How to find out who installed rogue software on public machine?

[sethmachine]

Hi,

I know next to nothing about computer / information security, but here is the situation.

At my university we have a library which has computers that anyone, including non-affiliated people, can use. They have no login credentials. Furthermore, the library does not keep logs or check-ins of people who enter or leave the building. There may be security cameras, but I can't see how these could be useful, since a perpetrator could dress up in a way that recognition would be difficult, and furthermore a non-affilate wouldn't have any information in the university database.

So, suppose someone installs some rogue software on some of these machines to do whatever. How could the university find out who did it? Or would this be impossible without very lucky cameras and reports of suspicious people / activity in the area?

 

[gorillabull]

andreas is that you ?

 

[Dr Super Good]

Usually universities scrub the computers nightly. Basically they re-load the entire OS on them automatically by physically copying them through their network. This removes all programs installed on them and restore them back to some safe defined state (a master image).

 

[Rui]

(...) since a perpetrator could dress up in a way that recognition would be difficult (...)

+rep

My university's got public computers as well. It's annoying that you can't have bookmarks =P

 

[sethmachine]

Usually universities scrub the computers nightly. Basically they re-load the entire OS on them automatically by physically copying them through their network. This removes all programs installed on them and restore them back to some safe defined state (a master image).

This doesn't address whether it would be possible to catch the criminal.

And would asking the school specifically how they handle rogue software send up a red flag, e.g. if one were a student studying information security (i.e. me)?

 

[EdgeOfChaos]

If all the students have profiles they use, you could check at what time the software was installed, then check what students were on the computer at that time, and use security camera footage to confirm.

 

[sethmachine]

If all the students have profiles they use, you could check at what time the software was installed, then check what students were on the computer at that time, and use security camera footage to confirm.

That's the problem. No credentials are required to use the machines. Anyone can use them and put whatever files on them they want.

There are cameras I suspect, however.

 

[Karassu]

Ask them to install some kinda virtual sandboxing program (Like Deep Freeze, Shadow Mode, etc). Students should only be able to save their shits on their flash drives. No flash drive, no project! Yeah it's cruel but yeah.

 

[gorillabull]

its kinda weird that your uni's computers dont have accounts or something like that,if they did then everyone would be kept on record and people who are not in the uni's system would not be able to use the computers maybe theres not enough money or the university does not take its students data security too seriously or just rejects providing security

 

[takakenji]

lmao i think ur just trying to find every loophole to ur plan to do this urself

 

[gorillabull]

oO and we helped him do it

 

[Nuclear]

Hide in the closet and spy on people who use the computers.