Very true, and I'm sure that I am not going to be able to keep people from getting around it, I just want to make it really really hard. Obviously, if the person is smart enough to boot to a different OS, setup their internet connection on that OS, and browse, then they are not going to be using this product in the first place!
I want this software to help people who want help, to keep them honest, and unaware that their system is monitoring activity. Most of the other services out there are very "in-your-face" or they only monitor one type of traffic. The BIOS requirement was to keep the users using the system. If they take the machine in to BestBuy to get it serviced, and the tech wipes or replaces the hard drive, the poor guy doesn't remember to reload the monitoring software. I'm open to other suggestions, I just want to make it next to impossible to delete (without the admin password, of course), and invisble to operate. Thanks for the comments! -- Matt -----Original Message----- From: Paul J. Morris [mailto:[EMAIL PROTECTED] Sent: Thursday, March 03, 2005 8:46 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Bios programming... Matt, Don't know much about working that close to the bios, but a couple of potential means of circumvention immediately come to mind: 1) booting from cd, in particular booting with a different operating system from the one you wrote the monitoring code for, as in booting from a knoppix distribution. 2) browsing the web through a secure anonymous proxy (such as guardster) -Paul On Thu, 3 Mar 2005 13:44:39 -0500 "Matt Marooney" <[EMAIL PROTECTED]> wrote: > I am trying to write a program to help people who are addicted to > internet pornography. This application would be tied into an online > service where someone could sign up for monitoring, and download a > thin client app. The application would run in the background of the > person's computer, and upload the person's internet activity to the > website. The service would then email this activity report to > designated recipients. I have most of the knowledge to create this > service, but I need to know how to do a couple things: > > 1. I would like the program to be "un-installable". I've heard of a > couple of hardware security tracking services that can load a very > small setup package in the CMOS and if a computer is stolen, and the > hard drive is replaced, the app reloads itself and the next time the > computer is on the internet, it sends out a beacon. Does anyone have > any insight about how to do something like this? I want the CMOS > program to run on boot, and check to see if the monitoring software is > still installed. If it is not, the boot process reloads it. > > 2. obviously, the program does not need to be very large, so I want it > to run in the background and not be visible to the computer's user. > This is easy, I know, but I want the process to be completely > invisible.(even to super-geeks) > > 3. I would like to figure out a way to monitor traffic for multiple > protocols (HTTP, FTP, File Sharing, Chat, etc.) . I'm wondering if > there is a way to figure out "bad" requests on a packet level. > > I really appreciate any help with these questions! Thank you all, > > -- Matt > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
