Forgot your password?
typodupeerror
Education Operating Systems Software Windows

Experience with 'Secure' Exam Testing Software? 49

Posted by Cliff
from the transforming-teacher's-pet-into-pet-peeve dept.
Durindana writes "My law school has decided using the Exam4 software from Extegrity, thinking it would be a good idea. I disagree; the software can only be used by students on their own laptops, and (of course) Exam4 is mono-platform. Anyone have experience using this software (e.g. security level, reliability) or, hopefully, successfully opposing its use? It strikes me as a hell of a disadvantage to students who'd like an alternative to hand-writing but - for some strange reason - don't own a Windows laptop."
This discussion has been archived. No new comments can be posted.

Experience with 'Secure' Exam Testing Software?

Comments Filter:
  • by psilosopher256 (705026) on Monday November 17, 2003 @07:00PM (#7497256)
    To re-phrase this question: "What are the security vulnerabilities of my exam software, and how can I exploit them to do well on my test?"
    • now remember, when you cheat, only cheat so that MOST of the answers are right, if you get 100% on all your tests, you will look suspicious!
    • If you are running the software on your own laptop, then you don't need to care about 'vulnerabilities'. It's your laptop so you can run what you like on it anyway! For example, run the exam software in a VMware virtual machine or under a debugger. If you demonstrate this point to the exam organizers I'm sure they will rethink their plan.

      To do online exams you need to control the PCs being used, as done with Lexis [ic.ac.uk].
  • by Kethinov (636034) on Monday November 17, 2003 @07:03PM (#7497282) Homepage Journal
    Unless I'm missing something, this is hillarious. The way I read it, his law school is forcing everyone to get a Windows laptop to be able to run some exam software. The implications of this are fun to think about. For one, by forcing everyone on a single platform, the law school seems to be going against the Microsoft antitrust rulling. Secondly, doesn't using "exam software" on people's personal computers seem a little insecure? How long until someone brute forces all the multiple choice questions?
  • by ewhenn (647989) on Monday November 17, 2003 @07:13PM (#7497400)
    How long until the masses discover "net send"??

    • Re:Exam software?? (Score:2, Insightful)

      by Sk0Rn (670339)
      lol, That's how we get 100 on every test in my IT class. The best part: We learned about net send from the class.
      • The worst part is how trivially easy it usually is to get to a command prompt under Win2K. I am no-longer at school but I did work at an establishment with a stupidly locked down network for some time and coming up with all sorts of tricks such as adding "cmd.exe" as a favourite using the Word "Save As..." dialog box then calling it up in Internet Explorer and watching it run...
  • dis/advantage (Score:2, Interesting)

    by forevermore (582201)
    My wife is applying to law school this year, and we've run into the same questions. Do we get her a powerbook now, and hope that her preferred school (U. Washington) continues to not use the software, or do we wait until school is about to start before we decide? Granted, we're now waiting because she got a new desktop machine and I can't afford to get her a laptop, but the question is still out there.

    On the "disadvantage" side of things, exam4 looks particularly bad. Other pages allow students access

    • I'm in law school now, and one thing you can count on is that everyone else is running Windows, and 99% of them are taking notes in Word (I've run into a few people who use WordPerfect).

      In fact, law school is yet another place that being a Linux geek does not help you. When someone wants to borrow notes, you can bet that they're not gonna want yours, as yours aren't in Word format. This isn't so bad, except that of course, when it comes time for you to grab notes from someone else, your options may be l

      • Blockquoth the parent:

        Beyond law school, any firm that your wife works for is going to run Windows, she's gonna have to do Word documents, there's no way around it. Short of working for yourself, the law world works with Windows and Word. Even when working for yourself, you can believe that any software you want to use for billing, forms, etc. will be Windows-based.

        Just to pick nits, I worked IT at a law firm in southern Connecticut for three years, and during that time they used Macs on the desktop, and

      • When someone wants to borrow notes, you can bet that they're not gonna want yours, as yours aren't in Word format.

        Uh, you're taking notes with such heavy formating that you can't export to plain text (or at least RTF)? Damn, you must type and mouse fast to be able to do that. (I can't type fast enough to make taking notes on a keyboard any where near practical, much less take notes with heavy formatting.)

    • I would think that paying $1500 for a new windows notebook in order to be able to graduate from Law school would be the smallest of your expenses.

      It may even be less than the cost of your books for the first year.
    • I'd go for the Powerbook. If someone mandates a Windows laptop, you can get that too, but I doubt that'll happen.
  • by joelparker (586428) <joel@school.net> on Monday November 17, 2003 @07:56PM (#7497777) Homepage
    From the website, emphasis mine:
    • "UltraSecure Mode" requires a special "Start Code"
      for invoking "UltraSecure Mode" and a "Secret Number"
      for unlocking the encrypted exam answers; and our nifty
      "ExamOpener" utility software that "semi-automatically"
      retrieves exams from the floppy disks...

    And cheaters get "Double Secret Probabtion"
    then a nifty fine of "One Trillion Dollars"
    and jail time in an "UltraSecure" cell
    guarded by "Sharks With Laser Beams"

  • Just like in UltraSecure Mode, access to all other material on the computer is blocked.

    Run the exam software in Virtual PC. Anyone? This is like print-screen crack for MS Reader...
  • My experiences (Score:3, Interesting)

    by David Price (1200) * on Monday November 17, 2003 @08:52PM (#7498261)
    I've also encountered Extegrity's product, which is required at my law school. It does have at least rudimentary protection against the most obvious workarounds - when I tried to run it within VMWare, it "failed security check" and refused to operate. I'm not sure how exactly it checks to see if it's running in a virtualized environment - one project I have on my back-burner is to see how well it deals with bochs [sourceforge.net].

    I'm also the proud owner of a PowerBook. My solution was to trade some other computer gear for a big old PC laptop with a mostly-dead battery that meets the system requirements. I plan to use that laptop only for taking exams. Aside from exams, my school is fairly platform-agnostic: papers are turned in on paper, and the only electronic interaction with professors is via email. The one kink that I have run into is profs and fellow students who insist on sharing their academic insight via Word .doc files. OpenOffice hasn't failed me yet, though, and of course Word for the Mac exists and is frequently available at a steep discount to students.
  • by Muggins the Mad (27719) on Monday November 17, 2003 @10:58PM (#7499010)
    As someone who also develops examination software, and who is doing academic research into computer security, I have to say that this is a ridiculous idea. Aside from requiring people to have specific hardware and purchase specific (pricey, but I guess they're law students...) software, the security issues here are horrendous.

    The *only* ways to do this kind of thing is either have the software running on trusted hardware like a previously set up computer lab, or run the software on a trusted server and give the *untrusted* clients only a thin-client (citrix/ts/vnc/web browser). AND you have to have someone supervising them to make sure they've smuggled no notes in and aren't cut'n'pasting from another app.

    Surely a law school, of all places, would have someone who knows a bit about information security on staff?

    This software looks like exactly the kind of product developed by someone with no security training outside Microsofts VB tutorials.

    Exactly the kind of software not to use for anything important - and Exams at Law School are important - there is a huge amount of money and future careers involved.

    - Muggins the Mad
  • No matter how great the software is, it will still be running on a platform which can have problems (no matter what OS). I'm surprised that nobody is manufacturing small wireless devices solely for taking such tests. Make them cheap enough that the school could afford to buy them for everyone and hand them out before each exam. Student logs in, registers answers. Wouldn't be difficult to transmit results as you go, so in the event of a hardware or network failure, no information would be lost. Grab another
    • Just hope they have some decent authentication/encryption mechanism for the wireless transmission (yeah, I know you already mentioned encryption), or else someone sitting outside with a laptop and airsnort/kismet/ethereal/whatever will get all the answers. This is especially bad if said person will be taking the same exam in the next day or so.
  • by Feztaa (633745) on Tuesday November 18, 2003 @12:17AM (#7499492) Homepage
    I'm surprised that nobody else has brought this up, but hear me out...

    If "interior" is the opposite of "exterior", then what is the opposite of "extegrity"? :)
    • I wish I had mod points...its funny or insightful or at least interesting...MOD UP
    • I figured that one too, when I saw the name. It might not mean "the opposite of integrity" but it sure does draw a nice distinction.

      If integrity is right behavior due to moral values within, extegrity is right behavior due to a system of rules imposed from without. Sounds about like what the product they're hawking is for.
      • If integrity is right behavior due to moral values within, extegrity is right behavior due to a system of rules imposed from without. Sounds about like what the product they're hawking is for.

        That's an interesting take. I guess that means that if you have strict principles that guide your behavior, you have a lot of integrity; but if you are simply a law-abiding person with few principles, you have a lot of extegrity... :)
      • It might not mean "the opposite of integrity"

        Maybe it's "ex" as in "no longer". Eg., They used to have integrity, but they no longer do.

  • When I was going to school, the Sys Admin had a special enviornment setup on the Solaris server, that had very minimal tools. We would use a thin client to get access (new accounts too) to the resources to do the exam. The exams were 4 hours and we did not have any previous time with the enviornment. Worked good, if you spent any time trying to find ways around the system, you just ate into the exam time.
  • by Tom7 (102298)
    Don't law schools often require or subsidise the purchase of a specific supported laptop, for precisely this kind of reason? If the students don't have windows laptops, or laptops at all, how can they be expected to take tests at all?
  • Since their entire website is written by a marketriod (UltraSecure mode), to be read by paraniod school administrators, you can bet this software is all hype, no substance. It will be cracked 10 minutes after a school announces it will be used. They may have some success running it securily in a supervised computer lab, but if students are expected to install it on their home computers or in an open lab, good luck.
  • Running software on untrusted hardware can never really be secure. If the school wants to do this sort of thing, they need to provide the machines.

    They could either buy a set of laptops specifically for exams, or they could buy some low-end machine whose primary function is word processing. Examples are the Dana AlphaSmart and the LaserPC. A simple cold boot will bring them back into a known configuration. Buying a few dozen of those may even be cheaper than a site license for the "Extegrity" software.

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson

Working...