Slashdot Mirror
Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie?
madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive.
So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.
madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.
How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"
How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"
Don't do it !!
Install Microsoft Security Essentials and forget about it.
Run it through your regular NAT router setup and tell your kid not to download nasty stuff!
And consider the educational value of having him get viruses. And the joy of reinstalling the OS.
Maybe he will appreciate dad's wisdom to date ;)
Which is more secure: A Windows machine run by an experienced admin, or a Linux/Unix machine run by a noob?
Seriously, set up a second hard drive for 7 and use it only to play games.
I know you asked about securing, but there is more than just security that is often overlooked in windows, that can be learned from the *nix world.
First, don't give anyone admin privileges with their default account. You are just asking for trouble if you do.
Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
MSE from m$ is as good as any , combine that with not havinh the childs acct as admin you're there
If you want to save a bit of money avoid going with the norton subscription and instal Microsoft Security Essentials.
http://windows.microsoft.com/en-US/windows/products/security-essentials
Its simple, light on your machine, and built exclusively for windows...did I mention its free?
Let your kid roam on the computer and once it slows down teach him to reinstall the computer himself.
Anti-virus programs are reactive rather than proactive so you should expect a windows machine to be infected soon or later (unless used by a somewhat obsessive noscript,etc user that avoids most risks).
How did you learn? By making mistakes. Let him run his Windows 7. With admin rights. If he gets viruses, trojans, adware, malware, so be it. If he needs to reinstall every 3 months as you probably did when you had Win 95, so be it. That's how he'll learn.
Your kid might not be satisfied with the way WoW works on an old T400 laptop. Check the graphics specs vs. the game recommendations. And for security, I'd just use Microsoft Security Essentials. It's free, probably works as well as any of the subscription-based anti-virus products and how much do you really care if your kid's game platform gets a virus?
If your machines have the power for it. you may be able to get away with running Windows in a VM. Install everything, get it set up properly, then snapshot it and restore to that point at the end of every gaming session. It's one fairly sure way of keeping Windows safe.
Install Microsoft Security Essentials, don't use IE, stay up to date on patches - none of which requires any effort whatsoever - and separate out user accounts. And that's really about it, unless your users are complete numpties about email and things.
Back in the win 2000 days I was called around to family to fix viruses and the like on a monthly basis. Since installing XP, I've not had a single callout that hasn't been due to hardware failure. And win7 is better.
Free Antivirus is good enough AVG, Microsoft Security Essentials, Avast. Teach your son that things arent always what they seem online and also the value of Security updates.
Set the PC up, get it all up to date install software printer etc, take a backup image using in built software.
If there are issues , back up data restore image, update, restore data, take new image etc etc.
Truth is that with proper use there is nothing that should be of great concern.
You can use AV, be careful (i.e. stay the hell away from insecure trash like IE or Outlook), but that is it. Windows, when connected to a network, cannot be secured by itself against targeted attacks, unlike any Unix or Linux. In professional environments, restrictive firewall settings also help, but that requires firewalls not running on the host. Security-wise Windows is a lost cause.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You've got it right already. Windows is a set of problems implemented for the niche called "IT Professionals". PlayOnLinux does quite well at taking the difficult fiddly parts out of wine. IMHO, you will be better of if you get it working in linux (Considering that you are happy in every other regard). Just be sure not to use something with compiz. (like Unity), or it will hurt your performance pointlessly.
That being said, to answer the question that you really asked: Don't use Norton or McAfee. They just suck [up ram|in general]. That's about all the advice I can give you. Good luck.
1) Install a free antivirus program like Microsoft Security Essential or AVG. Most free antivirus programs are close enough to paid software as long as you pick the better ones.
2) Run the computers network through a filtering program or DNS server like OpenDNS with the filtering option enabled.
3) Limit user account for kid. Install the software he needs for him. This would be a major improvement in security with limited hassles as it's usually the user that is the cause of many security issue.
Bonus) Occasionally keep a backup image of the hard drive. If the computer does get infected, it's easy and faster to recover from.
Microsoft Security Essentials, if you can get it. Free, works well enough.
Two comments -
1. If you're going to use Wine, go purchase Codeweaver's Crossover version. It's much better than the standard Wine. Plus, you can get a warm fuzzy feeling you're paying to support open source. PlayOnLinux is an option too.
2. However, do expose your children to Windows. It's what they're going to learn in school and possibly what they'll need in the workplace. (Oh, I'm sure some people would like to point out why I'm wrong, people have been predicting the demise of Windows for decades. It's still the de facto standard.)
Finally, just go download something like MIcrosoft Security Essentials or Avast for your antivirus. They're free and work.
----- obSig
I bought a used 13" dual core i5 for $550.00 off of craigslist.
If you are foolish and must only buy new for your kids, yeah, $1300 for a laptop is nutty for a kid laptop.
Do not look at laser with remaining good eye.
'nuff said
Get a laptop BEFORE Windows 8 comes out! You got like 5-6 days.
Windows 8 is god-awful and you will regret it! Get Windows 7 Laptops and PCs while they last!
Microsoft Security Essentials, Chrome with extensions set click-to-run, and... that's about it.
Dont protect the machine. Let him taste windows the way Microsoft serves it. What does not kill him will make him stronger. Either he learns to protect the machine on his own and stays in Windows camp. Or learns that the few things in the Windows world is not worth the pain and suffering comes home to a real OS. At best you throw him a nickel and ask him to buy a real OS. [Growing a beard before throwing that nickel is optional.]
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
...one word: Proxy.
Run your kid's network connection through it (enforce it via the home router if necessary), and whitelist what he is allowed to visit. Here is an example of how to set up SQUID to do that.
That by itself will knock out virtually all threats from the network.
As for the machine itself, install CCleaner and AVG (which IMHO is among the least intrusive of the A/V solutions), maybe tweak RDP so you can sniff around in there from time to time remotely w/o his knowledge, and that should cover practically everything you really need to protect and control your kid's computer.
Quo usque tandem abutere, Nimbus, patientia nostra?
Three words: backups, snapshots, and scanning.
Backups:
Look, no matter what you do, things will go to hell eventually. Either user error, bad update, or exploits/etc. Have a backup strategy in place. Since you come from the Linux world, boot disk + DD of the hard drive image would be the most straightforward. If you keep the OS, Applications(games), and page file on seperate disks, you will make backing up the OS and the Apps much easier. Not familiar with Windows 7's auto-backup features, so I'm suggesting the non-windows route on that one. You can even have a PXEboot environment setup and just boot the laptop over to PXE and have it perform a backup overnight. Keep 2-3 full image copies that auto-rotate say once a week, and you're good to go.
Another option would be an external hard drive + backup software on the Windows 7 system. Though my experience in the past with this has been mixed. YMMV.
Snapshots:
Apparently, Windows 7/8 supports some kind of snapshotting. Like their "restore to last good config" feature, it's only as good as the system is stable. :/ My preference would be to virtualize and snapshot the virtual machine's disk images, say on a daily rotational basis for a 1-2 week window. However, you want to do gaming on the box, so virtualization puts a heavy penalty. Still, worth a try. If it works, you could even run the Virtualized windows on Linux. VirtualBox comes to mind.
Scanning:
Look, it's Windows. It is highly targeted. You need some kind of scanning software. http://www.clamav.net/lang/en/ It's open source and it is free.
There are other things you can do:
- Firewall on the laptop, both inbound and outbound. (Only let web/game port addresses out, only let relevant ports in). Won't stop infections that exploit the games/browser/files downloaded, but might keep it from spreading.
- Run the game in a restricted account. Once again, an exploit and promote itself out, but one additional layer of security.
Ideally:
I went through this a few years back. And ultimately, you end up either running the game native on Mac OS X, hope/pray for the game to be ported to Linux, or run the Windows OS inside of a virtual machine. Back then, there wasn't much 2d or 3d acceleration. However, these days, the graphics card pass through support is much better and a virtual machine(VMware, VirtualBox, etc.) may be viable. I would give that a go. If it works well, do the snapshotting for the virtual machine. Backing up is as simple as fully shutting down the VM and copying the files somewhere else.
You'll still want to run anti-virus/anti-malware scanning software, but should you get infected, it is more or less contained to the VM.
In either case, good luck. :) If nothing else, hope the link to the free AV/malware software scanner helps out.
and it runs on Linux natively. http://www.heroesofnewerth.com/
Obviously if his friends are already playing LoL it might be difficult to switch.
Just reinstall Windows. No matter what you do at some point it'll get dog-slow anyway. Teach the kids to reinstall it, that will teach them. MS Security essentials, education and experience will do them good. Forget about it.
What about when the WoW/LoL servers themselves get pwned?
It's actually not a bad idea to run Windows in a VM that boots from a clean snapshot every time.
It would be an even better idea if the machine in question was ONLY used for the games in question, but all it takes is one "Let me look that up on Google/Start IE" or "Gotta check my FaceBook" to start the can opener.
You do want to do two other things. 1) Keep that install disc, and make sure the kid knows how to install Windows himself, plus install his games himself. I think WOW and probably LOL are both cloud-based saves so wiping the HDD is no issue. Reinstalling Windows is generally 1/4 the time and hassle of actually fixing a malware problem.
2) Let him know that he is only likely to get viruses doing things he shouldn't. Drive-by downloads on legit sites are rare. Drive-by-downloads on warez, gold sellers (for WOW), and porn are a lot more common. If he is going to do that stuff (you can't stop him) at least make sure he knows that those are dangerous sites. If his computer is acting funny after visiting one, and a reboot doesn't fix it, then wipe the install.
What free antivirus do you install on windows
Install Windows Security Essentials and you'll be fine. Seriously, it's not like by putting Windows 7 on a computer your house is immediately going to be invaded by zombies dragging every virus or malware known to man. Install WSE (or one of the other recommendations from the above thread), run with standard (not admin) rights, and that's pretty much all you need to do.
Neil
Don't use IE, and whichever browser to do use, install Flashblock.
Also, get an installer from ninite.com for Flash, Reader, and Java. Set it to run every day.
1) Install Microsoft Security Essentials. It's free and works as well as any paid Anti-Virus that I've used.
2) Educate your kids on the types of website to avoid. Sites like Limewire (where kids get free MP3's from) are full of viruses and spyware.
3) Set them up with a non-Admin account. That way if something bad happens the damage is minimized.
4) Install some add ons for the browser. No Script is a good one. It blocks Java Script and the bad guys love to use that to wreck havoc.
5) Consider creating a separate partition for the OS. If something goes wrong it's nice to have the OS separate from your own files.
6) Consider something like Norton Ghost (there are free alternatives as well) that can create a full image of your HD. Take snapshots before doing major system updates. If something goes wrong you can just restore the image and everything is as it was.
7) Running Windows as a VM on top of Linux is a good idea. If something goes south you can simply copy the pristine image back over the corrupted one.
8) Stay on top of the System Updates. Microsoft has "patch Tuesday" where they typically release system patches. Some of them are important and fix known vulnerabilities.
Just tell him there are better things to do with one's time than playing a stupid video game.
Have him learn a game programming engine, or a graphics program - anything like that is a much better use of his time. Or any other non-computer hobby would be great too.
seems like texting, social media ,and games are a drug to kids
its windows and warcraft today but thats a gateway to
skinny jeans and a shemagh, @ 300lbs .
Antivirus software is snake oil. You don't want to start the young one on a barrage of warnings that are only designed to keep the customers well aware of the perpetually imminent threat that can only be defeated by continued payment. Current threats are tested against all popular antivirus software and modified until they pass undetected.
Why not make the kid do it? That way instead of learning that there will always be people out there to do things for him, he will learn to rely on himself(and google of course).
I have been thinking about this as I am going to be turning my old laptop over to my Aunt when I decide to get a new one. She has had an infection every few months on her current tower.
Load a free Anti Virus, Avast or AVG should do nicely.
Install Firefox with NoScript.
Set IE to a proxy on the 127.0.0.1
The AV should not even be needed except to scan downloads. Protip be patient let the download sit for a few days until a few AV updates have come in.
NoScript if used properly should be able to prevent any drive by attacks. Help you son get a few of his favorite pages running explain how and why NoScript works. After that it's in his hands.
You need to use the browser with NoScript only, I would just disable IE.
I'd say some of this stuff would depend on how well your kid learns new skills or habits. If he has trouble doing chores, for example, some of the stuff he'll need to do (regular backups, for example) should probably be drilled. Fortunately, a lot of information security can be automated.
Since he's on WoW, if he's pretty good at the game he's developed a sense of strategy and planning. This is a great skill to have in information security (and really, sysadmin in general), because it means he can apply similar principles to securing and managing several systems.
If my assumption is correct, you should sit down with your kid using an idea collector (paper, whiteboard, tablet, PC, whatever) and plan out what you and your kid want to protect. A few no-brainers: his privacy, personal information, login data for Battle.net and other services (get him a cheap smartphone and the Battle.net Mobile Authenticator app, or the authenticator dongle), and probably a bunch of personal data like photos, music, movies, etc. Now think of how those resources can get compromised-- say someone manages to open fraudulent accounts using his address and SSN, or steal his WoW account-- and from there craft a strategy to prevent those compromises from happening, and plan ahead in case something does happen.
This, in a nutshell, is the ISO information security management process (minus the reams of documentation you'd need to maintain to be certified and confirm you're actually following your own strategy), and IMO is a lot more informative than the usual "install antivirus, use strong passwords, implement backup" mantra, because it'll teach your kid why those are important steps but not the be-all end-all of security.
I only use Linux when I brush my teeth.
Getting Windows 7 from a shop is surprisingly expensive
He didn't even look. NewEgg is selling it for $99. A 30 day WoW subscription is listed on the Blizzard store for $15. So your OS costs less than 7 months of playing just one of the games you listed - tell me again what's expensive?
A recursive sig
Can impart wisdom and truth
Call proc signature()
Install everything (Windows, Microsoft Security Essentials, the game(s), whatever else is needed) clean, update it all, then back an image and keep it handy.
Reinstall the image every month or three.
blindly antisocialist = antisocial
Why you'd consider Apple before MS is beyond me, especially coming from linux, Apple is the most anti-free.
Install MSE.
Give him a limited account (If you want, but you will always have do installations and system changes).
Run it though a router.
Keep Java, Flash, Acrobat, (any adobe), any Apple junk (Quick time), the OS, and any browsers up to date.
Install adblock plus because much malware is served through adds.
Know how to reset web settings in IE. Tools > Options > Advanced > Reset
Other than that it's coming sense, if he isn't a click happy clown he will be ok. Any OS can be infected given a careless user :)
If you're worried about your kid getting access to inappropriate things on the net, try K9: http://www1.k9webprotection.com/
"Engineering is the art of making what you want from things you can get" - Jerry Avins
You want to keep the laptop secure. You want a 12 year old to use it. You want it to run Windows.
There is no solution. There will always be security risks and in some cases a negative time-frame to deal with them. Doesn't matter how good your AV is or what utilities you put on there, if it's connected to the Internet and there's a user at the keyboard then it is inherently insecure.
Now, how "secure" do you need it to be? If you're ok with putting that laptop on a separate subnet from everything else and teach the kiddo to do a proper update check every couple of days you should be able to mitigate most of the 'risk'.... but that seems a bit much to ask.
No mod points here. I played WoW for 3 years on Linux using Crossover Games. Codeweavers has merged all of their Wine forks into one product so it's even more worthwhile to buy it now. There have been a few issues (such as memory problems on 64-bit Linux hosts), but overall it works pretty well. I had no trouble doing end-game raids (Vent works fine too).
About $90.00 New, i wouldn;t fooling arround with Used os's.
I made a security guide for hardening Windows against threats, it's at http://bulletproof-windows.blogspot.com/ - it may be useful, it's not professional by any means but I think the advice there can help a Windows security newbie.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
WoW runs perfectly under Wine, even under a dirty prefix, and has for like 5 years, maybe longer. League of Legends you must clean Prefix, and install dx9, dotnet2.0, and vcrun2008. Then LoL will work. I know from experience that this shit works.
and went all Linux in house. Told the kid to suck it up for any games that were not available on console. 5 years later I get a couple of complaints here and there but sure as hell beats reinstalling windows every 6 months. You can tell the kids to not download all you want but they're kids so it takes a few times to learn not to download files from all over the places.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Before you give in, I highly highly suggest you try virtualizing windows on a working (ideally multi-core) Linux box with Oracle's VirtualBox.
It's completely free, frequently updated, allows control of everything, including number of processors and RAM to dedicate to the virtual environment, and the only exception is the lack of support for discrete hardware graphics acceleration (But for now should be OK for the games he wants to play).
As a log term windows admin who's cleaned up more home computers than I care to count, here are my tips:
1. Ensure windows updates are set to download and install automatically.
2. Install AVG Free, sure MS essentials is good, but I guarantee every virus is written to avoid it, I go with 3rd party AV wherever possible.
3. Install Chrome for web browsing, sync the account to google
4. Setup his account as a regular user, don't give him the admin password
5. Setup something to backup Warcraft, it's a huge download, you don't want to be doing it again if you need to reinstall
And that's it, it's basic security but win7 is pretty good, the above has been enough to keep our home XP machine safe for many years.
Ultimately it's a kids computer and they're going to click anything shiny, sooner or later it will get a virus. There are a few key points to bear in mind here:
1. It's going to happen, preventing it is pretty much impossible.
2. Your other computers are Linux, so the risk to them is negligible.
3. Most viruses these days are botnets or phishing, so long as he's not spending a fortune on a debit card, the risk to him is minimal.
4. All the software I recommended will update itself, so it's zero maintenance. That's a major factor in keeping windows secure.
5. If it does end up riddled with viruses, a quick re-install over the top, followed by a sync to google and it's all back to normal, including your files and settings.
I'm a Windows guy for the most part so I'll give you my various insights from that world.
First things first - have you tried WineX/Cedega or whatever evolution it's on to try running these things on your nix boxes? I've heard of various successes and I'd assume there's got to be a write up somewhere for how to do this - at least for WoW. Not sure about LoL.
"Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost."
OEM copies are a cheap route and the only main difference is that Microsoft wont provide support directly. You're basically buying as a computer builder and saying you'll provide the support yourself. If you're anything like me you've probably never even considered that option for a consumer machine and would likely just google it or...ask slashdot. :p If you've got a domain/ldap set up at home to manage your gear and want these machines under that you'll want the professional version (home doesnt support joining a domain). Otherwise Home edition is probably fine for the kiddos. Also make sure you get the proper architecture you need (32 bit or 64bit) depending on your gear. Last I saw you could get the OEM ones through Newegg and haven't had problems with the ones I've gotten from there. Note, make sure you don't accidentally buy an upgrade version - you'll need full. ($99 from Newegg here: http://www.newegg.com/Product/Product.aspx?Item=N82E16832116986&name=Operating-Systems )
However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.
Screw the paid route. Use Microsoft Security Essentials and be done with it. It's actually not a bad product surprisingly. The only changes I make after installing is going into settings and having it scan removable media when inserted and also creating a system restore point during each scan (VERY handy when things get jacked up). Also, your kid is 12, so chances are good some internet training will go a LONG way. Teach them about about all the evils of the information super highway and let them know it's ok to simply ask you if they're unsure.
Also, he's at that age where he's totally going to be looking for porn. Let's just admit that can get that out of the way. Go ahead and install Spybot and Ad Block Plus as that'll help a bit. Spybot you/he will need to run manually periodically unless you set up scheduled jobs for it. You can either go the route of "if you're going to surf, surf safe" or you could try blocking those kinds of sites via whatever software works for you (I've got no experience with this). Chances are good they're going to find the stuff one way or another so I'd assume the worst and protect the machine from such environments. I'm sure other slashdotters will have better input for this topic. It'll also help to make them a lower privilege user - though that takes away from their autonomy and thus ability to learn how to admin their own box. Your call though - you're the parent.
How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users'
Microsoft EMET with default "full" profile is a good addition. Gives some additional protection against 0-day exploits in flash, java and other addons.
http://support.microsoft.com/kb/2458544
Been using it for some time at work with no problems.
See title. I feel it important to point out that the Lenovo T400 does not meet World of Warcraft's minimum requirements. The Intel GMA 4500 GPU that this laptop has is specifically listed on Blizzard's website as not being supported. What this means is that even if you manage to get it to run, performance will be poor and the game really won't be any fun. In fact, I have to wonder if the problems you've had related to getting it to run in wine are more hardware-related - the computers you are trying to do this on simply aren't beefy enough.
Other specs on the system are borderline bottom for barely meeting the requirements. Don't subject your kids to that. Get them a new computer with Windows 7 preinstalled. For virus protection, Microsoft Security Essentials does fine (free with Windows 7, though it is a separate download).
You may prefer Linux, and it may even work for you, and for you that is fine. But we live in a Windows world - you are doing your kids a serious disservice by not giving them Windows exposure now. They'll need that experience in 10 years when they are trying to get a job - any job - that isn't Linux development.
Intelligent responses welcome, flames will be met with marshmallows.
apple
Since he will be the only one to use it, and for games, there should be nothing of value on the computer, so some malware are not going to be the end of the world.
At worst, he will have his battlenet account hacked, so just teach him to use secure passwords and an authenticator. (You probably already did.)
As some others have already pointed out, the best is to let him experiment by himself. However, there aren't that many (common) ways to get malwares; if it happens, you'd best have a talk with him about not going to shady websites, or download random stuff (plus you don't necessary want him to go to porn websites too).
Translating - you aren't a windows guy, and you aren't going to become one for this, but you don't want to waste time reinstalling every couple of weeks or listen to your kid crying his account got hacked.
With that premise
- Set Windows updates to nightly download and install automatically.
- MSE (AV from MS) is fine, oddly enough. Its even light enough you can run a second one such as Avast! if you wish.
- NAT router in front assumed
- Leave the Windows Firewall on, don't enable file sharing
- Install Firefox, make it the default browser, load two addons - NOSCRIPT and AdBlock Plus. Remove the IE icon from the desktop.
- Council the kid that this is NOT his general internet browsing/use machine. It is dedicated for the games. Continue to browse etc. on the systems you know how to maintain.
With the above, you have no cost, minimal maintenance and the machine is very likely to stay secure for years.
--- Mercutio was right.
You can install XenClient which uses Linux as the Dom0 host, and then boot Windows 7. XenClient 2.1 is free from Citrix. You can configure XenClient with a boot password. Win7 would run as a DomU. XenClient and XenClient supports GPU on the T400 for Windows 7 and Windows XP (sadly no GPU support for Linux VMs yet)
If you wish to go with a native Win 7 install, you can install BitLocker (built into Win 7) which allows you to encrypt the enter hard drive. Be sure to write down the BitLocker Key so when Win 7 Crashes, you can mount the drive in another Win 7 Machines to get your documents,
For AntiVirus, I recommend Kaspersky since it has built in Firewall production and probably the best Malware\Virus defination list for Windows. KAV is also one of the few vendors that also supports Linux. I use the small business KAV license which allows me to protect up to 10 workstations (Windows\Linux) as well as my Linux server (running SAMBA\Sendmail\etc).
Windows 7 will be the "previous, obsolete" version in a week, so you should go with Windows 8. It's the first verson of Windows with antivirus (basically Security Essentials) included so that's one less thing to worry about. It has some security improvements over Windows 7 which is good. You can get a System Builder license, or if the PC has ever had Windows on it you can get an Upgrade license which is only $40 until January.
You will hear complaints from Windows 7 fanboys that the Windows 8 UI is too confusing and different (people say that about each new version of anything), but as a Linux family you shouldn't notice that. Under the hood (at the API level), Windows 8 is highly compatible with Windows 7 so the games will probably run fine. Windows 8 runs on any hardware that will run Windows 7 and is actually somewhat faster, which is good if you are using older hardware.
Forget about putting the page file on a separate partition or any other configuration hassles like that; the defaults should be fine and if any defaults aren't change them after they bite you (for example it's easy to move the pagefile later although I doubt that's the issue that will bite you). I do agree with the idea that you should let your kids learn and make mistakes. The first account that you set up during install has admin permissions, so that shouldn't be a personal account, instead set up personal accounts (without admin permissions) later. If your kids know the password to the admin account they can do stuff if they need to but working as normal users most of the time improves security a little (although with Windows 7/8's UAC the difference is not dramatic). Be sure everybody knows to install updates as soon as they come out - it takes about a week before the bad guys have reverse engineered the patches and developed new malware for unpatched systems. Good luck!
Do you have broadband?
They all come with a free security suite.
http://xfinity.comcast.net/constantguard/Products/CGPS/norton/
http://www.cox.com/css
www.att.com/esupport/article.jsp?sid=KB402441
http://www.rr.com/security
http://www22.verizon.com/home/utilities/security-backup
What I would do is tell him he is on his own if he wants to play these games. Maybe help by getting him a decent used laptop (an IBM T43 at least), but make him pay for and figure out everything else on his own. BTW, some friends kids used to play WOW in linux. I think they just got tired of the fees, but it worked. Not sure about other online games, as I avoid that stuff.
my oldest kid (12) now wants to play World of Warcraft
maybe he should not want that
Setup your machine accounts as you might with Linux - Your day to day account should be a user acount, not power user, not admin. Make different accounts for that admin type task.
Install Microsoft's security essentials, or choose a similar level respectable anti virus client.
Install your applications, but only install the web facing clients and applications that you need. This is not so different than on Linux where you might only open the applications and ports you need.Consider carefully wether you need flash and java. If you don't need them, don't install them.
Ensure you sent whatever you can do reasonably update properly. This includes windows updates, but more pressing is the update cycle on third party applications if you run them. These are not limited to but include adobe products and java as examples.
Run the option to make some restore points from time to time, and make sure you have a backup cycle for your own files and data.
Consider making a whitelist on a computer if you believe it will be simple, and not complex - in such cases whitelisting is a reasonable control step that can keep an environment controlled.
http://lifehacker.com/5442636/create-an-application-whitelist-in-windows-7
https://patrickwbarnes.com/blog/blog/2009/09/06/defending-windows-with-application-whitelisting/
After that, apply reasonable care in what you open and run.
I was too envious to finish the rest of the paragraph...
... would be a reasonably elegant solution. But it can be quite tricky to set up.
In any case, never run the app with admin rights. And since the thing is only for two games, well, might consider disallowing everything else including browsing on it. Do that on the well-established linux infrastructure.
Further, avoid subscription services, and norton software in general. There are good-enough free solutions provided you don't expose yourself to all sorts of weird shit. This approach to security is mostly "get something that might work, then hope" anyway, and the subscription is more peace of mind buying than anything else. Especially if you already have other infrastructure: You can tear down the software and rebuild it. So keep religious backups of the things that really matter (game logins, passwords, others?).
As already mentioned, firewall rules might help lock it all down to just the game vendor's servers. Might be a bit overdone, possibly.
You need to use a sandbox - google for sandboxie, read up on it and find out how to set it up to put your bookmarks outside the sandbox, etc.
You need to use a good browser, right now for me that's Chrome.
You need to do the customary tweaks to the browser such as ad-blocking, script blocking, etc. Ghostery seems to do well, chrome also has a noscript clone.
You can make windows accounts with limited privilege.
If you want an active antivirus you can use microsoft security essentials - free.
If you want to pay for something then get the pay version of Malwarebytes - will be active and run all the time. Otherwise the free version is "on-demand."
For myself, I never surf without a sandbox, ever, never without ad and script blocking. and in my opinion (FWIW) when you do that an antivirus is moot.
Also I use web based email, have done for years. Thus no attachments get downloaded automatically, and my email provider seems to do some a/v checking anyway.
Most infections come from drive-by downloads and that pretty much won't happen with adbock and script blocking. Most malware won't even run inside a sandbox anyway!
For good measure configure the windows box and then capture an image. If something gets messed up to any degree just pop on that fresh image and boom, rolling again with no hassles.
Use dropbox to store important documents. So if you have to re-image your documents repopulate automagically. I also use google bookmarks and lastpass.
Flappinbooger isn't my real name
The design of the registry makes it very difficult to tell what is "bloat" and what is not. Various optimizations in XP and more recent versions mean that any performance enhancements should be negligible. Unless those few hundred kilobytes are important, and the possibility of breaking software components of your system is not, you should not use CCleaner or any other registry cleaning tool.
Why would you want to have a limited browser cache anyway? Do you like longer access times?
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
I've been what you would call an advanced user since I first got my hands on MS-DOS 5.x roughly 20 years ago. I was about 10 years old. I've been through dos 5/6, win 3.1, win 3.11, win 95, NT, 98, 98me, 98se, 2000, xp, xp 64-bit, 2003, vista and now win 7 and 2008 r2. Just to give you an idea of my experience.
Somewhere around Win 95 I started to look into Linux, and have been using Linux a lot as well (Not to mention OS/2, BSD, Solaris... but thats not relevant).
I've been sticking to Windows because of gaming, and I've been running windows for many years with hardly any security issues. I got a virus from a CD that was bundled with a magazine once. Thats about it.
There have been some reinstalls due to "software aging", but the recent versions of windows seem to handle aging better, and there are cleanup tools available to help in that regard (ccleaner, defraggler).
Now a days I run League of Legends on OS X, which seems to be some sort of wine package (search for boompje for more info). It works great (except a few graphic artifacts on the highest settings). I would think it should run on linux too, through wine.
I've played WoW on Linux before (wine), and it worked fine except again some graphics issues. I don't remember exactly, but I think I was limited to software (non-accel) graphics. I think the graphics issue was due to missing drivers for my graphics adapter, and might not be an issue in your case.
That being said, if you still want to run Windows I have the following suggestions:
* Download and install an alternative web-browser (the built-in browser should only be used once, for this purpose).
* Get a decent free AV (av-comparatives.com is a nice resource. I prefer Avast as it's low on resource consumption, have decent results in tests, and does not bother you too much with advertisements).
* Disable unneeded services.
* Set up the firewall to only allow the required communication for the games (Comodo has a decent free firewall alternative if you want to replace the built-in one).
Other than that I think your chances are good given your background. The problems I've faced with windows (helping others) usually have been created due to user ignorance and lack of what I would call common sense. All though the sense in question is not as common as I would like.
If you are going to use the Windows Firewall, because it's preloaded and free, you can download an add-on for it called TinyWall (http://tinywall.pados.hu/) and can add applications, define what they can and can't do, with what and when. Allow certain ports via TCP/UDP? Allow certain EXEs but not others to access the network? Done. And it's pretty easy to use, honestly. And it's super lightweight, in terms of resources. And you can prevent modifications if you want, via a password to the settings themselves. And import/export rulesets, in case you need to nuke-from-orbit! :)
Every year I host a LAN party on X-mas Day. On Linux.
2006 - Duke Nukem 3D
2007 - Urban Terror
2008 - Warzone 2100
2009 - Doom 3 and Unreal Tournament
2010 - WoW
2011 - Enemy Territory Quake Wars
This year will be Borderlands or Halo. (Under Wine) Not sure which.
So the idea this kid needs Windows 7 is doubly rediculous. I make it my business to host contained LAN wars for Friends and Family.
Make the gaming PC as consolized as possible. Setup multiple partitions if you need to or provide a secure VM on the house server that he can use to peruse questionable sites without exposing the gaming machine and its expensive and time consuming software stack. Dont let the gaming OS browse the web, except when absolutely necessary (like steam, Blizz account pages etc) Image the hell out of the machine regularly after rolling in new changes. Treat it like a static machine, not a general purpose PC. Do not allow Flash, Acrobat or java on the machine other when absolutely necessary for gaming. Setup adequate backup protocols, instruct him on how to visit sites using secure methods like accessing it through the VM and then destroying the session.
Good-bye
I have to agree here: the laptop mentioned ain't gonna run the game in any way or form that's actually pleasant.
1) Segment your home network so that a compromised windows box can't reach your other computers. Use 2 or more NAT/wired/wireless boxes between your cable-modem and your computers. (I do much the same to keep my wireless and guest traffic away from my personal machines.)
1a) Ideally put a hub in there and silently monitor the network traffic (ON A SECOND MACHINE!) from the WIndows box by port, destination, and TIME OF DAY!
2) Get a bootable CD/DVD of Linux, a 2gig (or larger, though many older computers can't support larger than 2gigs) external drive, and make ntfsclone your friend. ntfsclone runs under linux. I've used it numerous times to back up and restore winNTFS partitions. Nothing like turning back the clock.
3) Restore frequently.
4) Use chrome rather than IE for webbrowsing. Put IE on its most restrictive settings anyway.
5) Watch out the "freebies" and downloadable stuff. To say nothing of drive-bys.
6) Reconsider Macs. They just work. You can get something decent for $1k new, or even $600 new, or for a lot less off cowboom. ($350? Though watch out for older hardware not running the latest versions of OSX.) (Also, you might check on educational pricing. Don't know if Apple does that for grade-school, but they've been lenient in the past.)
N) Graphics are pretty lean on the Lenovo T400 laptop. Processing power is low too. It might work on the lowest settings. Or you might need to consider a desktop. Newegg often has good sales, if you are comfortable putting the parts together. Try: http://hot-deals.org/ or http://slickdeals.net/.
N+1) You might suggest his friends try LOTRO too. It's a lot cheaper without the monthly fee! The recent release (as of last monday) now works with WINE on macs & linux, though you need a patch... And an official mac port is on the way.
Dear slashdot: I've been smoking marijuana since 1996, and haven't smoked crack since 1997. Now my son wants to try crack cocaine, and all the pipes and hookahs I have around the house are designed for smoking hasheesh or weed. I tried getting them to work with crack but the bowls keep getting jammed up with a slag-like substance, and always at the most inopportune moments. what kind of crack pipe does the Slashdot community recommend?
Hey, guy. Why not instaed try talkng your progeny out of the collosal, stupendous waste of time and resources he's trying to get into, and instead get him a book on basic electronic theory, a multimeter, a breadboard, some components, and maybe an o-scope or something, teach him how to build logic circuits, a radio, or something else useful?
The biggest security hole in every system is the human. Teach your kid safe browsing and general safety guidelines. Viruses don't get on a machine by themselves. Put on MSE and a firewall. Don't use third-party antiviruses, they cause more pain than the actual viruses.
Why bother with Wine? // Qubes would be ideal, but the learning curve may be too high..
Install Windows in a virtual machine!
KVM is native to Linux, but other options include Xen, VirtualBox, and even VMware...
(You can roll back to some "gold standard" snapshot if you need to)
By and large, real gamers are pretty clueless about software, know less about OSes, and nothing about security. What they know of hardware comes straight from benchmarking websites.
Generally speaking, you get ugly results when you run out of RAM with no swap file. Windows of course has notoriously aggressive paging, and changing this behavior is not as simple as on other OSes. There are a couple of registry settings, however, that govern how large the filesystem cache is and whether drivers and core components can be swapped to disk. You can also lock the process in memory if you really must.
Yes, you can more simply set the swap size to zero. Yes, many people don't have stability problems with this. Yes, you can use a wrench instead of a hammer if you have to.
If your system is having issues with paging, don't disable paging: just buy more RAM.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Make sure you enable the mobile authenticator on the WoW account (it's an Android app that shows a code to enter to login).
Other than that, well, keep stuff updated and don't run random software from random websites.
Limit the machine to run nothing but the game, and limit the machine's connectivity to the rest of your lan.
And to make it fool proof, make a copy of the disk image once it's all set up, and refresh from that copy every night.
If it gets hacked, big deal.
BACKUP the installation. Nothing is more fun than installing Windows, driver's, software, etc., and then having to do it all over again after a virus, HD crash destroys your data. Typically, when I get a *new* machine (regardless of OS), I'll do the following.
1) Backup the drive. I recommend Clonezilla (Linux based) and a spare external USB HD. Create an image of the drive contents as is, that way you can always return the drive to its original shape as received from the manufacturer.
2) Obtain hardware information as necessary from System Properties (if Windows) or appropriate boot logs, then obtain drivers online.
3) Wipe the drive and install OS as required. This wipes out the adware, junkware you get from the manufacturer.
4) Install downloaded drivers obtained in step # 2. Then install required default software. Before installing additional software you may want to take another image of the drive, that way you can always return to a fresh Windows install without software bloat...else, create another image after installing your software.
5) Microsoft Security Essentials (as previously mentioned), Firefox with NoScript, or other appropriate browser. Remove IE icons ;)
In the future, if a virus rips apart your data, all you have to do is use CloneZilla to restore your saved image onto your HD, and you are good to go. Likely no more than 20 minutes to 1 hour (depending on hardware configuration).
Have to agree, I just upgraded my girlfriends laptop for WoW, I got her an Inspiron 15r Special Edition (the one with dedicated graphics). You really do save your self a lot of hassle getting something that will actually run the game. At $800 with windows installed it really is not that expensive.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
A software developer who thinks a mac is expensive......
You're a plant, probably a micro-smurf planting a little free advertizing for the impossible, securing a Windows box.
Buahahahahaha!!!!
... (but can't afford $90 for Win 7 Home?)
1. [Re-]install the OS that came with your laptop - you already paid Microsoft once (both games run under Vista/XP)
2. Microsoft Security Essentials and Malware Bytes together are an excellent way to protect against malware etc,
But more importantly
"the kids have [...] their Nintendos, PS2/3's and mobile phones"
yet your kids have to forego traditional PC gaming or suck it up on a crappy laptop because you """"can't afford"""" to give them a reasonable gaming PC?
Yes - reasonable gaming PC means Windows, not Wine. Suck it up cupcake. By all means, I encourage you to be angry about the matter and get to work on sponsoring/contributing to the Wine project, etc - but right now - they are NOT viable alternatives and those are your kids. If they turn out to be interested in programming/etc, then later on you can start holding the carrot of bigger/better gaming hardware for Linux boxes if they want to get involved in those projects. But for now - they just wanna play games, and that means a decent PC running some version of the MS OS. Quit trying to be a technohippie and let them play.
-- A change is as good as a reboot.
1. I also heard good things about MS's Security Essentials but still highly recommend a 3rd party AV with integrated firewall. ESET or Kaspersky are my preferences.
Ran MS's AV for ~18 months on one of my laptops. It's light and it gave some credible warnings from time to time. However, MS's AV / firewall solutions are for kids :). They are designed to avoid as much as possible prompting the user with dialogs, which is good for novices, but... the firewall doesn't actively monitor outbound traffic to prompt you about programs initiating connections not matching your predefined rules and the AV may not catch 0-day malware to be found in the dark corners of the Internet. In the past I ran Kaspersky for ~8 years and while it's good as an AV / firewall, it was a nightmare from an usability point of view, always changing GUI to include neat tricks from one major version to the other and exposing every minute detail of its rules engine to the user without making it humanly possible to fully understand the big picture of how it works. I've been running ESET for ~2 years and I'm really happy with it. It's even more light weight than Kaspersky, just as good as an AV and has a really good GUI, mostly staying out of the way and doing its job. Bottom line is that you may be covered by MS's free solutions in year 1 (especially with Firefox as a browser and running as a non-admin) but if the machine becomes the kid's main computer I strongly recommend getting the 3rd party AV / firewall.
2. Let him run as a normal user but be ready for some pain as he'll certainly hit errors caused, non-obviously, by software expecting admin rights
I always ran Win as an admin. The old Win9x were designed like that but the newest NT, Win 7, is MS's best attempt to let you run it as a non-admin and still get your work done. However, you will hit errors caused by software expecting admin rights and it will not be obvious this is the cause. The best way to run it as a non-admin is to sit down with your kid after you've installed his required programs and try using them as he would while running with his account. If you get errors, investigate and loosen the restrictions, if required. Then tell him that if something doesn't work, he should expect a fix when he gets back home or over something like TeamViewer but not by you providing the admin password over the phone. If you can be that disciplined, after an initial shaky period he'll be able to run as a non-admin.
Win 7 is clearly the best Win ever so you won't have such a hard time. Easy to run, rock stable, compatible with loads of ~older programs and very likely taking the role of XP as Win 8 looks to be another Vista. If you can also add a SSD to that laptop you'll get a very pleasant machine to work with.
... is to not play the games at all?
Have you tried Play on Linux? http://www.playonlinux.com/
the t400 CANNOT run WoW at all, it won't even boot up. It will give you a hard error as it doesn't meet the minimum requirements. Well it will start but it will error/crash out soon as you try to load a zone. It will not run on GMA integrated. If you want to run a cheap laptop that will run the game VERY VERY VERY VERY VERY poorly, get an i3/i5/i7 with HD4000 minimum. If you want to play LoL and WoW at least somewhat respectably on medium/low graphics, get an a10 mobile. Lenovo does sell them if you're sticking with Lenovo for brand loyalty or something, get the newer a10 4600m. It will run all current games at fairly low res and not great quality with an ok framerate. Nothing will look fantastically pretty, but it will run smooth and be cheap as all heck. If you happen to have spare power supply and such around and some other spare parts like a small 200-500GB hdd, a power supply, a cheap case, you could even buy them them a brand new desktop to play on, even hook it up to the TV via HDMI! It will be worth the money to be able to play ALL games at very decent framerates for cheap(though it won't be the prettiest, it'll still beat their gaming systems by a good deal). Gaming on a laptop is kinda painful anyhow.
Also Microsoft Essentials is actually pretty awesome. You can knock windows all you want but tbh, that's a good product from them to match up with windows. I like malware bytes as well and your usual noscript on firefox or chrome(I pref chrome)
It'll actually crash out of the game with an error if you try to load a zone. You could get them a cheap desktop and hook it up to the tv just like their consoles with some cheap wireless mouse/keyboard, make a tray and it's just like home for them. I suggest honestly the new a10's if you want bargain basement pricing. Just match it with the fastest ram it will support and maybe a 6670 for crossfire support. It'll run everything they want that's current out. You're acutally in one of the few instances I'd suggest that solution, it runs WoW and LoL beautifully and you can play skyrim/crysis 2/etc whatever YOU want at an good framerate and better than console graphics.
Having logged maybe a year or so playtime (!!) in both those games combined, I can tell you that not only are they both very addictive, but the playstyles of both those games require an inordinate amount of time to even be able to attempt to play at a decent skill/gear level. They are both designed to suck as much time out of people's lives as possible. This may be an ok thing for lonely adults, but you're setting yourself up for some major disappointment if you don't put your foot down now. Making him pay for his own subscription sounds good at first look, but you are, in fact, giving him control over something which will in fact control him. Good luck taking away something he feels he rightfully 'owns'. Another issue is the environment of both those games are not good for children. Horrible in fact. You are essentially allowing him to play in a virtual dive bar, with all the crappy people and whatnot that goes with it. Lastly, that laptop doesn't look like it will run either of those games at an acceptable framerate. Lol's engine is poorly optimized, and will eat most older computers alive - the same goes for WoW, but for different reasons - the engine is sleek, but there's just so much going on at a time that it will crap on your computer when it most matters. If you want to send your kid into an abusive environment, try sports or something.
Truecrypt
I work for a fairly large firm that cleans up after msse and the like. they are all ineffective - they all miss new injectors especially tdl/tdss family, zero access/sirefef and various fake av/as. However There are some simple thing you can do that will make it difficult for your Child to get infected in the first place.
1) apply your updates before handing your child the laptop. activate Microsoft updates and apply them after you install ms office (if you are using this) .net exe's and environment (much of the windows stuff breaks the rules and needs .net 1.1 and wont use .net 4 despite your intentions)
1a) install ie9 even if you dont think it will be used (see below) as many programs like imvu etc use it to draw thier ui and pull ads
1b) install all updates marked optional -- esp root cert update, various
2) install flash , shockwave do not install java unless it will be used at school or for pogo.com or for openoffice
2b) if using java set it's update frequency to daily.
3) open the internet control panel (inetcpl.cpl)
3a) goto advanced options, set "Smart screen filter" to ON.
4) install choice of Firefox or Chrome and do not use ie9 for browsing (except for school) since ie9 advertising blockers are so ineffective
5) install adblock ( https://adblockplus.org )
5a) install the malware domains blocking list ( https://adblockplus.org/en/subscriptions -- full url is abp:subscribe?location=https%3A%2F%2Feasylist-downloads.adblockplus.org%2Fmalwaredomains_full.txt&title=Malware%20Domains
5b) install the ad blocking lists -- your choice of easy list + easy privacy, fan boy + fanboy annoyances
6) install recuvra (easy un delete), ccleaner (simple cleanup of temps), malware bytes (do not install trial, instead buy it for automated updates, automated scans and nice light web site scanner), tdsskiller and file hippo updater (do not run on start up its far too slow and annoying)
6a) configure malware bytes options "Terminate IE during Threat Removal" and "scan for PUPs and check for removal"
7) install child's favorite software, printers , etc ensuing their update checks are left enabled and that latest from the web versions are enabled.
7a) run printer update software to catch last minute driver updates (hp is famous for this silliness).
8) tune up pc using autoruns -- do not disable any updater for the above software since the bulk of user side issues are caused by outdated software.
9) Make a standard user for your child
10) configure the child's preferences to use Firefox or chrome and double check the adblock lists are properly enabled.
11) log child into their websites and except them from cccleaner cookie and flash cleaning
12) setup child's favorites, tool bars
13) [optional] setup parental controls
14) install and configure some kind of online backup - acronis, carbonite, mozy, etc.
15) take a bare metal image using acronis, clone zilla, etc
15a) make certain to take an image of the mbr and partition table (the new tdl/tdss/pihar creates a active hidden partiton if you get this, windows images wont overwrite them)
Weekly maintenance
1) run file hippo updater, install found updates
2) manually run windows update
3) run ccleaner
4) update and scan in mbam
5) update tdsskiller and scan with it. accept it's defaults to ignore things
6) review app wiz (add/remove programs) . ie, firefox, chrome for tools bar that slipped through and disable/remove them
6) if substantial changes are made add changes to your bare metal backup.
List of verbs, nouns, etc to provide child -- if software offers to do any of this, reject it or look closely since it's "near the line" ... ( web caches, "Make the web better", "Default Search Tab", "Fast Web Search" etc)
1) provides smiles or "makes the web fun" ( example: crawler, "Fun Web Products" )
2) Helps you find
3) Helps you search ( "My freeze", "Web Tattoo", etc)
4) Add something to w
This reiterates a few previous posts, but here are some comments in a nutshell:
- The T400 won't come close to running WoW, even if it has the premium discrete graphics that were offered at the time it came out. Integrated graphics? WoW won't even load. Build or buy a cheap desktop from a couple of years ago with a decent $50 graphics card and you'll be much better off.
- Windows 7 + microsoft security essentials will keep you secure. Then you need to teach your son the same basic internet security you need on any net-connected device -- don't fall for phishing or fake download schemes. There's no reason to buy third party AV.
- If you're buying a new OS license, you probably should just get Windows 8. It's less resource intensive than Windows 7 in every way, so if your son is trying to game on legacy hardware, that will help. Additionally it has full antimalware built in, along with a raft of improved security features. And finally, with the special offers these days, it's probably cheaper (if it's not, you're probably not getting a legal Win7 license).
- I'm of the opinion you give your son full admin to the computer, and if he breaks it, well, he learns how to fix it. Restricting him to a limited user account just means it's harder for him to learn. You should take other steps to protect your network in case he busts his PC, but that's awfully hard to do with Win7/8 and basic AV software.
--------------------- -me, Crusher of those who are Foolish (don't be foolish)
...Then I would suggest Kaspersky: http://www.kaspersky.com
It's comprehensive, it has signatures for almost every virus/malware/etc out there. (I've used it to remove stuff from some of my friends' machines that their installed antivirus program wasn't catching.)
It's simple to use, my dad has it on his machine, and he's around 76 so I don't think that your son or you will have problems using it.
It's customizable, you can lock down your laptop as much as you like using the 'Parental Controls'. (My dad uses it to keep from accidentally wandering into parts of the Internet he'd rather not see. Also, you can lock the system down by: limiting the time the computer is run (no more late night sessions), limiting the places on the internet the laptop can connect to (so the laptop could only be connecting to the gaming sites), and limiting which programs be run (limit laptop to running just the game programs)).
It's lightweight on a system, the parts (modules) were designed from the ground-up to work together, so it easily runs in the background without consuming lots of resources.
Here's a list of things you can do:
Malware Prevention
Installing an antivirus makes sense in your case, but I'd still do some things _before that.
Backups are crucial and I'd recommend setting up a Standard user account (keep the Admin password to yourself). With that in place, troubleshooting becomes much easier.
how well do these games run inside a VM? Perhaps the answer is to only use the hostOS for those games, and everything else run through your linux distribution? That could limit your exposure considerably.
First off you sound like you know a think or two about computers so I am suprised you didn't look for a OEM Install. You could have gotten Microsoft Windows 7 Home Premium SP1 OEM for $100. That would give him the Windows base he needs at a fraction of the cost, tho you still may think that is expencive if your running free versions of linux.
Overall Windows get a bad rap in the linux community; I know I am a big fan of both and find the puritist on both sides who look down on each other, and me. Now I know a lot of Linux guys like to make Windows sound scary with tons of viruses and malware and to be truthful there are more viruses and malware for Windows then linux. This is mainly do to the fact Windows is a larger platform taget. Windows has its own antivirus/malware called Microsoft Security Essentials (have to download) and a built in software firewall (pre-installed), Windows Firewall. these will do just fine and are free with your version of Windows. Also make sure to use windows live update to download all security updates.
Like others said Firefox with Noscript is great and will help censor website a bit. Tho IE9 was rated as being "The Safest, Most Secure Browser" in 2011, IE9 caught 99.2 percent of Web-based attacks during the test.
1) install Windows 7 and set a password for your account.
2) Install all MS Service packs, patches and MSE.
3) Make a Limited user account, and log into it. This is your Kids account
4) Install Chrome for that user, give him a Gmail account to backup settings (in case something does happen to the system) and install Adblock plus with the Easylist filter on it. Set it as the default browser. Hide or disable IE afterwards. This also sandboxes the browser even further and gives him flash player and PDF functionality without having to worrying about updating those.
5) DO NOT INSTALL JAVA!! He doesn't need it, it's full of exploits, and every exploit kit on earth uses it to infect your box! If he needs Java for Minecraft (and seriously this is the only reason to install Java. Anything else say no.) then Install the 64 Bit version and run it from the minecraft executable on Mojang's site. The 64 bit version of Java doesn't work for browsers other than IE 64 (which you uninstalled) so just install that one and update it manually since the clueless idiots at Oracle hasn't figured out how to auto update 64 bit java for some reason..
As for games.
1) install the game as the admin. Try it on his user account. If it works, Great.
2) If that fails or if you just want to simplify setup, use UACTrust to make a shortcut that is pre-trusted. Since it's unlikely WOW or LOL will hack the machine directly, you can use this so he can play the game while the other stuff is user snadboxed.
Other notes:
You said you're letting him use a Lenovo T400. Ban him from using USB devices on the left USB ports unless you want to replace a Board for $300. If he must use USB, Only use the right USB port by the CD-Rom and use a Hub. That port never breaks.
In Soviet Russia, Trojan exploits YOU!
buy or set up a linux firewall, keep the Windows box patched.
There was an unknown error in the submission.
Install the gaming software and lock it down with DEEPFREEZE.
problem solved.
1. (quite obviously)- make sure that non-administrative account is used for daily tasks 2. install all required updates (and set up AV for updating itself) 3. install EMET 3 - its a freeware, you can call it a "DEP on steroids"- its usefull to protect against so-called "0 day exploits" 4. if possible - run those applications within sandbox - there is a great program called "sandboxie" (no, i do not advert for it)- free for most uses, you can buy a license (which is cheap), easy to use.
IE has gotten a lot more secure too and is better than FF in this area. FF had 4 0 day exploits that 16 just fixed. The best is still Chrome as Chrome has dual sand boxes and IE 9 has 1. FF has 0! I would even go out and say for Grandmas and corporate users it is surely usable as a day to day browser now contrary to what slashdotters tell you who have not touched it since IE 6 11 years ago.
Flash is now sandboxed in FF but that is it. I would recommend Chrome as they are very quick to patch 0 day exploits with adblock.
Might I be so bold as to suggest installing Oracle VirtualBox on a computer running GNU/Linux and then create a virtual machine for the Microsoft Windows guest operating system and install World of Warcraft. Configure the virtual machine to forget its current state when shutting down which has the effect of providing a clean slate with only the originally installed operating system and applications. Ideally run the virtual instance in headless mode and rdesktop to the instance on the same computer to lessen the likelihood of your child messing up the configuration. However, if you go with a Microsoft Windows as the only operating system on the notebook computer make certain Microsoft Security Essentials is installed and properly configured. As a precaution make a disk image as soon as Microsoft Windows, Microsoft Security Essentials, and World of Warcraft are installed for the first time and before use. A dd restoration is much faster and easier than manually installing the software again.
Not totally but the paging algorithm of XP has been replaced with the one Unix uses. Windows 7 auto defrags once a week slowly in the background where it is not noticable. It is still a good practice to defragment on a fresh installation after you install all the software including WOW which is very very VERY fragmented due to fact it is bit torrented in chunks and patched.
Windows is a lot better than it was since XP.
Also unless you have a separate hard drive you gain no performance advantage for creating a separate swap partition. With WIndows 7 the only time I had to mess with VM and use a separate raid 0 external hard disk was when I ran 10 VMs of Server 2003 with Exchange and the 8 gigs of ram and disk access were burning my laptop hard drive up! But that is a strange unique case scenario not commonly encountered by 98% of desktop users.
It's as much about what you install as it is about what you DON'T install.
Don't install Java, or if you do, disable the browser plugins. Don't install the "software" that usually comes bundled with any printer drivers. Don't install anything from Norton.
Don't give the kid an admin account. Don't let him install things without asking. And then, because he won't listen to that, tell him about the common things that claim to be legit, but aren't - "media codecs", cheat software, etc. Windows has gotten secure enough (starting with 2000, then further improving with XP, Vista and 7) that it's now easier to hack the user than the software - so add some defenses to the weak point.
Other than that, you should be fine. Slap Firefox/Chrome on there, install MSE and MBAM, and keep everything up-to-date, and you'll be as good as I am.
Oh, and keep a backup of anything important. If you're like me, you'll need to do a full reformat/reinstall every two years or so, due to either a virus or just a slow system.
Absolutely not. HoN, dispite the issues wrt MMR, is *much* better then LoL. Sure it has a steep learning curve, but a 13-year old will absorb it pretty quick. It can take a year before you're good enough to go mid, so it's much more challenging. It's also f2p since gamehon so it's only $5 if you want verified status or $0 if you just want to play.
A couple problems with what you're doing:
1. Games on a Lenovo?! Lenovo is Chinese for 'shitty laptop company' Their computers are for business, not gaming.
2. Norton? Norton's a scam. Just use Microsoft Security Essentials. Even if you get a virus, who cares? Worst case, reformat, start over.
It's not so complicated.
Thanks for your answer.
Sorry, I did not really appreciate that T400's vary that much.
The T400 I have here, has an Intel Core 2 Duo P9500 @ 2.53 GHz, and a ATI RV620 [Mobility Radeon HD 3400], 4GB of ram, and 120 GB of SSD. The CPU seems to match recommended, and the GPU is somewhere just below minimum?
There is a cost thing here - if he wants more beefy hardware, he must raise the money.
MSE is a great start, however, I'm a much bigger fan of whitelisting than blacklisting.
Applocker. It can be run via local GPO. Set it to default rules. On your Admin account, install whatever he wants. I use AppLocker to admin Windows 7 machines at my work ( gasp! A *Windows* admin on Slashdot! ), and we haven't seen a single virus since.
Ignoring external things like a firewall and without getting into why:
1. Run windows 7 *64-bit* and ensure DEP is enabled for all processes (again 64-bit is important!).
2. Don't install any adobe products (acrobat,flash,etc) or limit flash to a secondary browser profile and/or use FF flashblock/Chrome "Click to Play"
3. Use Opera as your main browser
4. Install ClamAV and set for daily nightime scans (no realtime BS)
5. Occasionally boot from an AV rescue cd and scan the system from outside the OS (I've used Avira and Kapersky)
I'm guessing the fact that this got marked flamebait means some people here don't know what a hakintosh is and its not a bad idea. That said, windows security essentials does the trick nicely.
I want a list of atrocities done in your name - Recoil
Remove the email and web clients.
Only use it to play that one game and nothing else. Restore a snapshot everytime its started up. Dont give them any rights and could even make the game autostart/seamless window.
---- Booth was a patriot ----
The quality of your average new laptop PC at $500, with it's crappy 15" screen and standard 5400 RPM harddisk, is really not comparable with a MacBook Pro's IPS-display and SSD.
Nevermind the fact that you will have to run the hell-that-is-Windows instead of a proper UNIX O/S! Grow up, little boy.
Yes thanks. It was actually the one we got closest to working, but it failed to start properly. My son told me that it had installed the US version of WoW and that his account (which he uses from school) is european, so it refused to start. Or something like that.
At this point it just seems a whole lot easier to go with Windows.
To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral
---
* Want to do a job RIGHT? Learn to do it yourself, right, first... then, do it yourself!
APK
P.S.=> There you go...
... apk
Remove all other applications from start menu and make it known that if the machine is messed up, it will take you weeks to get to re-imaging it.
Go onto Cowboom or eBay and get a used Mac. Blizzard has great Mac clients and you will not have to worry about the viruses, etc. The upfront cost may be greater but the Total Cost of Ownership will be less. See if you can find a Mac Mini that meets the specs - any one made in 2009 or later will do as they have nvidia graphics.
I maintain a machine much like the one to be used by your son. You are right to give up on trying to get these games working in Wine. Even if you succeed, the next patch might break it. It creates an unreasonable amount of recurring effort, which you can avoid entirely for the cost of an OEM Windows licence, which is really, really cheap in comparison. Sure, this is not what Stallman would say, but then he does not support PCs for a family.
Here are some suggestions:
1. Windows 7 on a new laptop.
2. Install Microsoft Security Essentials. It's free (beer). Don't bother with Norton.
3. Create a regular user account for your son. Ensure the account is not able to modify system files without asking for the admin password. This prevents most of the nasty things malware tries to do. WIndows security is actually really good these days.
4. Order a Blizzard authenticator to go with WoW. This excludes more nasty things that malware might do... just in case!
5. Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.
6. When working with Windows, use the same patience you have to use when working with an unfamiliar Linux distribution. Don't expect everything to be straightforward or logical, and be pleasantly surprised when it is. The only extra thing you need to beware of, but Linux users do not, is that there are scam sites which offer to "help" you with common problems, e.g. device driver issues, and serve up malware instead of help. Good practice is to research Windows problems on a Linux machine.
You're an immobile computer, remember?
Don't even bother trying to secure the box beyond Microsft Security essentials. For good measure, maybe periodically hop to Trend Micro's site and run Housecall on it (in addition to MSE). But honestly, there's no chance in hell that a PC under the responsibility of an adolescent will come out clean after any material amount of time. He'll be downloading music, videos and games before you know it, and turning your laptop into a petri-dish before you know it.
What do you mean you "couldn't get wow to run on wine"?
WOW has a platinum rating on wine's appdb.
For those of you who don't know, platinum means that absolutely no tweaking is required at all.
If they want to game on wine though, make sure you get an nvidia card. It's the only way to go. Sure ATI/Intel are more open, bla bla, but if gaming's what you want, then it's your only choice.
no bad that most games need admin to work
NO NO NO. Never put the swapfile on an SSD. An SSD has a limited number of writes available to each cell, which is not true of spinning disks. Nothing will kill an SSD sooner than using it for swap.
Just get plenty of RAM (it's cheap now!) and don't worry about it. Let Windows manage the swap and make sure it's on a spinning disk.
Hail Eris, full of mischief...
E pluribus sanguinem
i have used days and weeks repairing windows and recently calculated the extra cost of maintaining a pc versus buying a mac, if you value your own time do consider using a bit of time to get a used imac, which should be possible for half price for a two year old model, absolutely sufficient to run wow, and close enough to linux to feel you're in the same boat:)
Surprised I haven't seen this mentioned, but in addition to MSE, Microsoft also offers a second exploit prevention/mitigation tool called EMET http://www.microsoft.com/en-us/download/details.aspx?id=29851
I suspect that one of these choices is incorrect. Correct.
for 500 you could get him a desktop that'll play both those games stunningly
The answer to your question is, learn to be a parent and say "NO" to your kids.
What they are asking is outside the scope of risk you are willing to assume, so they don't get to play WoW.
Too bad, so sad. Just tell them they can't do it.
I play wow on wine, and its really really really easy, stable, and feature complete.
don't know abtout that other game
You can buy Windows 7 now for ~200$. Or you can buy Windows 8 now for ~70$. Or you can buy Windows 8 as digital download in a less than a week for $40.
http://www.microsoftstore.com/store/msstore/html/pbpage.Windows_8_Pro
It's up to you, but if you've got a few *NIX machines on your LAN, and know enough to as Slashdot, you can deal with burning a DVD.
I maintain a machine much like the one to be used by your son. You are right to give up on trying to get these games working in Wine. Even if you succeed, the next patch might break it. It creates an unreasonable amount of recurring effort, which you can avoid entirely for the cost of an OEM Windows licence, which is really, really cheap in comparison. Sure, this is not what Stallman would say, but then he does not support PCs for a family.
Here are some suggestions:
1. Windows 7 on a new laptop.
2. Install Microsoft Security Essentials. It's free (beer). Don't bother with Norton.
3. Create a regular user account for your son. Ensure the account is not able to modify system files without asking for the admin password. This prevents most of the nasty things malware tries to do. WIndows security is actually really good these days.
4. Order a Blizzard authenticator to go with WoW. This excludes more nasty things that malware might do... just in case!
5. Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.
6. When working with Windows, use the same patience you have to use when working with an unfamiliar Linux distribution. Don't expect everything to be straightforward or logical, and be pleasantly surprised when it is. The only extra thing you need to beware of, but Linux users do not, is that there are scam sites which offer to "help" you with common problems, e.g. device driver issues, and serve up malware instead of help. Good practice is to research Windows problems on a Linux machine.
It really is not difficult.
The above suggestion is good. I would do a couple things differently:
1. Windows 7 on a new laptop.
For gaming purposes I would recommend a desktop, with a discrete video card. It does not need to be a high end (expensive) system, but the additional performance from a non-mobile version of one of the current generation processors, and of a discrete video card, will be noticeable.
5. Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.
Windows 7 included backup is quite capable. It can make full system images (bare metal) as well as pretty much any other type of backup you desire, either on demand or on a schedule. Recovery can be done from within windows, or by booting from the windows install disk, choosing repair, and selecting the option to restore from backup. If you only do a full system backup, remember to make a new one every once in a while, as it can be tedious to have to apply a long series of updates to an out-of-date backup.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
Uninstall windows, install Linux?
You said that you want the steps to be "simple enough for a 12 year old to perform." At that age, kids are liable to pick things up real quick, especially if he wants to get into gaming. He is likely already familiar with how machines run. Maybe this is obvious to you, or it isn't. I don't know. If you want a certain product line or security with your system, he'll probably get to the point where he can maintain it.
who cares if someone wipes the whole drive or captures every key stroke of a WoW gaming session. it's a gaming computer.
Linux is more secure by default, but from Win7 on, MS provides your machine with free AV software. Stop shitting on MS - they now have decent OS' and the only security hole is the user - IF he's searching for REALLY weird pr0n and installing software from those sites (or other blatantly scam sites).
I've been using both OS' for years. They both just fucking work - yeah, windows too, without reinstalls, blue sceens or other shit. I have Win7 installed from it's beta times, then I just installed it ONCE when the pre-order came - and for every day it has been working fine, it isn't cluttered and i didn't have any problems so far - for YEARS, from BETA to the time when the next OS version is going to ship. Company I work in has 95% MS environment (servers have Linux installed), and has had no anti-virus software installed for years - because properly educated workers just don't fall for the scam sites and aren't installing god-knows-what shit scammers come up with. Suprise - Xp / Vista / 7 work just fine.
EDUCATION is the key here - you can give condoms to your kids, but if you don't tell them how to use them properly - you're gonna have a bad time!
I used to be an AVG user and it was my default setup when others asked me for help, but it's gotten bloat-y, slow and upgrade-naggy, and MSE does what it covers. Right now I'm MSE, Spybot Search & Destroy, and Firefox with noscript (among other things). I've got Malware Bytes as well for my kid's machine.
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
Other specs on the system are borderline bottom for barely meeting the requirements. Don't subject your kids to that. Get them a new computer with Windows 7 preinstalled. For virus protection, Microsoft Security Essentials does fine (free with Windows 7, though it is a separate download).
You may prefer Linux, and it may even work for you, and for you that is fine. But we live in a Windows world - you are doing your kids a serious disservice by not giving them Windows exposure now. They'll need that experience in 10 years when they are trying to get a job - any job - that isn't Linux development.
If you are getting him a new laptop, make it a MacBook Pro. He will have a great OS, that will still run WoW and LoL, and can still have Windows in a VM or dual-boot situation if he wants/needs it. And since OS X marketshare is continually going up, you are giving your son truly useful experience going forward, because with my scenario, he can actually place all THREE major OSes on his résumé. Now that's useful!
I've read a lot of good, interesting posts. You should let him break things a few times so that he can be familiar with the reinstalls: it is a wonderful opportunity to learn how to fix things on your own. Also, you can set aside some time to go over things together. I've always fixed things for my dad when it came to tech related issues... so I can only imagine what it would have been like, had my dad sat down with me with some floppies and gone over DOS commands back in the day...
you need psychological help
diservice? bullshit. how about teaching your kids not to be traitors to humanity, what's that worth?
http://preyproject.com/
Casteism
Don't give the users admin rights, ensure the machine is patched and runs virus protection.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Seriously. Considering reinstalling windows on a biweekly basis? For a 12 year old kids world of warcraft PC?
We're not talking trade secrets or even your household finances being in the clear as the result of an insecure PC. The insecure PC, which is behind a router and only has connections to assumed properly secured Linux boxes. Just install a copy of AVG Free and the free version of Malware Bytes and be done with it.
If you still don't think that's secure enough to your liking, buy a copy of DeepFreeze - once the PC is in a good working condition, Deepfreeze will restore it to that condition everytime the machine is restarted, cleansing it of any and all changes since the last restart. Probably a bit overkill as well.
Really, just make sure the rest of your computers are secure and let the kid play. And while you're at it, buy another Windows PC for your other kid to use and get familiar with. They're soon going to need to be familiar with computers besides the ones that you've carefully configured at your house, be it in their schools or in their future workplaces. Unless they're going to be Linux developers or what not, i would say that you're doing them a disservice by not letting them have access to the OS they'll likely use more than any other once they fly from the nest. And yes, part of that is learning what to do when their Windows PC gets a virus or otherwise malfunctions.
Again, shouldn't be any problem - sounds like the rest of your network is secure, so a single machie running amok is still essentially sandboxed off from the being able to harm any other machines on your network.
7. Install PSI from secunia in order to keep the update-hell in check. Run it once to check if everything is up to date.
>
+1 on step 7: running PSI secunia - it's a great way to find exploitable software that windows update doesn't catch.
That + MSE will get you 99% of the way there.
So get the kid an iMac, and use that.
Ok, so the Mobility Radeon HD3400 is slightly better than the GMA 4500, enough that it does technically make the cut for meeting WoW's minimum requirements, but it is still an underperforming, dated chipset. Performance in WoW will still be sub-par. And yes, I have first-hand experience with the HD3400.
Seriously, do your kids a favor and get them a new computer with Windows 7 (or even Windows 8) preinstalled. A $500 desktop machine will do just fine, and won't spoil them in the "beefy" category.
Intelligent responses welcome, flames will be met with marshmallows.
The US Department of Defense makes many of their security guides available free to the public. They're very good starting points for securing operating systems with some really good best practices baked in. Note that anything marked "FOUO" (For Official Use Only -- AKA "sensitive but unclassified") is not available to the public. It won't let you download those because you have to be a member of the DoD's extensive PKI system.
Many private companies use these "STIGs" as well, since they're also available for S-CAP compliant scanners.
They are available for free from the US government here.
And run windoze in a virtual machine. If something goes wrong (And it will), all you need to do is reload a fresh copy of the VM
I try to keep this short... #1 The Lenovo T400 will not run the World of Warcraft or the League of Legends. It doesn't have the needed hardware to do so. Check the recommended hardware requirements for both of these games, and make sure the computer you'll give him has a decent CPU, enough RAM and, this is important, a good GPU. Your problems with World of Warcraft and WINE probably were caused by the insufficient hardware. #2 Windows installations these days are theoretically pretty safe to use. But you still want to install anti-virus software such as F-Secure, or Microsoft Security Essentials. You can fill up the Windows with tons of free software including the browser and the necessary utils. It's important that you at least install Mozilla Firefox or Google Chrome. I recommend Google Chrome because it comes with it's own Flash, and is updated automatically without user interaction, and because it has way better user interface than what Firefox has. #3 Also get a disc image tool. I know from experience that after everything has been set, it takes maybe two months and the kid might make the system go into such condition, that it will not boot up, or might require huge clean up operation. HDD cloning makes it easy to restore the system in case of a failure. #4 Give your kid freedoms! Let him experience and experiment with all kinds of software and operating environments. Make him understand that nothing he does, will break the system. It's also important to teach that if the system breaks down, he has to be able to restore it by himself. And don't let him use the HDD image. Make him do it the complete Windows installation process. #5 To fight against Blizzard account hacking, make sure your kids use Blizzard authenticator.
I try to keep this short...
#1 The Lenovo T400 will not run the World of Warcraft or the League of Legends. It doesn't have the needed hardware to do so. Check the recommended hardware requirements for both of these games, and make sure the computer you'll give him has a decent CPU, enough RAM and, this is important, a good GPU. Your problems with World of Warcraft and WINE probably were caused by the insufficient hardware.
#2 Windows installations these days are theoretically pretty safe to use. But you still want to install anti-virus software such as F-Secure, or Microsoft Security Essentials. You can fill up the Windows with tons of free software including the browser and the necessary utils. It's important that you at least install Mozilla Firefox or Google Chrome. I recommend Google Chrome because it comes with it's own Flash, and is updated automatically without user interaction, and because it has way better user interface than what Firefox has.
#3 Also get a disc image tool. I know from experience that after everything has been set, it takes maybe two months and the kid might make the system go into such condition, that it will not boot up, or might require huge clean up operation. HDD cloning makes it easy to restore the system in case of a failure.
#4 Give your kid freedoms! Let him experience and experiment with all kinds of software and operating environments. Make him understand that nothing he does, will break the system. It's also important to teach that if the system breaks down, he has to be able to restore it by himself. And don't let him use the HDD image. Make him do it the complete Windows installation process.
#5 To fight against Blizzard account hacking, make sure your kids use Blizzard authenticator.
1 - Changing the region for the WoW install is easy, but does have the potential to be a little time/bandwidth consuming. See the blue post here: http://eu.battle.net/wow/en/forum/topic/5207771231
2 - Your idea about keeping an image for a fortnightly restore is a recipe for security holes, unless you're happy constantly repatching and upgrading everything at the same time. I prefer to keep a list of what I need to install along with any install media I need to do a clean reinstall of the essentials any time malware strikes (which is very rarely) or performance is a bit off (which is a bit more often), letting me get back to a nice clean state where I can reinstall anything else I'm using at the moment and recover my data, usually tidying it all up in the process. I also do an incremental image every couple of weeks in case of emergencies. My list currently looks like this, in order of installation:
Avast Antivirus, Anti Malwarebytes, MS Updates, Firefox (plugins: adblock plus, https everywhere), Adobe (Air, Reader, Flash), CutePDF, Silverlight, VLC Player, Java, BatteryBar (if laptop), OpenOffice (or whatever)
Want to reduce pagefile.sys contributing to excess head movement AND filesystem fragmentation? Use a 2nd harddisk... perhaps not an option on laptops, but it works by removing that duty from the MAIN HDD, & relegating it to its OWN disk + thus, its own set of head movements (& in a dedicated partition to reduce fragging on THAT disk too).
APK
P.S.=> For example - I do it this way (along with other things, & on a "TRUE SSD" (not based on FLASH ram & it's performance degrading life expectancy lessening "ways")):
---
1.) I move files around to different drives (1 being what I call a "TRUE SSD", that uses DDR RAM, the Gigabyte IRAM 4gb PCI-e 8x slot based SATA 150gb/sec. solidstate drive I have)
&
2.) A Promise Ex-8350 PCI-e 8x slot based 128mb ECC RAM Raid 6 capable Caching Controller (that controls 2 10,000 rpm Western Digital 16mb buffered "Velociraptor" HDDs)
---
(Both supplementing the existing caches noted above @ the Operating System filesystem level, AND, the block device level)
I move the following things off of my WD Velociraptor 10,000 rpm 8mb buffered (which also lessens physical head movement on disks & THIS is where I am going to make it even FASTER, read on & reduces fragmentation as well in the same stroke - "BONUS"):
---
A.) Pagefile.sys
B.) OS & Application level logging (EventLogs + App Logging)
C.) ALL WebBrowser caches, histories, sessions & browsers too
D.) Print Spooling
E.) %Temp% ops (OS & user level temp ops)
F.) %Tmp% ops (OS & user level temp ops)
G.) %Comspec% (command interpreter location)
& more...
---
All of which LESSENS THE AMOUNT OF WORK my "main" OS & programs bearing disk have to do, and they're being done on a media that has NO heads to move, & thus, more mechanical latency + slower seek/access as you get on hard disks + reduced filesystem fragmentations... &, it works!
... apk
Use something like Secunia to (automatically, in most cases) update applications. That's where most of the attacks happen, these days.
And turn off Java in the browser.
Why not install Win7 under Oracle's Virtualbox? You gain additional familiar network control, and you can run anything on it. MSE and CalmAv should take care of the most glaring holes and the whole thing is just a bunch of files on your Linux box. I personally run stuff on CentOS KVM, but Virtualbox is just wonderfully simple for a first VM attempt.
First, you switched to linux at a time when Windows as immature, unreliable, and insecure. Times have changed.
The biggest issue with Windows today is yesterday's prejudices. People still assume windows is not secure and requires gobs of software to protect it.
Windows 7 is secure, I have been running it for years without anything more than Windows Security Essentials running in the background. I found most other forms of anti-virus software, both retail and free, to be worse than the trojans they are trying to protect me from, robbing performance and doing crap in the background against my will.
Also, stop trying to do things cheap. Today's computers are 5 - 10 times cheaper than they were 10 years ago. Rather than trying to retrofit some old laptop you had laying around with an "expensive" copy of Windows 7, just go out and buy your kid a $400 windows laptop with Windows 7 already installed. Chances are it will work better and your kid will appreciate newer hardware then some junk you pulled out a closet. Take all that money you have saved running Linux on old computers and drop a little on a cheap laptop.
So, rather than trying to promote the FUD that you assume is associated with Windows today, realize that millions of people are running Windows 7 without having to invest 100's of hours locking it down. You assume, because you have used Linux for 12 years, that it is necessary to have to invest time to set up something, this is just not the case anymore. Bottom line is this is a laptop for your kid, so unless your 12 year old is going to be doing online banking and doing taxes, even if the laptop gets infected or taken over with virus there is no information of any relevance to leak out. Wipe and repeat.
If you are worried about what your kid can access while online, than that comes down to parenting rather than software. No reason why your 12 year old should be locked away in his room accessing content online, promote the idea that in order to use a computer kids should be in a freely accessible area of the house by all family members, that is the rules, you are the parent, set them.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Security on a kid's computer = (1 part education) + (1 part technology) + (1 part fear) I think the education and technology solutions provided in the previous posts are all adequate. For my son I add the fear element. Let your son know that you can have the system take a screenshot at anytime to email you what he is doing.
Cheaper to get newer OS or expensive software, e.g. M$ Office, Adobe CS, by buying used machine on ebay or craigslist: Many are sold at price for used hardware only, but still have legal, usable software because the seller replaced it with loaded new machine. I have done this a dozen times over the last 5 years w/o getting burned: Writing this with 1 yr old Dell 13" laptop with win7 & Office Pro 2010 purchased for 275$...