Better After Dark Security is a package that enhances the security of the password system provided by the After Dark screen saver by Berkeley Systems.
System Requirements:
You need After Dark 3.0d installed and working. Better After Dark Security requires System 7.0 or better. In the After Dark control panel, click the Setup button, then the Password icon. Set your password, and check both boxes so that a password is required both on startup and on wakeup.
Installation:
Run the “After Dark 3.0 patch”. This patches After Dark so that holding down the mouse button while loading will not prevent After Dark from loading. Next, put the “Better After Dark Security” extension into your System folder. This will keep people from force-quitting the “Visual Client”. Finally, to keep people from shift-booting your system to turn After Dark off, use a resource editor to remove the ‘dbex’ resource from your system file. If you don’t know how, then ask your local Mac guru for help.
What are the security problems of After Dark?
There are three problems that this package prevents. First, the animated displays are run by a program called “Visual Client”. This program asks for a password whenever one is required. This program, however, can be force-quit, bypassing the need for a password. Second, if the mouse button is held down during extension loading time, the After Dark system will not load, and all of its password measures will not be active. Finally, shift booting will circumvent all loading of extensions and control panels, including After Dark.
Installation of the package fully as described above will fix these problems.
What security problems will Better After Dark Security not fix?
If an intruder happens upon your computer before the screen saver kicks in, or if they boot your computer off another medium, all he or she has to do is trash your After Dark preferences file, and the password is gone. This cannot be prevented. Better After Dark Security is not intended to be a replacement for a real security package if you need one.
Then again, a thief might just walk off with your Mac. No software package can help you in that situation; if this is a serious concern, you need to install some security cables or plates.
Limitations:
The protection afforded by After Dark’s password system is not great. If an intruder can get to the Finder somehow, suppose by booting off a floppy, CD-ROM, or external hard drive, the password file is vulnerable. This package by no means should be used for serious security use!
KnownBugs:
None, of course.
Future Enhancements:
Easy way to take out dbex resource in the System?
Lessons I learned the hard way:
1) Don’t hit command-poweron while in MacsBug.
2) _Gestalt is not a Toolbox trap. It’s an OS trap. As such, you really shouldn’t push its parameters on the stack. D’oh!
3) Programming in assembly is a lot harder than it looks.
Kudos officially go to:
Dair Grant, for the marvelous Extension Shell package.
Michael Hecht, for ResCompare, a very nifty patching program.
Quinn, Peter N Lewis, and Fabrizio Oddone for CDIconKiller, from which I stole 3 lines of code.
Berkeley Systems, for producing such a wonderfully hackable screen saver package.
Version History:
v1.0
First release for MacHack ’96. This fact should not affect the stability, but one never knows...
After Dark is a trademark of Berkeley Systems, and is registered in the US and other countries. I am not associated, affiliated, or related to Berkeley Systems in any way, and Berkeley Systems does not endorse the use of Better After Dark Security nor are they responsible for any consequences.
