Ask Slashdot: How Would You Secure Your Parents' PC? 408
New submitter StirlingArcher writes "I've always built/maintained my parents' PC's, but as Mum has got older her PC seems to develop problems more readily. I would love to switch her to Linux, but she struggles with change and wants to stay with Vista and MS Office. I've done the usual remove Admin rights, use a credible Internet Security package. Is there anything more dramatic that I could do, without changing the way she uses her PC or enforcing a new OS on her again? One idea was to use a Linux OS and then run Vista in a VM, which auto-boots and creates a backup image every so often. Thanks for any help!"
MS Security Essentials (Score:4, Informative)
Sell them. (Score:2, Informative)
Sell the PCs and get them iPads.
Problem solved.
I'm not joking.
I switched my mom to Ubuntu 12.04 (Score:4, Informative)
and she took a few weeks to adapt, now she uses it (mostly) trouble-free. I also enabled Desktop sharing via VNC to avoid driving to her place every time she complains 'I had my icon here and now it's gone' or 'It does not behave as berfore' or 'The menu to send my mails is gone'.
Her grand-children also spend lots of time on this computer while she takes care of them, and I used to clean lots of malware after them... not anymore.
"frozen" configurations (Score:5, Informative)
Freeze all system changes except saving into the the documents folder. There are a number of programs to do it, seems the most popular is Deep Freeze. It allows all system changes, but after reboot it is all gone. Some tweaking will allow making a few things persistent, such as the documents.
http://alternativeto.net/software/deep-freeze/ [alternativeto.net]
Re:MS Security Essentials (Score:4, Informative)
Linux. Full stop (Score:2, Informative)
I would secure my or any one's parents' PC by first installing a well supported and regarded Linux distribution, with a firewall, ClamAV to repel viruses that could infect a Windows computer to which e-Mails are sent, and a simple login authentication with password that they would easily remember, but could not be be easily guessed by anyone else.
Remind them never to click on any Bank or other business ad or e-mail for which they do no business, and that all their insurance and banking vendors would send important info by snail mail.
Nothing else in needed or required.
Re:MS Security Essentials (Score:5, Informative)
I would suggest this as well. If she's comfortable with Windows, then make it as safe as possible. Security Essentials has far less risk of throwing a key Windows file into quarantine and hosing the install. It's also far better as far as performance. Ensure she knows how to spot when it has not updated in a while (it happens). Ensure it updates when the PC is likely to be on.
From there, you need to use a few plugins that will help keep your mother safer online. WOT [mywot.com] is an excellent, and low impact plugin that will warn her about known dangerous sites. AdBlock is a must if she's prone to clicking on things she shouldn't.
If you can swing it, get an SSD, and kill scheduled tasks like defrag, which would no longer be necessary.
DO schedule checks for updates when she is most likely to be on. Ensure you train her to spot the prompt that updates are needed, and how to install them.
If she can't deal with the update process, then you should setup some time each week to remote into the PC to do them, and to handle basic maintenance
For remote fixes, I'd suggest TeamViewer, set to auto-run as a service., with an Admin password setup for yourself.
I used all of the above steps with my Dad who lives about 2 hours away with decent results for quite a few years until the old XP hardware failed. I should note that I eventually moved him to a Mac mini when his old hardware failed, and when I no longer wanted to pay a hundred bucks for Windows. My dad likes playing games for the most part, and the ecosystem on a Mac made sense for him (app store), while keeping him largely out of trouble.
Re:MS Security Essentials (Score:3, Informative)
Not as good as it used to be, we run Forefront which uses the same definitions and have had a number of things get through it as of late.
MSE used to be good, but MS seems to have really slipped up last couple of years. They have fallen to the bottom of all the tests, that they use to be in the top of, and even if you don't believe in tests, more and more real-world reports of things slipping through, like poster above here. It has gotten so bad that MS themselves now publicly recommend that their customers use additional 3rd party AV [pcpro.co.uk]. That is pretty damning.
The test you refer to (not tests) is a notoriously vendor-driven one, which really has no credence with the larger AV community. And there's a bit of misinterpretation; MSE is designed to be compatible with another AV solution, so that the two can coexist. This is made possible by the fact that MSE integrates with Windows as only a Microsoft product could. MS didn't say "don't use our solution all by itself, the MSE r h4x0red!"
Actually, I refer to tests. I guess you are probably referring to the beating they got in AV-Test, since MS publicly complained about that. But here is another one [av-comparatives.org] (look at bottom of graph page 9 or summary of results page 13 - zero stars to MSE). And here is another one [dennistechnologylabs.com], from the test lab used by PC Pro and others (see results page 7 and 8, not good).
Where did you get the notion that MSE is designed to co-exist with another AV-solution? Microsoft strongly recommends against this, it is the first line in their FAQ [microsoft.com]. If you have third party AV running when you install MSE it recommends to disable it. Which in almost all cases today would be a downgrade of your protection.
Local Group Policy (Score:4, Informative)
Since she is on Vista, you might want to look into Local Group Policies.
http://technet.microsoft.com/en-us/library/cc725970.aspx [microsoft.com]
You have much finer, granular control over many aspects of Windows through it. It can take some trial and error, but you can setup an environment where only specific applications run and nothing else. Or, you can do things like not allowing application to run from specific locations (E.G. C:\Users\\AppData or C:\Program Data). Doing this can greatly reduce the amount of Malware and Virus infections. You can also prevent changes to things like the Start Menu or task bar, etc. A lot can be done with Local GPOs that doesn't seem widely known to the standard Windows user, but they can really help lock a machine down.
my suggestions (Score:4, Informative)
1 backup the data from the computer and wipe the computer ,teamviewer ,avast and whatever else you think they will need
2 install Win7 (you should be still able to get a LEGIT copy somewhere) DO NOT CONNECT TO THE NET
3 build on your computer a win7 and whichever MSO set of WSUSOffline patches and create a Ninite loader with Firefox/chrome,7zip, LO
4 run WSUSOffline and get the patches done (optional step install MSSE and upgrade MSIE)
5 run the Ninite Loader
6 FOR EACH OF [FIREFOX CHROME MSIE] WHERE INSTALLED =TRUE hit the adblock plus site and get it installed and configured.
7 setup Teamviewer and set a permanent password
8 set like EVERYTHING to auto update and "silent" mode where possible.
Comment removed (Score:5, Informative)