents without the knowledge of the users. This caused an uproar amongst the privacy crowd, which resulted in Microsft issuing an apology, two software patches (one to remove the identifiers from existing documents, the other to prevent identifiers being inserted into future documents), and guaranteeing that future versions Microsoft applications would contain no such ability to embed uniquely identifying information without the knowledge or approval of the users. They also vowed to, "Purge any hardware ID information that may have been inadvertently gathered without the customer having chosen to provide Microsoft with this information . . ."

I am not aware of any change in Microsoft's policy on this since that time, hence my querying of your assertion.

(probably worth pointing out that it was also around this time that the privacy crowd went nuts about about Intel's inclusion of a CPU serial number on the PIII, which led to Intel disabling it by default on later PIIIs and removing it altogether in all later CPUs; AMD, as far as I am aware, have never had a CPU serial number)

 

[Ovatvvon]

Very useful information! I suppose it is possible I heard of that, but I am almost sure it was in relation to a prevention for the creation of virus', trojans, etc; that the software was embeding this information into programs created. Perhaps there is something in the Agreements now allowing them to do that, or perhaps it was linked to what you mentioned before, but extended into the Visual Studio IDE as well, but was later removed, I'm not sure.

It is probably linked to what you said; I'll still poke around a bit to see if I can't find anything to confirm that, or that may shed more light on the subject.


-Ovatvvon :-Q

 

[Hypetia]

It may be worth pointing that Windows XP error reporting tool can also send private informatioon with the report.

http://oca.microsoft.com/en/dcp20.asp

http://www.pcmag.com/article2/0,1895,1434622,00.asp

 

[EBGreen]

Even if they were embedding unique information into compiled exes, I don't see how it would do anything to prevent viruses. It would be a truly lame virus writer that could not foil something like this.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[Ovatvvon]

You’re right, I shouldn’t have used the word “prevention”; I should’ve used the word “deterrence” instead. And I wasn’t suggesting that the IDE would prevent you from making the app, but rather, that if some authority figures wanted to find out where any program was generated, there would be some source of information about that embedded into the code.

-Ovatvvon :-Q

 

[macleod1021]

I stand corrected. I was browsing DeveloperFusion for another issue today and ran across a how-to on disabling Ctrl-Alt-Delete. Here's the code they use:

Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByVal lpvParam As Any, ByVal fuWinIni As Long) As Long


Private Sub disablekeys(disable As Boolean)
SystemParametersInfo 97, disable, CStr(1), 0
End Sub

You could simply add a disablekeys(true) in the form.load event and disablekeys(false) in form.unload event.

 

[strongm]

The FBI (I think it was) did use the embedded Office GUID to track down a trojan author. So I think it is still possible your source was confused

 

[strongm]

The SystemParameters trick only works on W95/98/Me (97 is the value of SPI_SETSCREENSAVERRUNNING, and what the function does is to fool the non-NT based OSs onto thinking they are running a screensaver)

 

[Ovatvvon]

macleod1021,

Have you tried implementing that to test it?
As far as I know, Ctrl-Alt-Del combo is "protected" at the operating system level, so no other app can override it (except where administrators prevent it). Could be wrong though. Just seems to me that's the case, but I'd love to be proved wrong in this situation (if for no other reason, because it is fun to learn new tricks).

Strongm, I won't try to say that I didn't mess up my sources, or even data for that matter. It was quite a while ago I heard this, but it stuck enough for me to believe it.


-Ovatvvon :-Q

 

[macleod1021]

Well, I tried the code a little bit ago and got some errors. I dug into it a little bit deeper and alas, this code only works on Win 9x systems.

However, I refused to end it on that note. I discovered another site that had a pretty good walk through. I'm going to work on it over the weekend and see if I can comeup with a solution that works on Windows XP. Theres also a solution to jadams immediate problem. This website shows how to disable the Task Manager programmatically.

http://www.codeproject.com/win32/AntonioWinLock.asp

I haven't tested it, but I will this weekend.

 

[MoOoOoDY]

I Faced This Issue Before When Working On A Program That Prevent The User From Continue Using The Computer After Certain Amount Of Time And Also Preventing Him From Kill My Program By Pressig The ALT + CTRL + DEL Combination..
I Tested It IN Windows XP OS.

Here's The Idea... I Got 2 Solutions:
-------------------------------------
1- You Can Disable The Task Manager [TaskMgr.exe].
2- You Can Run Task Maager and Hide It.

Working ON Solution [1]:
------------------------
You Can Set A Registry Value to Enable Or Disable The Task Manager From Being Fired. The Value IS:
---------------------------------------
*** Disable TaskMgr:
--------------------
"HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURENTVERSION\POLICIES\SYSTEM\DISABLETASKMGR" -->> set to 1
-- Desciption:
--------------
HKEY: "HKEY_CURRENT_USER"
PATH: "SOFTWARE\MICROSOFT\WINDOWS\CURENTVERSION\POLICIES\SY STEM"
VALUE: "DisableTaskMgr"
DATA: 1 -- Data Type LONG
----------------------------------------------------
====================================================
*** Enable TaskMgr:
--------------------
You Can Either Delete The Registry Value Or Set The Data to 0
'------ But Don't Forget To Enable The TaskMgr After You Closed You Program.


================================
Working ON Solution [2]:
------------------------
You Can Run The [TaskMgr.exe] When You Start Your Program And Hide It, If User Try To Press The ALT+CTRL+DEL It Will Do Nothing Except In Some Times Can Get The Focus On The [TaskMgr.exe] But It's Hidden, So User Can't See It.

To Avoid Getting The Focus To [TaskMgr.exe] You can Put a timer on Your Active Form And Let This Timer Make Your Active Form OnTOP Of All Other Windows By Calling This API:
'---------------------------------------------------------
SetWindowPos Me.hWnd, HWND_TOPMOST,0,0,0,0, SWP_NOACTIVATE Or SWP_SHOWWINDOW Or SWP_NOMOVE Or SWP_NOSIZE
'--------------------------------------------------
Where
Me.hWnd: Is The Handle Of Your Active Form
Const HWND_TOPMOST = -1
Const SWP_NOSIZE = &H1
Const SWP_NOMOVE = &H2
Const SWP_NOACTIVATE = &H10
Const SWP_SHOWWINDOW = &H40
And The API Declaration is:
'--------------------------
Private Declare Sub SetWindowPos Lib "User32" (ByVal hWnd As Long,ByVal hWndInsertAfter As Long,ByVal X As Long,ByVal Y As Long,ByVal cx As Long,ByVal cy As Long,ByVal wFlags As Long)

I hope This Code Will Help You.........

 

[Jasen]

We use this technique for restricting operator access on HMI stations from where they monitor and control plant operation.

Cimplicity by chance?

 

[jadams0173]

Hey all! I kinda lost track of the post but boy has it been active!! I like the ideas with electric shock, and big loud horn. I doubt very seriously that I could get my boss to buy into that approach, but it would be pretty cool.

I will give you code a try MoOoOoDY and I will check out the link that macleod1021 provided.

app.taskvisible=false does not work on my OS Win2k. I think it only works for win 9x versions.