Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie?

madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure. madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.

How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"

Let him deal with it

[e065c8515d206cb0e190]

How did you learn? By making mistakes. Let him run his Windows 7. With admin rights. If he gets viruses, trojans, adware, malware, so be it. If he needs to reinstall every 3 months as you probably did when you had Win 95, so be it. That's how he'll learn.

Re:Well, do it, but...

[maxwell+demon]

Any it doesn't matter if the child looks at porn.

Maybe. But then do it from a Linux computer. There are obviously plenty of them available in that household. There's no need to allow it from the Windows computer which is the one most likely infected by malware from those porn sites.

Re:My best windows admin tips come from *nix

[Gadget_Guy]

By the time anything comes down to local limited user vs rewt, you've already lost the security battle. So what if kernel32.dll is safe, when all of your programs have every right to destroy all of your files anyways?

That is bad advice. Security is all about layers. If the first level of security is breached then you don't just throw your hands in the air and concede defeat. That is like putting a fence around your property and then not locking your doors. The point is to make it as hard as possible for malware to work.

And so what if they can delete your user files. Most malware these days are made to keep your system running so that they can be remote controlled.

Re:Well, do it, but...

Actually, porn sites tend to be among the safest as far as malware is concerned. You're more likely to catch an infection from your local church website. [http://daltondailycitizen.com/national/x1968178697/Unprotected-sects-Church-websites-more-likely-to-have-viruses]

Re:My best windows admin tips come from *nix

[benjymouse]

Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.

Stupid advice, based on an old Unix/Linux myth.

Consider this: What is the paging file actually for? Yes, for swapping out "dirty memory" when the memory pages are needed for something else. The paging file is *not* used like a large video file. It is being accessed *randomly* (non-sequential) *most* of the time.

What if the primary concern with fragmentation? Answer: Excessive head movements.

And you advice users to place the paging file on another partition, all but *guaranteeing* excessive head movement on *each* access to the paging file? The original recommendation to place the swap file in its own partition was that Linux (and most Unix'es) fails pretty horribly under low-disk space conditions. I.e. the recommendation was for space management - not for controlling fragmentation.

Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.

The *only* files that really benefit from *not* being fragmented are large files that are access in sequential fashion or which account for a very large share of all disc accesses (such a large video file or a database file in a single-instance database server).

If you are concerned that the paging file may grow and shrink and thus cause fragmentation of *other* files, then simply reserve a minimum size for the paging file. If you keep it on the same disc as the OS, then you should definitively keep it in the same partition as the rest of the OS. Now, if you could move it to another physical disc - that would offer a performance improvement - as long as you reserve that disc for paging.

But suggesting to move the paging file into a location where you are guaranteed to *increase* head movements - that is nonsensical. Unfortunately that is a very hard myth to bust.