I’ve always been sort of morbidly fascinated by ExamSoft and SofTest, the combination of software products that, in theory, keep us from cheating during law school exams. There are a whole lot of things wrong with it (buggy, elevates books over computers, etc.), but probably the most irritating to me has always been the assumption that somehow using it meant that there was no cheating. This is silly- like all software not open to public inspection, I always assumed it would be easy to break if I wanted to.1 Turns out I was right- it is pretty darn trivial to break into. Go read the link, and ponder- we’re all under an honor code, and we’re entering into a profession that depends deeply on trusting our word. So why force us to use software that punishes those of us who are honest (by making our experience buggy and frustrating) while not stopping those who are dishonest? If we’ve got a real dishonesty problem in law school (which I agree may be the case) lousy software seems unlikely to fix it…
- To be clear, I have not broken into it and have no plans to. I’m just interested in security and the use of software architecture to replace real morality/honesty. [↩]
Am I missing something, or would it be trivial to simply run this thing in a virtual machine? That way, you have notes/web in your host OS, ExamSoft/Softest + word processor in a guest OS.
I’ve been told (by university IT, so take with a grain of salt) that it checks to see if it is running in a VM and aborts if that is the case. There are ways (at least in theory) to do that check, so it isn’t completely implausible, but who knows if they actually do it or not. I don’t have a working virtual XP image right now for a variety of reasons so I haven’t tested it myself.
IIRC, handling of ctrl+alt+del is a privileged operation in Windows.
The idea being that if you type that combination, the resulting screen is under control of the operating system, rather than some other app pretending to be a password prompt or similar. Is the examsoft software hooked in deeply enough to override that?
From the write up at the site Luis linked to, it appears ExamSoft simply replaces the Windows Shell (Explorer) rather than linking terribly deeply into the OS. This means it runs as a normal user application (at least under XP where I’ve experience in these things) and so it wouldn’t be able to override the ctrl-alt-delete behavior.
At least when running Windows in a domain, ctrl-alt-delete is restricted in the mnner JamesH mentioned.
All of these anti-cheat tools are just barely good enough to stop most people from cheating. If you’re a determined cheater or a hacker, you’ll have no problem with them. Witness the amount of cheaters on online games such as Counter Strike, Quake, Diablo or even WoW, where sophisticated tools such as Punkbuster, Aequitas or Warden are supposed to stop cheaters.
The idea is not to stop cheaters but to appear watchful to a random person wondering how hard cheating would be. Just like police with machine guns at airports.
But I have to say I’m pretty happy with the choice of environment I chose to work in, as the Free Software world works with the trust concept and has so far resisted distrust very well. I experience this again and again when I come in contact with people that are not used to this behavior (case in point: embedded companies).
But I have had a pretty good experience at universities too, so it’s a bit shocking to read that members of law faculties don’t trust each other. But then I only studied Math and Computer Science.
PS: My test for trust is “How well do I feel keeping my laptop unattended in plain sight?”
Not only does it check to see if it’s running under a VM–it checks to see if VM tools are _installed_, even if it’s running from its own boot. Also, the (imperfect) uninstallation of those tools, at least for VMWare a few months ago, isn’t enough to make it happy–I had to spend a panicked evening ripping out drivers and registry references to convince it that I wasn’t trying to run it under a VM.
Daniel: that’s pathetic. I assumed they’d do something actually sophisticated. (I guess using both approaches would probably be ideal.)
Ben: it’s a little odd; I think it is less a matter of trust of the students (many teachers offer take-home exams where you have every opportunity to chat with other students with no oversight) and more a matter of distrust (perhaps misunderstanding?) of the software. Still, you’re right, a lack of trust.
[…] Villa’s post, integrity in software and law school, strike 58104, puts it in more sinister light, pointing to Geek Plight’s How to Cheat and Bypass […]
[…] over computers, etc.), but probably the most irritating to me has always been the assumption […]Full post as published by Luis Villa’s Home Page on June 04, 2008 at 01:34:12. Register to promote […]