stopping a screen saver with a PIC

[dr_when]

Our network at work has forced-on screen-savers with passwords on all the network PC's with a non- activity time of 15 minutes. That means every time you leave your PC to do something, you have to log back into Windoze (2000). We must use complex passwords so this is tedious and bothersome.<p>I was going to program a PIC and make a small adapter to go between the keyboard and the PC (powered by the 5 volt keyboard port) and have the PIC send out PC keycodes every 10 minutes or so. I would send a hopefully innocuous keycode like the keycode for F11/F12 or such. This would be just enough activity to keep the screen saver from running. I have done similar in the past with a phantom keyboard controller (for powering up PC's without a keyboard back in the days before you could make a change to your bios settings).<p>Anyway, to make a short story long... is there a better approach on the PC side? I know, I know...about the security issues. Any Ideas?????<p>Bob

[rshayes]

The most innocuous codes that I know of (at least in ASCII) are "null" (00000000) and "rubout" (11111111). These can be sent as single pulses to a serial port. With any luck, this may also be possible with the keyboard interface.

[jwax]

Here ya go- a cell phone (or pager) vibrator motor and a 555 timer tucked inside your mouse. Every 14 minutes or so, the shaking simulates a mouse move. Or, build it into a mouse pad.
(My royalty fee is 4%)

[Chris Smith]

As you know “activity” is defined by the mouse movements, and keyboard strokes. [Asuming yours is too?]<p>A simple vibrator motor [and rubber band] out of a pager can keep the mouse busy! <p>I know general vibrations any where near my mouse, brings my computer back alive. <p>It could also be used to depress a single key, over and over with a cam.

[hp]

A simple java program using the java.awt.Robot class can move the mouse pointer. Windows will still interpret the move as a legal mouse move and will not allow a screen saver to kick in. A simple mouse move of 1 pixel should be sufficent.<p>The same approach was used on a server at school that would keep going to odd screen saver states overnight.<p>Harrison<p>[ March 29, 2005: Message edited by: hp ]</p>

[dyarker]

Hey jwax, le'me know when ya get the 4%. Then I'll claim the reward for turning him in to his network security as a violator.<p>Or, it might be more fun to watch what happens when someone gets LAN access from his unlocked PC.<p>dr_when, where do you work? I want to make sure your company does not have any personal info on me before you try any of the "tricks" given.

[haklesup]

I think Homer simpson did it by using one of those glass birds filled with liquid that dips its head every minute or so.<p>My first impression was that you were too lazy to type a password but than I realized that designing and building a PIC project was orders of magnitude more involved.<p>Be careful, you know how those IT guys can be. Watch out for IT rage <p>A little anicdote: Last year one of my customers told me that he left his desk with the screen saver disabled and someone came in and used his console for a little unauthorized web surfing (as an intentional joke) Long story short; His boss ripped him a new A hole. Another customer left his laptop on his desk overnight in a locked office area. IT-cops came and took all unsecured laptops in every area that night. Took him half a day to get it back and got lectured by IT security.<p>I don't know where you work but be careful with this project.

[jollyrgr]

Based on the "dr_when" screen name I'm assuming you are either a Dr. Who fan or are in the health care industry or something related to it. I work in the IT department of a health care company. There is a federal regulation called HIPAA that makes these types of passwords and the locking of the screen a REQUIREMENT! The strong passwords and frequent changing of password are also something that is required. Technically the regulations for locking of the screen goes into effect April 15 2005. We have been holding off on pushing this to our computers as long as possible but will be deployed next week. We finalized some of the policies a few weeks ago to be sure these were covered in the Confidentiality Agreements all employees would be signing for this year. More on this later.<p>RANT MODE ENGAGED. SOAP BOX STACKED HIGH
The following comments are based on a very small minority of people I deal with. Most recognize why things are done the way they are and accept the rules on passwords. It is the very few "bad apples" that believe their feces is not odiferous that get to me.<p>Yes, I am one of those IT guys that, as hacklesup calls it, has IT RAGE. But then I'm the guy they call at 2:00AM when the computer stops working due to some idiot downloading KAZAA or other spyware laden junk to their computer. Having a power glich or failed hardware is one thing. Even a program that crashes on its own is a pain but understandable. But having to correct a problem that should never have happened in the first place is inexcuseable. <p>We deal with doctors that MUST have their computer at a moments notice. Thankfully we have a better than 99.9% up time on our systems (not counting routine maintenance and planned upgrades). Any junk screen savers, added toolbars, popup blockers (many which disable some of our in house applications), is always blamed on "some nurse" using their computer while they were away from it. Again this is few and far between but does keep us busy. <p>Used to management sided with the doctors. But not any more. (The legal department recognizes the regulations the way IT sees them.) Allowing someone to use your computer and do something wrong is just as bad as if you do it. Giving out your password or signing on and letting everybody use the same account is just as bad. <p>I had to put it into perspective for one doctor griping about having to use a password. I asked him if he signed his perscription pad without filling in the top part first. No, he would not do that. I then asked if he thought it was a good idea to be signed into a computer with his user name and password and allow someone else on the floor to look up patient data. Then it made sense.<p>I cannot understand how so many people find passwords to be "tedious and bothersome". Do you leave your front door unlocked so that you can get in the house easier? How about leaving the key in your car igition and the door unlocked? Is the pin to your credit and ATM cards written on the card? I don't think so. But yet computer security is considered tedious and bothersome. <p>Eariler I mentioned Confidentiality Agreements. A couple weeks ago our department finalized the policy concerning the implementation of the locking screen saver. We know that we will receive grief over this screen saver deployment. We also know that there will always be someone that will be "clever" and will try to get around this security measure. Part of our policy specifically addressed using methods to prevent the activation of the locking screen saver. We included both software and physical means as a form of violation. Punishments can include verbal and or written repremand, suspension, and even termination. Thus where I work using software or a vibrating device to move the mouse would be a violation. If I were to find this you can bet I'd report it.<p>Considering that I as an IT person can be fined or jailed for giving someone access to patient data that should not have it, I'm going to take every step I can to prevent this. Even without the regulation I was super cautious about protecting information (patient related or not) stored on computers. But then I also report malfuctioning locks on doors to engineering or when a contractor props open a door (because it is easier than using their badge in the card swipe) to security. <p>Again, most people understand the security reason behind having a strong password and why it must be changed. It is the few that want to get around these methods that cause the most problems. I have a dozen or more alpha numeric passwords I use on a routine basis. My own password is thirteen alpha-numeric characters. <p>You would rather design and build something to violate security measures rather than type in a password? This does not make sense. I've been locking my computer since the Windows NT 4.0 days. I even programmed a hotkey combination to lock my computer as I get up from it. But I also do things like pull the fuse to the fuel pump when I park my car at the airport.<p>Sorry everyone. RANT MODE OFF. SOAP BOX NOW KINDLING

[josmith]

Leaving the computer open for 15 minutes and then locking it up is a useless security measure. The real question is why isn't there a better way to limit access without inconvenience.<p>I see that cars are using some kind of proximity devices so that the driver can just get in and press a start button,no key. It would seem that a similar device could be very useful to lock the computer immediately when the user leaves and unlock it transparently when he come back.

[jollyrgr]

Where to begin....<p>Where I work we are exploring the "three level" approach: Something you are (user name), something you know (password), and something you have (see below).<p>Things you have (biometrics, tokens etc.)<p>RFID tags are a very nice item. Some are so small that they can be embedded in a sticker that is taped to the back of an ID badge. This is something we are exploring where I work. The major drawback is the expense of the reader; about $150. The other thing is that these have to be implemented "enterprise" wide.<p>There are also things such as voice ID. This uses a person's voice to prove who they are. The hardware needed is a microphone (very cheap and easy). We still laugh at the disaster we had in testing this. (It does not work very well.) In our trials I worked on this project with another network administrator. We used his laptop as the test subject. My password phrase was something like "hello computer" (Remember Scotty from "The Voyage Home"?). Unless I got this EXACTLY right every time, the computer would display ACCESS DENIED. My coworker could never get back in using his voice after the first or second trial.<p>Finger print or iris scan. In the medical field finger print ID is a problem. Doctors and nurses are constantly washing their hands. This tends to make finger scans very difficult if not impossible. We use finger scans on time clocks and 99% of the biometric problems come from nurses, cleaning staff, and food services. These people are constantly washing their hands. Thus many have difficult to read finger prints. Clerical, Engineering, pharmacy, etc. have very few problems. Thus finger print technology works but in some cases can be a problem. Iris scans work but are very picky. I know how to use them and had difficulty making them work. Sometimes the scan took a second and I was logged in. Other times it took upwards of several 15 second tries before the scanner took my eye scan correctly.<p>What we are doing is using a "token" based security model. This uses very widely established device called a USB flash drive. The drive holds, among other things, a certificate. A user simply walks up, plugs the drive into a holder, and software scans the drive and validates the certificate. The computer automatically unlocks and is ready for use. The USB drives are cheap (as compared to smart tag readers and the sticker). I believe the USB drives and docking slot cost less than $25. No drivers were needed as the drive is automatically recognized by Windows. Most users are familar with them and they fit nicely on the lanyards used for ID badges. As a bonus the user gets a drive for storing their personal files. Should a drive get lost, the certificate is expired and is no longer a problem. (Thus far people using these have taken great care of them and none have become lost or damaged.) Replacing the drive is simple as well; and it is not brand dependent.

We still want to deploy the RFID tags. The ones we are exploring has a reader and RFID sticker. For single computer use these work great. You walk up to the computer and it logs on automatically. But to have someone be able to walk right up to any of the computers on a unit or system wide requires servers to provide this service. Yes, this system does work. But it is not as simple as typing a password or plugging in a "key" to implement.