Here at work we have some areas where the computers are locked down fairly tight. What I need to do is allow the user access to our intranet. The PC runs an app that needs access to the internet, and it doesn't play well with Proxy or ISA server, so I can't restrict internet access via those methods.

So, my thought was to build a restricted browser that won't allow you to type in your own URL, and will not let you open a new browser window (Control-N or Shift-Click). Printing is still operational with Control-P.

For testing if you run the app it will start up with IR's web site by default (www.indigorose.com), or you can pass it a command-line parameter such as

mie.exe http://www.google.com

and it will start at Google.

If anyone has some time to try and break this, please do.

Hello Worm,

looks like it doesn't work on my PC.
Only the standard abort site will be displayed .

Installed Software:
Win 2000 SP4.
IE 6
Norton Internet Security 2004


Stefan

Pretty neat, however if there's a command line option, how secure is it really?

BTW, I was able to "get a new window" in a round about way --- :D

I knew I could count on someone here to break it :)

Stefan,
is your firewall stopping it from connecting to the internet?

Ron,
The desktops themselves are locked down by Fortres (http://www.fortres.com) so once the desktop icon is set up, Fortres would make it so you couldn't edit it. We put the shortcuts to the programs we allow on the desktop, and only those apps are able to be run.

And, if you wouldn't mind, would you share how you got a new window?

Oh OK,

I did conclude that you inhibited even the target="_blank" links, nice! But, I just navigated to the IR forum, went to compose a thread and typed my email address in >> preview >> hit link >> opened my email client (you may have this restricted as well). Typed me a web address >> preview again and launched a new window. It also worked on any email address on the websites.

If you didn't think about that, there ya' go. I still like the app!! Small and tight!

so the new window was actually launched from the email client rather than the Test Browser, right?

so the new window was actually launched from the email client rather than the Test Browser, right?
Well, understand that my email client is OE by default. I went ahead and made it my Hotmail address and it actually launched a new IE browser window wanting to go to hotmail. So, to answer your question - it did launch from the Test Browser.

Okay, I get it. OE is actually launching the new browser, but I still need to stop it.

Thanks.

Well, understand that my email client is OE by default. I went ahead and made it my Hotmail address and it actually launched a new IE browser window wanting to go to hotmail. So, to answer your question - it did launch from the Test Browser.

Here it works.
By dubleclicking it will open www.indigorose with command line it takes you anywhere, just insert a link.
Shift click doesn't work

Ok my Firewall blocked the communication.
After deactivation it works.

Stefan

This one should stop the mailto: and ftp:

I need to figure out how to stop downloading via http too. It would be fairly easy for someone to download something to the desktop and run it.

Anyone had any luck breaking the new version.

Worm,

Can a user create a new shortcut on these computers? Or is that locked down too? Just wondering because you could drag any Web shortcut onto the window to change URL's

Anyone had any luck breaking the new version.
I played with it for a while, good job!! Couldn't fool it this time.

KP,
Fortres locks the PC down pretty tight. The way we have it configured, they can't edit a shortcut, or create one. Basically the only thing they can do is run the icons we have set on their desktop. As I think about, I could have had Fortres deny access to iexplorer.exe and not had to worry about the whole new window thing. I guess I spent a lot of time learning about something I didn't need too.

Ron,
Thanks for taking the time, and for finding a flaw. :)


Worm,

Can a user create a new shortcut on these computers? Or is that locked down too? Just wondering because you could drag any Web shortcut onto the window to change URL's

I just gave it a try the new version. I could browse without problems. I could even download some trial software at indigorose. Further i tried through command prompt, without problem i could browse again. At a specific site there was a search engine. I searched for a specific word and it turned back the results. Nevertheless i could not open the links. Shift + click doesn't work

I was.n't able to break the second version

Good to know, thanks for trying.

I was.n't able to break the second version

I was quickly able to take advantage of my systems installed printer software to spawn a new default browser window via a "order online" link.

Remember that printer software, drivers will vary. A link like such may not exist on your "secure" system.

Also, running the system with the ability to insert pretty much any type of media opens you up to a whole set of new obsticles to a secure system. (search for Da mnSmallLinux for one example) (da mn <--- had to spell it that way in the forum here, due to the auto-modding of the real name)

Here's the kicker, a cd (business card at that) can contain an OS that is self-contained and even hides the surfing habits because the virtual space is used and not the OS's resources with concerns to storage.

Ack!

But, this little app. is pretty neat. But then I am not suprised... HEY IT'S WORM!

:yes