ProctorU...hell in a handbasket Part 1

[lavagirl]

After this experience ...... or I will create a dedicated computer that will only be used for proctored exams. .

This is what I do for ProctorU tests. I read this advice before on this forum and liked it.

Thank you, cypster, for sharing your story.

[cypster]

Glad you got it worked out, OP! Seems like the proctor you had had acted outside business protocols. The proctor I had last month was really different... she would ask permission before performing any action. Even when shutting down open applications, she would just right click "quit" without viewing them. Guess we'd just have to be careful when using ProctorU as they might have a couple bad apples in the pile.

Thanks laughter! I think you may be right. I'm still uncomfortable with how the software was installed on my computer so I am waiting to hear back from Proctor U about that as well. Let's hope that it is NOT normal for their application to be installed directly into our user appdata folders as opposed to the control panel and I am glad to hear that your representative actually followed appropriate privacy protocols. I think your conclusion is spot on. We must be careful anytime we grant a remote user control to our computers. I was so focused on doing well on my exam I think I really slacked on vigilance on this one and I must have ran into a putrid apple...

[cypster]

This is what I do for ProctorU tests. I read this advice before on this forum and liked it.

Thank you, cypster, for sharing your story.

Thanks Lavagirl! I was wondering if anyone else was doing that. If you have a second and could tell me some specs on your dedicated machine I would definitely appreciate it! Is it running windows xp or windows 7? I have an old box with xp on it that I might be able to use if that would be good enough.

[lavagirl]

If you have a second and could tell me some specs on your dedicated machine I would definitely appreciate it! Is it running windows xp or windows 7?

I bought for this purpose Lenovo IdeaPad U430 Touch Ultrabook 14-Inch Touch-Screen Laptop last year. It runs on Windows 8. I plug it just few minutes before proctoring starts and it goes to the closet right after proctoring finished.

[clep3705]

Here's a generic approach to keeping a Windows machine clean. Create a System Restore point before installing software you're uneasy with. Install the software and use it. When you are done using it, use System Restore to restore your machine to the state it was prior to the software installation. This won't protect you from really bad malware, but should protect you from intrusive but otherwise legitimate software. Obviously this is inconvenient to do every time ProctorU is needed to take a test. But if you can afford only one computer and use ProctorU infrequently, it is a proactive approach.

[cypster]

Here's a generic approach to keeping a Windows machine clean. Create a System Restore point before installing software you're uneasy with. Install the software and use it. When you are done using it, use System Restore to restore your machine to the state it was prior to the software installation. This won't protect you from really bad malware, but should protect you from intrusive but otherwise legitimate software. Obviously this is inconvenient to do every time ProctorU is needed to take a test. But if you can afford only one computer and use ProctorU infrequently, it is a proactive approach.

Thanks for the feedback clep3705. You are correct that that would be a major inconvenience and somewhat impractical. I am thinking of just using an old XP box that I have for Proctored exams if I choose to go that route. I will definitely alter my logins just for testing days as well for added security if I choose this option.

[cypster]

I bought for this purpose Lenovo IdeaPad U430 Touch Ultrabook 14-Inch Touch-Screen Laptop last year. It runs on Windows 8. I plug it just few minutes before proctoring starts and it goes to the closet right after proctoring finished.

Thanks again lavagirl! I think it's a brilliant idea to use a dedicated computer for proctored exams. The only unfortunate thing is that my OS on the machine I have that I could dedicate to proctored exams is XP which would admittedly be a security risks since it's no longer supported but if I alter my login info for the exams I am thinking the threat would be minimal.

[bricabrac]

I am so happy you got this taken care of OP, what a nightmare! By what you've described you never know...you may have just saved someone else down the road. Who knows what that individual was truly doing. I would seriously question someone who is hired and trained to do a scripted job, but instead of following procedure does everything opposite to what s/he is supposed to do. That would have raised red flags with me as well. For all you know it could have been someone testing the waters for future misdeeds.


We had this discussion on the TESC boards when they first began to use proctorU. Some of us were dead set against allowing remote access. The computer science students were the first to speak out. Some know what can happen if a bad apple is given access...the possible outcomes. You have to think, you are not only giving them access to your computer but they are also reviewing ID and accessing security questions. Screen caps anyone? They could easily implant code, and/or after gaining access to certain information and now armed with your address sit down the street from your house and wait for the next time you log in and follow you right down the rabbit hole. This is a cocktail for ID theft, etc.

As a result to the students concerns, if you had security issues, or stated there were problems with internet coverage (connection drops etc), then you were allowed to opt out of proctorU and request paper exams. At the same time, they issued a blanket statement advising possibly purchasing a second bare bones set up to be used for testing. I think any cheap laptop / desktop will do. Just be sure to create system discs when you need to wipe the computer and do a clean install. Too many, myself included, rely on letting the computer reset to factory install but if something is buried deep...you'd want a fresh install.

Privacy Case Example: One of the members of my department experienced someone remotely accessing his computer without his approval. He just happens to be a computer programmer/software designer in his private life (had his own company) as well as a science brain and caught it when it began. He stated the normal individual would not have noticed, it was only a quick string of words at the bottom of the screen and the cursur moved on its own and then nothing. The doc just about lost his mind, it was about 1AM and he was working on things anyone outside our department, legal, bus dev and the president of the company were not cleared to know, let alone access. I received a phone call, which in turn woke up others. Can I just state with the sensitivity of the information we deal with this was a HUGE PROBLEM! If he had not noticed and the person only read what was on the screen we could have had a very serious insider trading problem. It was not done with malicious intent, it was actually a mistake (logging in to the wrong computer), but the following day heads rolled right on out the door!

My BF is actually a bit of a "cracker" and I was already a bit overprotective, but he just made me even more vigilant knowing the possibilities. Password crackers, key stroke loggers, access to your camera so they are watching you remotely and you have no idea...

Be very careful with your machines folks. And let us not forget, there are criminals everywhere! People are sent to work for certain companies with specific intent. A plan can be in the works for quite awhile before it actually happens.

Anyway, just adding to the list of what can and does happen in the real world.

[cypster]

Wow! Youlve shared some really great information and cautions there Bricabrac! Many many many people are almost clueless when it comes to just how easy it is for a system to be hacked and many more have the strange concept that this cannot be done with software that has been created by "reputable" companies... Remote access is dangerous to begin with as you've mentioned and it's up to each of us to go the extra mile to protect our machines, our identities and our personal information. I was really glad to learn that Straighterline does have an option for offsite exams in addition to proctoring. I am seriously considering that option for future exams after this incident.

I have used remote access applications like team viewer and remote desktop using dynamic dns before in a small business setting and I was amazed at how much information could be remotely accessed during these connections. The biggest security risk with Proctor U's LM_rescue application in my opinion is it's ability to to added to your list of startup applications without appearing in the start up folder and the ability for them to access files from a computer. I am glad that you also mentioned creating systems discs. It has been a long time since I have cloned my computers and I did not think of that option. If I pursue the option of using a dedicated computer for testing, I will definitely think about cloning the machine before the exam and restoring the clone after a couple exams.

I truly hope that all who read this posts will avoid making the mistakes I have made in slacking off and just trusting what I felt was a "reputable" company and not exercising due diligence to ensure maximum security on my machine.

[Tedium]

I'm not a computer expert, but would creating a separate log-in with limited access for your machine help at all in this situation? You could log in with the "guest" account, so at least none of your sensitive files are accessible without your prior approval.

Thoughts?