Slashdot Mirror
Windows Security and On-line Training Courses?
eggegick writes "My wife has taken a number of college courses over the last three years and many of the classes used on-line materials rather than books. The problem was these required IE along with Java, Active X and/or various plug-ins (the names of which escapes me), and occasionally I'd have to tweak our firewall to allow these apps to run. I don't think any of these training apps would work with Firefox. All of this made me cringe from a security point of view.
Myself, I use Firefox, No-Script, our external firewall and common sense when using the web. I have a very old Windows 2000 machine that I keep up to date. To my knowledge, I've never had a virus or malware problem.
Her computer is a relatively new XP machine, and at this point she feels her computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers.
Assuming the college course work applications were part of the cause, what recommendations do any of you have for running this kind of software? Is there a VMware solution that would work — that is, have a Windows image that is used temporarily for the course work and then discarded at the end of the semester (and how do you create such an image, and what does it cost?)."
vmware is free, so is virtualbox and xen.
you would create the image yourself.
install a default XP machine and run IE on it.
They're using their grammar skills there.
Have her take her courses from a school with a clue.
If you want news from today, you have to come back tomorrow.
I review software for a living (in addition to doing other things) so I've been using virtualized Windows XP installations for awhile now. (I prefer Virtualbox, but you can do this with any utility)
A long time ago, I created a virtual hard disk image of a Windows XP installation, got it the way I like it, and then backed it up. (storing a few GB long-term is trivial these days) When the current disk image I'm using gets overly cluttered after a few weeks or months, I just get rid of it and load a fresh copy from my backup and start over.
You could probably benefit from the same system.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
Why would this make you cringe from a security standpoint? Security is only a problem with nefarious things are intended. The act of allowing these specific ActiveX controls to run within the context of the training courses has no bearing on whether or not you are permitting other ActiveX controls to run. If the prompts annoy you, rather than simply completely turning off ActiveX security features, you should add this site to your list of Trusted Sites.
There's nothing inherently wrong with enabling IE, using IE, or using ActiveX. And within the context of this single site there's not likely to be a problem. After all, if they were using their software for malicious deeds you surely have legal rights on your side.
The courseware he's talking about is almost certainly Blackboard and up until very recently that was basically the only available product for this kind of stuff. Yep, it is a titanic piece of KAKA, but no matter how clueful a school is, they pretty much don't have a choice. WebCT was somewhat better, but Blackboard bought that a good while back and they don't put new customers on it.
In the last year or two there are some OSS apps that are at the point where they would be a better choice, but switching is also a titanic nightmare and thus the pain goes on...
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
...and this is the worst askslashdot ever.
that is all.
This UID is 7651 digits too high to subjectively infer IQ from.
It's available for XP and Vista (32 bit) free from Microsoft: http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
require you to turn off your firewall and pop-up blocker. Why they cannot write web software to work without needing pop-ups and can work with firewalls is beyond me.
Virtual PC 2007 is free. Use Pricewatch's operating system price search to find a version of Windows to run under it. Windows XP can be bought in OEM version for under $100.
Run all college web sites in a virtual machine.
Use Avast Home for Antivirus as it is free for home and non-profit use.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
The solution is easy, though you may not like it. Install Vista (It has ASLR, heap protection, pointer protection, dep, integrity levels, and so on) and latest updates. Enable DEP for all processes and memory protection in IE advanced options (must run IE as admin first to change this setting.) Disable all the AcitveX and .NET stuff in the internet zone.
Enable Protected Mode for 'trusted zone.'
Add necessary, trusted sites to 'Trusted Zone' site list, that require an active-x/.net plug-in.
Leave auto-updates on.
Don't download anything unless you know for sure the trustworthyness of the people who made it.
Using just that, I have been using Vista for almost 2 years without a single Virus, trojan or Worm, or anything at all to speak of, and I surf everything, all day, including very shady sites. Vista pretty much takes care of the automated and drive-by download infections, teaching non-advanced users about web scams that only require a sucker user on the other hand is very difficult, I recently had to clean antivirus-360 from a friends computer because despite all the security (it was XP) she willingly clicked 'download' and 'install' and 'ok' when it said she needed the program on some website. lol.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
Sunbarrow.com? I meant: Sanbarrow.com
Virtualization is easy, but non-virtualization is even easier. There is a VMWare solution that will work: It's VMWare, and it works exactly like you think it does. The current price is listed on the VMWare website. I don't understand why this is a community-posed question, though, since you seem to have answered yourself in the question.
The free solution, on the other hand, is to just clean up the problems on the XP machine. If the other machines on the network continue to run trouble-free, just fix the one with trouble. You probably don't even need to recover or reinstall. Uninstall the ActiveX components, close the firewall back up, run anti-virus and anti-spyware apps (at least 3 different free ones) to remove anything that might have shown up, and if there are less than a handful of problems detected, you don't really need to reinstall. Run msconfig to check for extra crap at startup, and use HijackThis to check for any remaining browser toolbars, add-ons or other crap you don't want. Then make Firefox the default browser. Incidentally, there is a Firefox add-on available called IETabs which lets you run an IE-specific webpage from Firefox without starting IE and all its add-ons (it does use the base IE rendering engine tho).
If the machine hasn't had a fresh XP install in over a year, then it's time to reinstall anyway, and the sluggishness might have little to do with the extra ActiveX crap your wife had to use.
A cleanup might take you 2 hours. A reinstall could take longer, depending on how organized you and your wife have been about backing up data and how many programs you'll need to reinstall. VMWare works, but isn't free. These are the considerations to balance. Good Luck!
-=[You cannot consistently judge this statement to be true.]=-
http://etudes.org/
They use it at Foothill College Los Altos CA where where I am a somewhat permanent student
I have taken dozens of online classes and it seems to have worked well for a variety of classes and teaching styles
-I'm just sayin'
Just get some sandboxing software (i.e. "sandboxie", which I've only heard good stuff about) and run internet explorer from within such a sandboxed environment.
Just like a VM it will keep IE (or anything spawned by IE) from messing with the rest of the system, but with the advantage that it is much more lightweight than a typical VM.
To clarify, this is just a link to the bootloader setup. It is not that relevent, IMO, because that is not the typical way that people setup to use virtualization. I don't recommend it for a newbie. It is better to encapsulate your virtual disc as a file on an already known filesystem. Just follow the normal instructions when learning about VMs.
The way you have proposed setting up often leads to confusion. People think they can use the same exact partition they use with a physical machine that they use with a virtual machine. In rare cases this works, but most often it leads to "blue screen" boots due to HD controller mismatches, etc.
There is also another non-technical problem. That is, XP's license terms do not allow this, as I understand them (IANAL). The reason behind activation requires a license to be linked to the hardware. The "virtual" hardware is different than the "physical" hardware and requires its own license. Again, just my opinion.
Windows 2000 is not out of support. It is, in fact, still supported under the "Extended Support" model, where security fixes are still produced. It has left the mainstream support model where tech support was free. The difference between mainstream and extended is that you must pay for tech support calls instead of them being free.
According to this, Extended support doesn't end until July 13, 2010.
Bill
It's my Sig and you can't have it. Mine! All Mine!
Wife in question has administered lab machines before. So I left the Windows admin to her. B-)
For net access I put a third ethernet card in the Linux-based firewall machine and added rules:
- This new "red" net, like the "blue" net where the linux boxen live, was essentially restricted to talking to the firewall machine and outgoing TCP connections (plus very few specific other things.)
- "Red" and "blue" were treated, with respect to each other, as just as foreign as the wild-and-woolly Internet.
I know this doesn't answer questions about "How do you protect the Windows machine?". But there is plenty of stuff elsewhere about that. Plugging Microsoft's security holes is a multi-billion dollar industry. This was "How do you protect the rest of the machines in the house?". Giving Windows boxen their own LAN segment and walling it off from reduces the problem to the equivalent of a Windows box (or LAN of them) alone behind a NAT/Firewall machine. That's an already (sorta) solved problem.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Her computer is a relatively new XP machine, and this point she feels here computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have when having to run this kind of software?
What the hell kind of "recommendations" is he looking for? If your school needs ActiveX plugins (I know, I know, the schools needs to get a clue, etc.), you use IE and run them. I guess we could recommend that he doesn't, but that kind of defeats the purpose. ActiveX isn't an automagic virus.
She feels her computer has something wrong? So what? What the hell does that have to do with his question? What the hell does "planning on running a recovery disk" have to do with his question? What the hell is his goddam question, anyway?
Plus, he's asking how to create a virtual machine in VMWare and how much it costs?!? Apparently this genius hasn't discovered www.google.com yet.
Easily the dumbest Ask Slashdot I've seen.
First off. Windows 2000? That you keep up to date? I haven't seen Windows 2000 updates since.... 2005. Security? WTF?
For the love of dog, use something like VirtualBox or VMWare. Now!
Second, as a techie who has returned to college I deal with this a lot. Firefox has been hit or miss. Sometimes, I have HAD TO use IE. It's a bitch, cause I use Ubuntu. Nothing sucks more then having to keep a dual boot system (I used previously) or a VM around just for that one class that requires that you submit files via IE.
That said, I have had professors are usually very understanding of using browsers other than IE. For instance my Macroeconomics professor posted my short go by for playing his videos which seemed to only play in IE. I don't know why but they only played in IE, and I forced them to play with Firefox, Greasemonkey and FlashFix.
Other than that, I have seen problems with Blackboard and Etudes. It's usually hit or miss. Depends on the professor. My best luck has been with Moodle. I haven't had one class that has been problematic on Moodle.
CAPS LOCK: ITS LIKE THE CRUISE CONTROL FOR AWESOME
This thread has generated a lot of great responses, and you can pick and choose from a variety of good solutions. Here is another, the one that I have settled on as my preferred safety-backup-reinstall method: hard drive clones.
I use XP-SP2. My main machine has been running smooth as silk for 4 years. I have had rare problems, but when they have occurred, they have been of mixed causes - hard drive failure, a UPS failure which caused unbootable file system corruption, and even a trojan picked up right here on a Slashdot link a few months ago. No sweat for me though . . .
My backup solution depends on external hard drives which mirror my internal drives. I keep all data and apps (other than those that insist on installing under \ProgramFiles) on separate internal drives. That way, if C: gets corrupted, my other data is safe. My C: system drive has only the OS and ProgramFiles apps. This means that I can keep the system drive relatively small (120GB), meaning I can buy several mirror drives quite inexpensively.
I have several C: drive mirrors. I duplicate my main drive to these external backups 2 or 3 times a week. I duplicate just before any major system or application upgrade. I use an older version of Norton Ghost (v9) for this, which makes flawless duplicates while running in the background. (I also use Acronis to make point-in-time compressed images of the drive, which can be reloaded onto a hard drive if need be.)
The few times that I have had a disaster, I just pull out my latest mirror, swap it into the disk-0 position, and turn my machine back on - like nothing ever happened.
Consequently, this is also a great way to test installations or new software, or to create drives that you or your wife could use for your own purposes.
(See the comments above by diggitzz about cleaning up your dirty system before getting ready to make your first mirror image.)
Ever since settling on the system-drive-mirror solution for my OS safety backups, I have not had a moment's anxiety about losing a drive, testing new OSes, nor keeping my installation clean.
An oxymoron ?