seb-win-refactoring

seb-win-refactoring copied to clipboard

When an user changes the mouse cursor via some tool and you try to start SEB, it will crash with a generic error message. Since, changing back to the original cursor and restarting SEB works fine... The error message should reflect that. This would help in troubleshooting during exams.

Thanks for the input. I guess we could add a specific error message, though with security related issues we normally don't want to make it too easy for users to figure out why SEB refuses to startup.

@danschlet What do you think?

It's something that you can see both ways. On one hand, I totally understand the reason of not telling why SEB blocks users from starting. On the other hands, the more "little things" SEB checks and doesn't let the user through... Can be annoying if SEB is used during exams.

I think we need to look at this case by case. Since if we have some internal error code like err_cur and a list, people can simply "Google it" and find it.

Is SEB just quitting with the regular Couldn't start session (or similar) message or really crashing? @dbuechel, I think in this case it makes sense to show an error message "SEB doesn't allow modified cursors" or similar.

It's the generic like this:

(Yes, screenshot from other issue but the error message is the exact same)

Excellent, then I shall add a specific error message for the cursor verification.

The problem is that our students now intall the cursor program deliberately to sabotage the exam. Is there a security risk to allow such programs while starting SEB?

There is a (at least theoretical) possibility to cheat using custom cursors, how practical it in the end would be is not entirely clear (analog cheating surely would be a lot easier). But we decided to go the safe way and validate the active cursor configuration.

As for the modding resp. cursor customization software: If you know what software it is, you can simply add it to the list of prohibited applications and activate the auto-termination option (see https://safeexambrowser.org/windows/win_usermanual_en.html#ProhibitedProcessesSection > Force Quit). Whether that reverts the active cursors would however need to be tried out, most likely it doesn't, but it at least may have a discouraging effect on the students.

There is a (at least theoretical) possibility to cheat using custom cursors, how practical it in the end would be is not entirely clear (analog cheating surely would be a lot easier). But we decided to go the safe way and validate the active cursor configuration.

As for the modding resp. cursor customization software: If you know what software it is, you can simply add it to the list of prohibited applications and activate the auto-termination option (see https://safeexambrowser.org/windows/win_usermanual_en.html#ProhibitedProcessesSection > Force Quit). Whether that reverts the active cursors would however need to be tried out, most likely it doesn't, but it at least may have a discouraging effect on the students.

Speaking from experience here... No, quitting the program usually does not. Since it installs an .ani/.cur file that autoloads and all. Usually I have to delete the actual cursor file.

The problem is that our students now intall the cursor program deliberately to sabotage the exam. Is there a security risk to allow such programs while starting SEB?

Well, I have seen an attempt yesterday where the student painted a formula inside the mouse cursor for maths. Yeah... But totally understand where you are coming from.

Well, I have seen an attempt yesterday where the student painted a formula inside the mouse cursor for maths.

Exactly, that kind of cheating. Simply learning the formula would appear to be less effort overall, but alas, I reckon validating the cursor configuration thus indeed makes sense.

Thank you for the explanation. Now I understand the reason why cursor configuration is validated and the sudden interest of our students in changing cursors :)

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.

Thanks for the input. I guess we could add a specific error message, though with security related issues we normally don't want to make it too easy for users to figure out why SEB refuses to startup.

Don't want to make it easy for the user to figure out why they can't take the exam? Are you 5 years old? It is a software intended for exams, obviously the user should know about it.

@pinkestflamingo Please mind your language. We don't tolerate verbal abuse (this is not Twitter -> X).

@pinkestflamingo Please mind your language. We don't tolerate verbal abuse (this is not Twitter -> X).

I don't care what it is, if it's Github or Twitter, doesn't matter. You clearly do not care about the user-experience and it pisses me off. Thanks to SEB I haven't been able to do exams for 8 months, because of false flagging my SCHOOL LAPTOP as a vm.

This is open source freeware software and we don't give any warranty whatsoever. Complain to the people who provide your exam. They are free to use some commercial software.

The VM detection in SEB was partially contributed by the open source community, looks like they also weren't aware of this false negative. Instead of abusing us we appreciate if you report issues (as you did in the other issue), then we will happily improve the software.

@pinkestflamingo Try to abstain from unnecessary comments. If you would have read the entire communication (and I myself shall abstain from making an unnecessary comment here), then you would have noted that:

1. The OP does understand that it is a balancing act regarding how many details we unveil when SEB refuses to startup due to a security issue.
2. Notwithstanding, we already agreed that we will implement this enhancement and thus ipso facto do actually care about our users and their experience.