Forgot your password?
typodupeerror
Security

Ask Slashdot: How Would You Secure Your Parents' PC? 408

Posted by timothy
from the what's-the-late-2013-version? dept.
New submitter StirlingArcher writes "I've always built/maintained my parents' PC's, but as Mum has got older her PC seems to develop problems more readily. I would love to switch her to Linux, but she struggles with change and wants to stay with Vista and MS Office. I've done the usual remove Admin rights, use a credible Internet Security package. Is there anything more dramatic that I could do, without changing the way she uses her PC or enforcing a new OS on her again? One idea was to use a Linux OS and then run Vista in a VM, which auto-boots and creates a backup image every so often. Thanks for any help!"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How Would You Secure Your Parents' PC?

Comments Filter:
  • by csumpi (2258986) on Sunday December 15, 2013 @12:49PM (#45695669)
    All you need. Click here. [microsoft.com]
  • Sell them. (Score:2, Informative)

    by Anonymous Coward on Sunday December 15, 2013 @12:50PM (#45695683)

    Sell the PCs and get them iPads.
    Problem solved.

    I'm not joking.

  • by nicomede (1228020) on Sunday December 15, 2013 @12:52PM (#45695699)

    and she took a few weeks to adapt, now she uses it (mostly) trouble-free. I also enabled Desktop sharing via VNC to avoid driving to her place every time she complains 'I had my icon here and now it's gone' or 'It does not behave as berfore' or 'The menu to send my mails is gone'.
    Her grand-children also spend lots of time on this computer while she takes care of them, and I used to clean lots of malware after them... not anymore.

  • by h00manist (800926) on Sunday December 15, 2013 @12:55PM (#45695727) Journal

    Freeze all system changes except saving into the the documents folder. There are a number of programs to do it, seems the most popular is Deep Freeze. It allows all system changes, but after reboot it is all gone. Some tweaking will allow making a few things persistent, such as the documents.

    http://alternativeto.net/software/deep-freeze/ [alternativeto.net]

  • by Brad1138 (590148) <brad1138@yahoo.com> on Sunday December 15, 2013 @01:16PM (#45695923)
    Is it any better than Avast(free)? I have been using Avast for years and it seems to work quite well. Most if not all of the online reviews pick Avast over MSSE.
  • Linux. Full stop (Score:2, Informative)

    by Anonymous Coward on Sunday December 15, 2013 @01:29PM (#45696059)

    I would secure my or any one's parents' PC by first installing a well supported and regarded Linux distribution, with a firewall, ClamAV to repel viruses that could infect a Windows computer to which e-Mails are sent, and a simple login authentication with password that they would easily remember, but could not be be easily guessed by anyone else.

    Remind them never to click on any Bank or other business ad or e-mail for which they do no business, and that all their insurance and banking vendors would send important info by snail mail.

    Nothing else in needed or required.

  • by DJRumpy (1345787) on Sunday December 15, 2013 @02:03PM (#45696395)

    I would suggest this as well. If she's comfortable with Windows, then make it as safe as possible. Security Essentials has far less risk of throwing a key Windows file into quarantine and hosing the install. It's also far better as far as performance. Ensure she knows how to spot when it has not updated in a while (it happens). Ensure it updates when the PC is likely to be on.

    From there, you need to use a few plugins that will help keep your mother safer online. WOT [mywot.com] is an excellent, and low impact plugin that will warn her about known dangerous sites. AdBlock is a must if she's prone to clicking on things she shouldn't.

    If you can swing it, get an SSD, and kill scheduled tasks like defrag, which would no longer be necessary.
    DO schedule checks for updates when she is most likely to be on. Ensure you train her to spot the prompt that updates are needed, and how to install them.
    If she can't deal with the update process, then you should setup some time each week to remote into the PC to do them, and to handle basic maintenance

    For remote fixes, I'd suggest TeamViewer, set to auto-run as a service., with an Admin password setup for yourself.

    I used all of the above steps with my Dad who lives about 2 hours away with decent results for quite a few years until the old XP hardware failed. I should note that I eventually moved him to a Mac mini when his old hardware failed, and when I no longer wanted to pay a hundred bucks for Windows. My dad likes playing games for the most part, and the ecosystem on a Mac made sense for him (app store), while keeping him largely out of trouble.

  • by Anonymous Coward on Sunday December 15, 2013 @02:15PM (#45696501)

    Not as good as it used to be, we run Forefront which uses the same definitions and have had a number of things get through it as of late.

    MSE used to be good, but MS seems to have really slipped up last couple of years. They have fallen to the bottom of all the tests, that they use to be in the top of, and even if you don't believe in tests, more and more real-world reports of things slipping through, like poster above here. It has gotten so bad that MS themselves now publicly recommend that their customers use additional 3rd party AV [pcpro.co.uk]. That is pretty damning.

    The test you refer to (not tests) is a notoriously vendor-driven one, which really has no credence with the larger AV community. And there's a bit of misinterpretation; MSE is designed to be compatible with another AV solution, so that the two can coexist. This is made possible by the fact that MSE integrates with Windows as only a Microsoft product could. MS didn't say "don't use our solution all by itself, the MSE r h4x0red!"

    Actually, I refer to tests. I guess you are probably referring to the beating they got in AV-Test, since MS publicly complained about that. But here is another one [av-comparatives.org] (look at bottom of graph page 9 or summary of results page 13 - zero stars to MSE). And here is another one [dennistechnologylabs.com], from the test lab used by PC Pro and others (see results page 7 and 8, not good).

    Where did you get the notion that MSE is designed to co-exist with another AV-solution? Microsoft strongly recommends against this, it is the first line in their FAQ [microsoft.com]. If you have third party AV running when you install MSE it recommends to disable it. Which in almost all cases today would be a downgrade of your protection.

  • Local Group Policy (Score:4, Informative)

    by chr1st1anSoldier (2598085) on Sunday December 15, 2013 @02:27PM (#45696593)
    Greetings, As someone in the IT industry maybe I can give you some advice.

    Since she is on Vista, you might want to look into Local Group Policies.

    http://technet.microsoft.com/en-us/library/cc725970.aspx [microsoft.com]

    You have much finer, granular control over many aspects of Windows through it. It can take some trial and error, but you can setup an environment where only specific applications run and nothing else. Or, you can do things like not allowing application to run from specific locations (E.G. C:\Users\\AppData or C:\Program Data). Doing this can greatly reduce the amount of Malware and Virus infections. You can also prevent changes to things like the Start Menu or task bar, etc. A lot can be done with Local GPOs that doesn't seem widely known to the standard Windows user, but they can really help lock a machine down.
  • my suggestions (Score:4, Informative)

    by RobertLTux (260313) <<robert> <at> <laurencemartin.org>> on Sunday December 15, 2013 @02:59PM (#45696839)

    1 backup the data from the computer and wipe the computer
    2 install Win7 (you should be still able to get a LEGIT copy somewhere) DO NOT CONNECT TO THE NET
    3 build on your computer a win7 and whichever MSO set of WSUSOffline patches and create a Ninite loader with Firefox/chrome,7zip, LO ,teamviewer ,avast and whatever else you think they will need

    4 run WSUSOffline and get the patches done (optional step install MSSE and upgrade MSIE)
    5 run the Ninite Loader
    6 FOR EACH OF [FIREFOX CHROME MSIE] WHERE INSTALLED =TRUE hit the adblock plus site and get it installed and configured.
    7 setup Teamviewer and set a permanent password
    8 set like EVERYTHING to auto update and "silent" mode where possible.

  • Re:They're dead (Score:5, Informative)

    by hairyfeet (841228) <bassbeast1968@gma i l . com> on Sunday December 15, 2013 @06:17PM (#45698505) Journal

    As a PC shop guy I run into this problem quite a lot and there are actually a few options. You can have a program like Paragon Backup and Recovery Free [paragon-software.com] set to make daily/weekly/whatever disc images and then easily roll it back when they bone it (because if they are like most older folks no matter how many times you tell them "don't click on that" they will) but the problem with those is that you usually have to be the one to roll it back, too complex to restore from disk image for an old person.

    So while this way is no longer supported on Win 8 and above (but since Win 8 is a bomb who cares) this is the way that I do it and it gets the "Hairyfeet seal of approval". This method scores damned near a 10 out of 10 in both keeping infections out and in fixing if they manage to bypass your security and infect it anyway. And yes that is a problem, as i have seen older folks actually turn OFF the AV because an email told them to. As a bonus it costs $0.00 and doesn't take more than an hour tops. Ready?

    1.- Install Comodo AV Free [comodo.com] and be DAMNED SURE to pick YES when it comes to installing Comodo Dragon, the why will be apparent in a moment. You can go ahead and uncheck geek buddy, that is your job, they don't need some guy at a helpdesk in India to tell them what to do. 2.- Go into Comodo AV after install and turn it to "paranoid mode" this will run everything in a sandbox by default and treat everything as suspect. Now for your not completely clueless you can leave it in clean PC mode, but for those that click the "punch the clown and win an iPad" types paranoid is safest. 3.- the final step is to download and install Comodo Time Machine [majorgeeks.com] and LOCK the first image, call it "clean PC" or something else that will be easy to tell grandma over the phone. A bit of warning when it comes to CTS, it dos NOT work on win 8, it does NOT work on dual boots, you should also set it to clean out old snapshots after say 30 days. That said if you want a PC that can recover from pretty much every bug out there? here ya go.

    And that is it, stick a fork, there is no step 4. Of course this assumes you have already done the common sense things like set windows update to automatic but other than that you should now have a 100% clean PC that will stay that way. The browser is sandboxed and locked down, runs by default in low rights mode, the AV is watching everything like a hawk and if they manage to talk the old folks into bypassing the AV? Time machine has you covered. I have several users that would get more nasties than a Bangkok whore on coupon night and thanks to this little 3 step program their PCs are pretty much idiot proof. Oh and as a bonus if they screw anything up, uninstall a printer driver or just trash a program? it takes less than 10 minutes over the phone to restore with CTS. You tell them reboot, hit home key when they see the big clock, pick the day before (assuming you set it for daily or snapshot on boot) and leave it alone...and that is it, the CTS will set the machine back and it'll be like they never made the boo boo.

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde

Working...