Why protector2

Here are some reasons why you should use Protector2. Click any of the reasons to read more:

  1. Different restrictions for each user.

  2. Strong access control

  3. Security “Level Two”

  4. Access rights for files and folders.

  5. Restricted running of programs.

  6. Hard to break but not dangerous.

 

Different restrictions for each user

In many security programs you can only define certain restriction for whole computer. Then you have either maximally restricted access to computer for everyone or unlimited access for those who know password for the security program. Protector2 uses user accounts to define individual restrictions for each user, so that you can decide which users can for example change their desktop, browse network neighborhood and so on.

Strong access control

You probably do not wish that everybody could use your computer. There are many utilities which you can use to password protect access to Windows. Protectoror2 has this functionality too; because it requires all users to log-on, i.e. enter their name and password. And they cannot bypass this! It may seem obvious, but if you take a good look, you will find security tools that simply start up with the system and pop up a password box. But what if I press Ctrl-Alt-Del before they load and shut them down?

Security “Level Two”

Protector2 does not rely on the fact that most users have no idea what system Registry is. Windows allow defining system policy for users and computer. This policy includes many restrictions like hiding certain commands in Start menu, Disabling access to Control panels and more. These restrictions are defined by writing certain values to system registry. For example to hide the Run command in Start menu, you can set item “NoRun” in system registry to value 1 and to get the command back, just set it to 0. This Windows feature is not commonly known and neither are standard tools for using it. And that’s probably the reason, why you can find many “security” utilities, whose only functionality is providing nice interface for setting these registry items. Unfortunately on Windows 9x/ME critical registry items that define these restrictions are not protected. This means that anyone can set the value of “NoRun” to 0 and enjoy Run command again. The only protection is, that many people don’t even know that something like system registry exists, and for most of those who know it is something mysterious. But in fact, it is not. Standard installation of Windows include cool utility called Registry editor (regedit.exe) and with Regedit working with Windows registry is as easy as working with folders and files on your disk with Windows Explorer. Your computer can be secured like this, if the only possible hackers are kids or people who hardly know how to save their document in text editor, but for “hacker apprentice” such a computer is no match. Either with Regedit or even with specialized tool downloaded from the Internet he can soon do whatever he wants. Protector2 not only provides comfortable interface for setting up the security policy but it also protects critical registry items from being changed by unauthorized users. This makes the computer much more secure and moves the level of knowledge required to “break the lock” at least one step higher. If you ask for even higher security you will need to upgrade to some system with build-in security features such as Windows 2000 or XP.

Access rights for files and folders

This is what many administrators miss the most on Windows 9x/Me systems. You cannot define which files user can modify, which he can only read or cannot access at all. Protector2 makes it possible to define access rights for each user for any file and folder on the computer. These rights range from none to full access with these steps: No access, Read only, Read and Write, Create + RW (but not delete) and All access (Delete+Create+RW).

Restricted running of programs

Protector2 includes the option to permit user to run only those programs defined by administrator in a list. This is not achieved through standard policy options of Windows, but by mechanism implemented by Protector2. Why is that? Windows system policy has an option “Restrict Run”. If this option is set, only allowed programs listed in system registry can be run. But there are two problems: 1) Registry settings are not protected (as described above). Anyone can add program to the allowed list or simply delete the “Restrict run” option. 2) Allowed programs are defined only by name. Let’s say you want to run program HACK.EXE on a computer where system policy prohibits that. But there are programs that you can run, for example Internet browser or Notepad. What about renaming hack.exe to notepad.exe? Yes! It works! You can now run your program. Isn’t it time to look for another security solution?

Hard to break but not dangerous

Maybe you have heard about it or it even happened to you: you installed a new security program and it completely locked up your system. You tried everything but could not unlock it. As a last chance you decided to boot from a floppy and delete the program, but the security program was there to and prevented it! The problem with all security programs is that they cannot protect your data if they do not run. And there is always a way to get to your data without starting your secured system for example boot the computer from a floppy disk. There are basically two ways security programs approach this problem: A) complex security program that will try to run every time the computer is started, even before it tries to access floppy disk. Do not mistake start of your computer and start of Windows. There are many things that happen before Windows even begin with their startup. This kind of protection requires modifying precious and important structure of your hard disk – Master boot record. If something goes wrong, you will most likely lost all your data. This does not mean that you should not use such a program. Just make sure you choose a good one. B) The second approach is to take care of your part and leave other options on the user. Protector2 works only in Windows mode. It provides options to disable Safe mode or MS-Dos mode (on Windows 95/98) but it is up to the user to prevent boot from a floppy disk. This can be simply done in computer Setup program (BIOS). There is option “Boot order” that defines order in what computer searches for device to load operation system from. By default it fist searches for a floppy disk and then hard disk (so the order is A:\,C:\), but you can change it to C:\,A:\ - and the computer will not boot from a floppy unless your hard disk is out of order. Of course it is also necessary to protect access to system BIOS by a password. Note that this does not mean that you would have to enter password each time the computer is turned on. The password is only required to access computer Setup (BIOS).