ITGS Syllabus

Thursday, February 02, 2006

Topic 18

Ability to implement different levels of access by Raymen Ohmori

Security and permissions are of utmost importance in today's world. If you slap a windows computer down in a public Internet cafe with full permissions, I can bet you that in 2 month's time it will be messed up beyond recognition. An even better bet is that if you sat down a computer with no permission restrictions, but with viewable website restrictions, than people will be looking at those blocked sites in a week's time. Of course, this is only concerning permissions on a Windows PC, but nevertheless, it it the most common type of permission and level of access restriction that you will see in your immediate vicinity today.

A glowing example of the importance (At least to the school and the IT Department) is the ability to implement different levels of access is what happened to the new school computers that were bought last year. At first, people used them fairly well, without any screwing around of messing with the computers, except for the people who started opening the computers and taking the RAM sticks. Since this is not the topic of this essay, I will not go into detail here.

Once the computers were padlocked, these actions stopped, but people because restless. Then, the day of the Internet restrictions came – St. Bernard was installed on the school servers and the viewing of,, and porn sites were blocked. There was much grumbling and discontent among the populace, and soon after, the local tech gurus came and hacked the system for the innocent victims of this injustice. Tor, an anonymous proxy program, was installed on the computers facing the wall so that the students may bypass the blocking software.

This happened because of the ability of the students to use a certain level of access. Programs could not be installed in system folders (Program Files and WINDOWS) while logged into a student account, but they could be installed elsewhere, and that is what happened. The ability of the school to restrict access to files was limited - if installing was disabled in all the folders, people would not be able to save word documents anywhere outside an external USB drive (or iPod, etc) and they would not be able to download their files that they sent to themselves. In addition to being an incredible nuisance, this would almost nullify the purpose of the school computers, which were to help the students do essay work. Therefore, it was impossible to restrict access to that fine a level; or so everyone thought.

It was another defeat for the students when the IT Department implemented program-specific restriction – that is, restricting the level of access students have when installing a certain program; in this case, Tor. The school had a well-developed ability to implement different levels of access appropriately, and the innocent victims of website blocking were foiled in their attempts to regain justice.

However, blocking access to certain levels of a computer is not always a matter of depriving students of YouTube video viewing abilities. Firewalls work by implementing different levels of access inside and outside a computer to different applications. If there was a security flaw in a program, and that program had unblocked access to receive connections, a devious hacker could plant malware in your computer though that program without you even knowing! If you did not have a anti-virus program, and a virus you inadvertently downloaded had access to your whole computer, it could do some serious damage – like deleting your hard drive.

Luckily, Windows has some built-in protection that gives a program a certain level of access and does not let it delete your hard drive, at least not before asking you first. However, Windows is infamous for security holes that viruses can crawl through in order to infect the computer and shut it down every two minutes (This was the ms.blaster virus - the writer has first-hand experiences of its effects). Internet explorer, too, is famous for its holes that impair its ability to implement different levels of access to web applets on your discretion.

Lastly, restricting access is not always good. Some programs need access to system files in order to start and run properly, especially the first time when they set system variables, add registry entries and such. On the writer's computer, the writer had a problem of certain programs starting up and immediately turning off without an error message. However, it turned out that these programs needed access to deeper areas of the computer and the operating system the writer was using gave all programs a low level of access. By allowing the program greater access the first time the program was started, problems could be averted.

Apparently, there was no error message because the operating system owned (read: stopped) the processes of the programs that needed deeper access because they were scratching at the door to the restricted area and were immediately assumed to be malicious viruses.

The writer is not quite as complete in his knowledge of Macs and their functions to implement different levels of access, but Mac users insist that the security of Macs are far superior to Windows PCs. Therefore, we can conclude that if you understand the importance of implementing different levels of access in Windows, then security in a Mac should not be a problem.


Post a Comment

<< Home