hi
i am a total novice at this, we are just testing 2.3 on ubuntu and are gradually rolling it out for our students.
I was just exploring using the Safebrowser for our quizzes, for our students to use on their laptops. The basic idea was, that i configure the safebrowser software for the PC and Mac versions, and put this as a download on our moodle site, and then let the students use it for all their quizzes.
while i was setting this up, i was wondering, if the students could simply bypass the security of my configured safebrowser, and just download another instance of the browser and reconfigure it so as to allow all the privileges, (ALT+TAB etc) thus avoiding the security completely, and use their "free usage" browser. The students are smart enough to know the browser name and can download it externally also...
From what i can make out, the moodle site just needs a safebrowser to open it, not necessarily the pre-configured one, which i have made for them. Is this right or am i missing something? Apologies in advance, if i have missed something very obvious, but would be grateful if anyone could tell me what i have missed, since i am not able to figure this out!
You are right. The relevant code is the check_safe_browser method in mod/quiz/accessrule/safebrowser/rule.php. As you can see, that is woefully insecure. You should be able to change that to something better.
What are you hoping to gain from the safe browser mode?
My take on this is that if your students are so devious, I would fail them all.
Mary, I kindof agree, but if they use a standard safebrowser which they have downloaded from the internet, we will never find out! the idea is to understand the limitations and build towards it, i guess.
Marcus, the idea is : To restrict participants from searching for the answers, or even mailing each other answers and to disable the CTRL+TAB buttons
Hello Rajiv,
To restrict participants from searching for the answers, or even mailing each other answers
What make you think that, if they want to cheat, they won't use their iphone/ipad, or another computer/laptop, ... to do that ?
IMHO they is no way to make an online test secure, unless it takes place in a proctored room.
Jean-Michel is 100% right ! They could also have friends, tutors, experts and god forbid a textbook on hand.... no point over designing something that is so simple to circumvent.
The idea was that anybody who wants to check if the right Safe Exam Browser (SEB) is used, changes the string which is used to identify the browser in both SEB and Moodle. For that you would need to compile SEB on your own from the source code. If you want to use the current version on unmanaged computers, then you would also need to hard code the exam settings into SEB, so students cannot simply change the .ini files.
But we are working on a much more secure version for use on unmanaged student computers. We expect to have at least a beta till end of the year.
Who is the "we" that is working on a secure version of software? We are currently using Respondus Lock Down Browser, which works great, but would be nice to find a free/cheaper solution!
I'm the project leader for Safe Exam Browser (SEB) which is a free open source solution comparable to Lock Down Browser: http://www.safeexambrowser.org
As I mentioned, to use it safely on unmanaged computers without having to do modifications in the code yourself you should wait for version 2.0 (expected to release till end of the year or early 2013).
If you use managed computers in a computer class room or similar (where users don't have administrator rights) SEB is already quite safe.
Greetings Daniel
We installed 1.9.1 on our test server, and we're wondering how prevent students from simply exitting the browser and then going back to continue the test. It looks like the only way to exit the safe exam browser is with a series of function keys. Once the students know that series of functions keys, what prevents them from using it for the next test and just exiting when they want and then going back and continuing?
We are currently using Respondus Lock Down browser in a proctored environment. They do not allow the student to exit without submitting the quiz first. And if a student's exam freezes, they have a secret password that is easy for the teacher to change for each test to exit the quiz.
Why are you concerned about the student exiting the browser?
So if a student can exit the browser at any time, they can then go and search for the answer to a question, and go back to the browser, open up the test again, and continue with the test. Or am I wrong about that?
It seems to me you would be better to lock the machine to the i.p. address of the moodle server. Also remember they all walk around with a computer in their pocket (though they call it a mobile phone).
They can also just switch to a different desktop (on most operating systems). They could instead set their favorite browser to say it's SEB. That's takes about two clicks for computer geeks who have the user agent switcher already enabled, or six clicks for someone who has never done it before. There are probably six or seven ways to get around it, even without getting into anything sophisticated.
Really, it's all kind of like the latch on a bathroom stall - it tells people what behavior is expected, but in no way is it secure in any sense of the word. Safebrowser is really just a strong suggestion letting students know they aren't supposed to use Google during a quiz. If they decide to break the rules, there are a dozen ways for them to do so, many of them simple. That's an administrative and cultural issue, not a technical issue.
Of course, you might ask yourself - am I testing knowledge that the student will need to have immediately in mind in the real world, and not be able to check a reference? Let me use myself as an example. Myself, I've been programing professionally for 17 years and I have reasonably impressive credentials to say I'm competent. I look up programming syntax and such several times every day. Testing how well a programmer can do when they aren't allowed to use reference material is silly because actual programming work does use reference material constantly. Encouraging the student to use reference material is a much better test of real world competence because in the real world the person who uses reference material most effectively does the job most effectively.
All that to say, in many (most?) cases trying to prevent students from referencing outside sources is a futile attempt to make your test WORSE, to make it NOT represent how the student would need to use the information in the real world.
* As a contra example, fighter pilots should immediately know, off the top of their head, what to do when they've been hit by opposing canon fire. No time to check the manual or cheat sheet when you're being shot at. Even in most other emergencies, though, pilots DO pull out the checklist, so for accurate results ONLY the "gunfire" quiz would not be open book.
Hmm, that gets me thinking. In real world application of knowledge, generally you can't refer to a reference in extremely urgent situations. If you can spare a few seconds, you can whip out your smart phone and check. So perhaps use that fact with quizzes - if you expect the students to be able to answer in a split second, set a really tight time limit. If you don't mind if it takes them 30 seconds to answer, perhaps there's no reason they can't use that 30 seconds to check reference material.