Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie?

Posted by timothy on from the not-under-my-roof dept.

madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure. madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.

How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"

8 of 503 comments (clear)

  1. Let him deal with it by e065c8515d206cb0e190 · · Score: 4, Interesting

    How did you learn? By making mistakes. Let him run his Windows 7. With admin rights. If he gets viruses, trojans, adware, malware, so be it. If he needs to reinstall every 3 months as you probably did when you had Win 95, so be it. That's how he'll learn.

  2. Windows VM by Nerdfest · · Score: 3, Interesting

    If your machines have the power for it. you may be able to get away with running Windows in a VM. Install everything, get it set up properly, then snapshot it and restore to that point at the end of every gaming session. It's one fairly sure way of keeping Windows safe.

  3. Re:A few things by magic+maverick+ · · Score: 3, Interesting

    I like 1 and 3, but have another suggestion instead of 2. Install a firewall between the computer and the Internet, and block all inbound and outbound connections except on the ports used by the games required. No web browsing, no email, no chat (except in game) on the MS Windows machine at all.

    Disclaimer, I've been using GNU/Linux myself almost exclusively since 2003 or something, and so my knowledge of MS Windows is also dated. But, if the worms can't access the machine they can't hurt it. If the child can't access the web, they can't have some ad network serve drive-by-download malware. Etc.

    I also like the idea of letting the child learn about computer security themselves and do it all themselves. But that may cause more heartbreak in the end than my suggestion.

    --
    HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
  4. Well, do it, but... by Penguinisto · · Score: 3, Interesting

    ...one word: Proxy.

    Run your kid's network connection through it (enforce it via the home router if necessary), and whitelist what he is allowed to visit. Here is an example of how to set up SQUID to do that.

    That by itself will knock out virtually all threats from the network.

    As for the machine itself, install CCleaner and AVG (which IMHO is among the least intrusive of the A/V solutions), maybe tweak RDP so you can sniff around in there from time to time remotely w/o his knowledge, and that should cover practically everything you really need to protect and control your kid's computer.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:Well, do it, but... by maxwell+demon · · Score: 5, Interesting

      Any it doesn't matter if the child looks at porn.

      Maybe. But then do it from a Linux computer. There are obviously plenty of them available in that household. There's no need to allow it from the Windows computer which is the one most likely infected by malware from those porn sites.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:Well, do it, but... by Anonymous Coward · · Score: 4, Interesting

      Actually, porn sites tend to be among the safest as far as malware is concerned. You're more likely to catch an infection from your local church website. [http://daltondailycitizen.com/national/x1968178697/Unprotected-sects-Church-websites-more-likely-to-have-viruses]

  5. Re:My best windows admin tips come from *nix by Gadget_Guy · · Score: 4, Interesting

    By the time anything comes down to local limited user vs rewt, you've already lost the security battle. So what if kernel32.dll is safe, when all of your programs have every right to destroy all of your files anyways?

    That is bad advice. Security is all about layers. If the first level of security is breached then you don't just throw your hands in the air and concede defeat. That is like putting a fence around your property and then not locking your doors. The point is to make it as hard as possible for malware to work.

    And so what if they can delete your user files. Most malware these days are made to keep your system running so that they can be remote controlled.

  6. Re:My best windows admin tips come from *nix by benjymouse · · Score: 4, Interesting

    Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.

    Stupid advice, based on an old Unix/Linux myth.

    Consider this: What is the paging file actually for? Yes, for swapping out "dirty memory" when the memory pages are needed for something else. The paging file is *not* used like a large video file. It is being accessed *randomly* (non-sequential) *most* of the time.

    What if the primary concern with fragmentation? Answer: Excessive head movements.

    And you advice users to place the paging file on another partition, all but *guaranteeing* excessive head movement on *each* access to the paging file? The original recommendation to place the swap file in its own partition was that Linux (and most Unix'es) fails pretty horribly under low-disk space conditions. I.e. the recommendation was for space management - not for controlling fragmentation.

    Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.

    The *only* files that really benefit from *not* being fragmented are large files that are access in sequential fashion or which account for a very large share of all disc accesses (such a large video file or a database file in a single-instance database server).

    If you are concerned that the paging file may grow and shrink and thus cause fragmentation of *other* files, then simply reserve a minimum size for the paging file. If you keep it on the same disc as the OS, then you should definitively keep it in the same partition as the rest of the OS. Now, if you could move it to another physical disc - that would offer a performance improvement - as long as you reserve that disc for paging.

    But suggesting to move the paging file into a location where you are guaranteed to *increase* head movements - that is nonsensical. Unfortunately that is a very hard myth to bust.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*