Update (2/4/2008): Since the time this article was written Microsoft has upgraded and renamed this product. The Microsoft Shared Computer Toolkit or Windows XP Lockdown Toolkit is now referred to as Windows SteadyState. This software was recently discussed on episode #129 of the Security Now! podcast. More information including a good description of the software as well as screen shots can be found on their website.

If you’re responsible for maintaining Windows XP computers in a shared environment such as a computer lab you’re probably aware of all the challenges associated with keeping the computer running and malware free. You may even be aware of commecial tools such as Deep Freeze which allows you to lock down systems and prevent users from making changes as well as reverting any changes when the system is restarted. What you’re probably not aware of, because it isn’t glamorous or well publicized, is the Microsoft Shared Computer Toolkit.

This toolkit is designed to help people just like yourself who need to maintain systems for public use. A few of the things you can do is clear user settings at every login, restrict users from making any system changes (even more so than the restricted/limited account type) and revert the Windows partition to its original state at every reboot. You don’t need to be running an Active Directory network for this to work, but if you are the toolkit includes group policy templates so you can control how restrictive the environment is on a per-user basis. If you’re looking for something to help you keep public computers under control and don’t have the budget for a commercial product you might want to give the Microsoft Shared Computer Toolkit a shot. The toolkit requires Windows XP Service Pack 2.

While it’s not as polished as Nero it’s quite a bit smaller. CDBurnerXP Pro is a free Win32 CD and DVD burning solution. Unfortunatly it’s not open source but when you’re just looking for some simple software to burn discs in Windows this could be the ticket. Of course on Linux I strongly recommend K3b which is undoubtedly the best GUI for CD and DVD creation in Linux.

An idea that has been hiding out in one of my mind’s recesses is using Linux as a platform for imaging hard drives. The DOS based drive image programs (Ghost, DriveImage, etc.) seem to run into lots of problems supporting newer hardware and ideas such as booting from CD or USB drive , supporting multiple NICs, storing and recalling images over a network, etc. While more modern solutions such as Acronis True Image are WinPE based they have not seen the same widespread adoption and remain proprietary solutions that lock up your image data in some non-standard format.

I would like to see the expertise from creating “live” linux CDs (and USB drives) such as those from Knoppix and Ubuntu used to make a specialty distribution for use in PC hard drive imaging. The ideal solution would have varying levels of compression, a decent user interface, just work out of the box for most users and support storing to and recalling from any SMB/CIFS fileshare. Users should not need any prior experience with linux for basic usage but the distribution should support advanced topics such as multicasting and PXE booting to aid in large deployments. Of course you could give this away and still have an entire business model surrounding support and training on the product for business users.

In my search for a product such as this the closest thing I could locate was the G4L “Ghost for Linux” project. This porject proves there is interest in a program like this but it is really quite unpolished, especially in the UI end and support for anything out of the ordinary like booting from USB. There is no reason that single purpose linux distributions need to be ugly. As Knoppix and Ubuntu have prooven you can get a linux GUI onto a CD with plenty of room left for software.

If you are looking for a simple and free tool to create PDF files I suggest taking a look at PDFCreator. This sourceforge project is a simple open-source program that installs a PDF “printer” into your Windows system. This allows you to create PDF files from just about any program that can print. While the porgram does not support all the bells and whistles that the Adobe Acrobat Writer does, it is suitible for 98% of the PDF creation that goes on. For a cheap and easy way to distribute your documents in the PDF format check this out.

A recent comment on Slashdot pointed me towards a free data encryption utility. TrueCrypt is an open source Windows and Linux data encryption utility. With this utility you can create an encrypted virtual drive or encrypt an entire drive transparently. With support for a number of popular encryption methods and source code transparency TrueCrypt is probably a good bet for people who really need to keep some data private.

Chipmunk BASIC is a freeware BASIC interpreter especially suited for the Macintosh OS. One benefit of this particular interpreter is that it includes graphics support on Macintosh computers and availible versions can run on systems as old as Macintosh System 6.0.7. Ports are availible for Linux and Windows but these are strictly command line driven and do not support graphics. One drawback that I see is the program is freeware but not open source. There is a real lack of native open source applications for vintage Macintosh systems and it would be nice to see the source for this interpreter be made availible.

In Episode 30 of SecurityNow! Steve Gibson spoke about possibly writing his own VoIP encryption tool:

I’ve been considering maybe doing a little VoIP encryption tool myself, just because it would be nice to be able to have a conversation. I mean, not that I have anything to hide, but it’s just – it’s creepy thinking that you might be listened in on, and you’d like to know that that’s not happening.

This got me wondering about what kinds of encryption tools are out there for standard VoIP protocols. The two things I immediately turned up were Zfone, a tool by Phil Zimmermann (of PGP fame) for encrypting SIP conversations and RFC3711.

One issue with Zfone is that it currently only supports Mac OS X and Linux systems, but a Windows XP release is scheduled for mid-April. Phil has also published an RFC on the ZRTP SIP encryption he used for Zfone.

RFC3711 deals with securing VoIP voice traffic (RTP) though a new protocol named SRTP.

Look for more activity and controversy surrouding the encryption of VoIP traffic. I would hope to see a single standard for encrypting this traffic be hammered out and then included in hardphones as well. The lack of encryption at the hardphone is going to be a hurdle that muct be cleared before widespread adoption will take place.

Apple Computer has a great web site with links to old drivers, software updates and even operating systems. Stretching back to the Apple II days and up to just before OS 8 this is quite the treasure trove for a vintage Macintosh collector such as myself. Heck, they even have updates for the ill-fated Newton PDA operating system should you be so lucky as to have one of those.

LinCity looks like a great Linux clone of the traditional Maxis game, SimCity. Now in an updated form LinCity-NG now has an isometric 3D view similar to that found in SimCity 2000, arguably the best version of the classic game.