This is a feature only meaningful within the corporate product.
While GUIDs are used throughout Windows and many products,
a recent controversy with Microsoft has made people nervous
about this issue.
What is a GUID?
GUIDs, or "Globally Unique Identifiers", is a technology Microsoft
developed to uniquely identify objects. Your computer is an object,
and has a unique GUID that you don't see. When you log in, your
user account is assigned a unique GUID.
What has been the controversy over GUIDs?
Microsoft encountered
some bad publicity because it was found to report
GUIDs to its website in such a way that they could be abused
to track user's activities. Microsoft's Office products
(such as MS Word) put the machine's GUID inside their documents
as well. One way Microsoft could abuse this information would
be to match the author of a document with the registration
information sent to Microsoft. These are some cases where
GUIDs could reveal privacy information, but the reality is
that the average machine has hundreds of imbedded GUIDs
throughout the filesystem and registry. They are a normal
part of Windows.
Does the product report GUIDs to Network ICE?
No.
How does the corporate product make use of GUIDs?
The GUID is only used so that intrusion data from the same
machine can be correlated.
Most products use IP addresses for this purpose,
but since machines these days frequently change their IP
address, the only real way to do it is with GUIDs.
An example would be a roving laptop
user who travels throughout the United States with the corporate
version of the product installed.
Note that there are some minor privacy issues that corporate users
might want to be aware of. Every time the laptop connects
to the Internet, it will send a "heartbeat" back to the corporate
ICEcap console. Since IP addresses have a weak affinity to
geographic location (i.e. what city the person is in),
in theory corporations could do some minimal
tracking of user's locations this way. Similarly, if the laptop is stolen
and the thief dials-up the Internet, the corporate has a small
chance of catching the thief because of this feature.
Why does Network ICE put a GUID in a file?
Most Windows products put GUIDs into the registry.
While the product only ships for Windows, it has been
designed to work on a wide variety of operating systems.
Most other operating systems do not have a "registry".
On systems such as UNIX,
we will create GUIDs in much the same way that Microsoft
uses (i.e. based from the current timestamp, random number
generator, and hardware IDs like MAC addresses). But
since there is no registry, we must store them in a file.
Note that this number is based upon the Microsoft GUID,
but not exactly equal. Therefore, if a corporate user
deletes this file, a new 'guid.txt' will be generated.
Why do I see a 'guid.txt' even though I don't have a corporate product?
We are currently building up the home-user product to report
back to Network ICE on a voluntary basis. Many users are excited
about this possibility because it will allow people to group
together to go after hackers rather than dealing with them one-by-one.
This feature will be based upon corporate technology. Note that
while version 1.9.x does not have the ability to report intrusions,
we have been testing the feature in-house with that code-base.
This had led to parameters appearing in the configuration
file and the 'guid.txt' file appearing.
