Slashdot Mirror
Ask Slashdot: Protecting Home Computers From Guests?
An anonymous reader writes "We frequently have guests in our home who ask to use our computer for various reasons such as checking their email or showing us websites. We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware, despite having antivirus and the usual computer security precautions. We have tried using a Linux boot CD but usually get funny looks or confused users. We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised. What tips do you have to overcome this problem, technologically or otherwise?"
I think they call it guest wifi and byod.
> We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware,
Really? It's not that they started typing something into your browser and the browser history showed off all the sick and twisted porn you watch? :P
I'm god, but it's a bit of a drag really...
Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.
Don't let them use your computers. Done.
Guest chromebook seems like one good option -- probably rather harder to compromise, and lets guests surf/etc...
Set up a VM in Virtual Box for them to use. Take a snapshot of when it was healthy and new and just revert to that each time someone wants to use it. Even paying for a Windows install for the VM would be cheaper than an iPad.
The guests, that is.
Actually the live CD works best, who cares about the funny looks.
ask them to check when they get to they own devices.
You can set up a PC image with your favorite virtualization system, then run that full screen and have guests use it. They get an environment they're familiar with and you can have the emulator set up not to save any changes to the hard drive image it's running from, so when they leave you can reset it and get back to a known safe state.
You might be able to use something like VirtualBox for example. Create a pristine image and use it as a template, creating a new machine for each guest (it doesn't take that long). Assuming your machine is powerful enough, it should be fast and in full screen mode, your guests would barely be able to tell the difference.
The only issue there is licensing of course, which means you will likely have to use Linux. I am not sure why users give you funny looks with Linux. Is it because things like Flash/Java plug-in/etc. are not installed? If so, you can install them in the template so that everything needed to check email/etc. is ready to go.
Give users a copy of a virtual machine to play with; you can simply delete it afterwards.
It's a Firefox addon. Check it out. Also Adblock Plus. With those two installed and running, things get a lot safer. Of course, NoScript requires a bit of savvy to be able to browse the web correctly. You might have to help. Otherwise, tell them to bring their own darn laptop.
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
The moment your computer becomes public (however limited that "public" is), it is a goner. It is like asking how to secure your computer after it was compromised.
I don't even let my visitor plug into the same network my main computers are, and have both a separated WiFi network and a separated ethernet segment for them (1 port only in the guest room), that I treat as a DMZ. Ok, I'm paranoid, but still.
Maybe use removable HDs, and keep one for your own use, and swap it for an entirely different one (which you can restore from a Ghost image or something) for your guests. As in PHYSICALLY disconnecting your HDs when they are going to use.
Otherwise, it is like using band-aids to stop a leaking dam.
morcego
Linux distro, normal user accounts without super user privaleges. Letting anyone use your unprotected Windows system is a mistake.
With Snapshots
Something like VirtualBox or VMWare that supports snapshots. Install an OS into the virtual machine and set some firewall rules to keep it from accessing anything else on your network. When they ask to use your computer, launch the virtual machine and set it to full screen. They won't know the difference. When they're done, revert to snapshot.
Install a freeware (or not if you prefer) virtualization application, create a non-persistent snapshot, and when the guest needs it, boot it an make full screen.
When they leave, revert to the pristine state, and store until needed again.
Seems fairly easy, and ensures you lose any crud they pick up in their IntarWebz(tm) travels.
Just re-install the OS after each guest. Problem solved.
Sound like a good use for a Chromebook.
Set up a new virtual machine (KVM say) when the guest comes, so it's like they're using a brand new installation (Windoze if you must). When they're done, wipe the container, and set up another one next time you need it. Or even keep a spare hard drive around for a non-virtualized PC. Reformat it completely and install OS on it for each visit.
Setup a clean environment and then image it with something like Symantec Ghost or Acronis Trueimage Home. I vote for acronis, because its easy to use and will let you save the image to a local network share. Easy.
Setup a windows XP virtual machine. Save a snapshot, or a VDI/VMDK file of a clean hard drive image. When they come, boot up the virtual machine in full screen. When they leave, restore the clean snapshot or clean hard drive image.
I'd recommend to just use a virtual machine. I don't think the OS even matters that much in that case. If you put it in full-screen, then they probably won't even notec. And you can have a snapshot to revert to when they're done, and the next person gets a clean slate.
Get smarter guests
Just create an ad-hoc guest account with limited rights. That way they can't really screw up things. Once the guest has left the premises, remove the account. You don't even have to log out yourself if someone just needs the access for five minutes, just switch users.
A step further: Build a virtual machine with a e.g. your basic Linux distro or Windows XP, create a snapshot of it in it's "fresh" state, and set it up to talk only directly to the Internet without any access to your local network. You can achieve this with Virtualbox at least. Let your guest access the virtual machine. When the guest leaves, just revert it to the snapshot state.
If you're worried about malware, your OS isn't set up correctly. Stop running as admin/root.
It's trivial nowadays to get an OS running on a VM. You can easily backup the virtual drive as well, so that restoring it to its clean state is equally as easy.
Use two routers. The turn wi-fi on both. Give the password to the outer router to your guests and ask them to BYOC, bring your own computers. Use the second router, the inner one, to run your home network. Close all the ports and be very secure on the second router. Tell your guests your PC has a virus and so you don't want others connecting to it or using it till you get some help to disinfect it.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Virtual machine with a backup harddrive image invade it itself gets messed up.
I have to do this with my family myself, but its worth the time to setup.
I too have a list of problems I'm to lazy to google! Mind if I submit those to Slashdot?
The media PC in my living room boots directly into the Guest account. Under the guest account I can USE almost all the programs I have installed seamlessly. There are some minor issues with software updates, XBOX controllers, and a complete inability to configure network settings, but that's about it. If I need to do anything that requires more rights I can deal with the UAC prompts that show up or simply log out and back in as an admin.
I know it's not flawless but I still feel pretty comfortable letting my tech savvy (e.g. dangerous) friends stay over unattended. It wouldn't hold up to anyone seriously determined to break the security but they have access to the physical machine and can't really be stopped anyway.
Just install Linux -- like Mint or Fuduntu
http://www.linuxmint.com/
http://www.fuduntu.org/
set up a restricted "guest" account
with chrome and Firefox on the desktop
problem solved
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
Most of the new WiFi routers offer guest networks. Set one up and tell them to bring their own device. With the number of people with smartphones, I don't really see a legitimate need to set up guest computers.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
>> Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.
This. As long as you can PRINT from it. (Most of the time I loaned "local" computer access it was to let someone print airline boarding passes.)
Also make a couple paper copies of your WiFi creds and encourage them to BYOD.
I have previously had a virtual machine running on my desktop with Vmware Workstation or something equivalent, which is running full screen. The user doesn't usually know it's not a native installation, unless they press certain special keys to exit full screen. Then, you set the virtual hard disk to not write changes. Then, you have a fresh, clean computer every time a guest comes over, all with no recurring effort.
Why not just enable the Guest account?
Get a chromebook, let them use the 'Guest' account.
Have a multi-tier network, with multiple nested NAT/Firewall layers. (One NAT/Firewall/Router connects as a client to another.) Bonus points for DD-WRT with the SPI firewall enabled. The idea is, your guest talks to your broadband network, but not to your other computers who are all hiding behind a NAT/Firewall/Router. Thus, when the guest is compromised, it doesn't create a wormhole into your private network.
Second, get a cheap windows box (is there such a thing?). Get a Linux boot disk. I use an old Fedora install disk and boot into rescue mode. Get an external harddrive. Run ntfsclone. Make a mirror copy of the windows computer's disks. Restore back after the guest leaves. It's, like, trivial....
Alternative: Buy a chromebook. Tell them it's the latest fad. (It is!) Problem solved.
Have guest computer with Faronics DeepFreeze or Virtual Machine that can be reloaded.
Or just have a guest computer that you re-image when they're done. Put it in a guest VLAN. or DMZ.
What are you talking about an ipad being a computing system that has been compromised? Do you not know how iOS apps work?
"it wasn't right to knowingly let others use a computing platform that may have been compromised."
Then why are you letting them use ANY computer? There is no platform where you can say 100% that it has not been compromised.
By far the iPad would be the least likely to be infected by anything, and require the least maintenance. I can't understand your rationale for not going this route at all.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
All computer platforms have been or will be compromised. IT Security 101.
Really? If their Web habits are ~that~ sketchy then you don't even want them using your Internet connection. Seriously! They could be downloading copyrighted material or even worse things that you don't want anywhere near your ISPs records.
Tell them no, and make them bring their own damn 3G/4G device hooked to an account that they own if they simply must access the net while they're hanging out.
Printing boarding passes? How quaintly retro! The last few times i've flown, the boarding pass has been sent to my phone as a text message.
I've run into this very same problem.
Just set up a guest account with no password. When ever anyone comes over to visit they have an account for them to use.
Since it a "guest" account no funny looks.
I have a cheap fon router which provides two wireless networks. One for my family and one non-encrypted.
The non-encrypted network normally requires a logon, but some IP addresses can be excluded from that requirement. You might choose to exclude all requirements so that your guests get straight access.
You also get to rate-limit the connection too.
If you run a connection and leave it turned on you get free logon to other peoples fon hotspots too - and there are thousands in the UK.
http://corp.fon.com/how-it-works
blog.sam.liddicott.com
Just use a Linux distro - problems solved. Create a guest account that automatically wipes every time you log out.
Custom electronics and digital signage for your business: www.evcircuits.com
- No disk writing outside the sandbox - set it to delete the sandbox data on close.
Use a good freshly updated hosts file, block known malware traffic by IP.
Malware sought out and downloaded specifically cannot be stopped.
Verify your guests aren't script kiddies first.
No one touches my computing equipment, period. If you MUST use my machine you are getting a Linux Live Cd. If you dont like, it, use someone else's resources.
Good-bye
malware? Just use a 2GB HOSTS file!
Change a few words ... many of these guests have high risk driving habits and have more than once driven one of our cars into a phone pole ... and the answer is obvious.
Not convinced? Try this one ...
... many of these guests have high risk sexual behavior habits and have more than once infected one or more of our girl/boy friends ...
Don't use a boot cd, install that shit for personal use.
If the weather / free game site / background of puppies / custom cursor software they wanted to run doesn't work, then you know you just stopped a virus.
What kinds of "guests" give a funny look when you go out of your way to give them access to your computer. Tell them to go to the library if they don't want to use your Linux boot cd (I assume you at least load the cd yourself for them and get them started)
Anyone who stays at my house has to help slop the hogs and clean out the barn. You can play with the computer afterward.
Problem solved.
Have gnu, will travel.
Using a Linux LiveCD is the best route, the system can be shutdown to clear out all the /home (usually ran off the ramdisk) infestations from Trojans and spyware. On an x86-based version, it supports Flash the best. And with most users having used Windows at some point, KDE or LXDE best translates as the frontends.
To protect your PC, it may be wise to scan the packages offered by the distribution you're looking at and make sure that it doesn't offer ntfs-3g or Linux-NTFS--though the latter has mostly been restricted to read-only.
Besides, the confused look is good; it means that they're not going to mess with your PC because they just don't understand it.
A possible solution would be :
Use a seperate computer from which a drive-image is stored on a read-only medium, preferrably something like a DVD, together with a minimal OS and a restore program.
After the guest leaves (or whenever they made a big enough boo-boo to be noticed by themselves) simply re-image the harddisk (fully whiping whatever wrong has been done with it), preferrably done automatically by booting with the DVD in the drive.
Simple, when you think of it.
With Windows inside the VirtualBox. Once the guests leave, revert the VirtualBox image.
With a little work, you can make a "guest" login that launches VirtualBox and can't do anything else.
On the other hand, it might be enough to make a "guest" account, and just run a script that cleans out /home/guest after the users leave:
/home/guest /whatever/guest /home
# remove all trace of guest directory
rm -fr
# set up clean copy again
cp -pr
If you are using Linux Mint with MATE, your guests should be able to cope with the desktop. If you are using an "improved" desktop like GNOME Shell or Ubuntu Unity, stick with the VirtualBox running Windows.
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I would go even a step further than my subject line suggests and create a guest account and lock it down as much as you can. Turn off all the browser features as well.
A guest shouldn't be doing anything except for browsing the web and checking web based email. Turning the browsers security settings on "high" (which would generally mean disabling scripting, cookies, etc) will keep them from doing too much there.
Also, as I said above, let them use the guest account and lock it down tight. You didn't mention which version of Windows you are running, but if it's fairly new you could use the Local Security Policy MMC and prevent them from running applications.
This on top of your standard AV and the other precautions that I'm assuming you are talking about should do it.
Virtual machine.
Proverbs 21:19
You may want to do some very light reading on priviledges for your platform of choice. Install your OS, create a guest account and set up the desktop with a browser and some apps that might be needed, then dial back the access so thatt he guest account can't install anything. That's all there is to it. If they complain, throw them out of the house.
I can't remember the last time a guest asked to use one of our PCs...
For checking their email or showing us websites, everyone I know just pulls out their phone. They prefer it that way, even if we have a computer on the desk right there, because they are familiar with their own devices. And those without smartphones? They ask the person next to them to look it up on their phone.
As smartphones become more prevalent, the problem you are having seems to be rapidly disappearing!
Use VMware Server - this is free 1. Install virtual machine - choice of OS is up to you 2. Backup the VM to a directory they are not going to use 3. Create a directory called virtual machine 4. Let them use the virtual machine 5. When they leave, delete the virtual machine (after taking notes on the type of pr0n they watch) 6. Next visitor arrives, copy the backed-up original, unused virtual machine 7. rinse 8. repeat
"We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised."
Seriously? What have you been reading that gives you bizarre notions like that? The iPad has a number of general shortcomings, most of which are related to its single-user OS and its closed architecture. And I'd hesitate to lend a guest my iPad, but only because – once unlocked for use – it's wide open for the user to poke around (e.g. read my mail, browser history, etc). But in terms of the OS being compromised, an iOS device that hasn't been deliberately jailbroken (by you) is about as safe an internet-access device as you're likely to find, short of custom building a Linux- or BSD-based system yourself.
http://alternatives.rzero.com/
Most of them come with a guest log-on anyway. It doesn't need to take up more than 10GB of your harddrive and should be pretty safe.
Create an account that does not have the ability to change the operating system, a "user" account for your friends. It won't prevent all problems, but it does cut down on the ability of malware to corrupt you system outside that user's folder.
I enabled the guest account on my OS X machine specifically for this purpose and it works flawlessly.
I am not sure how easily you can set up a user which will "self-destruct on logout" on other platforms but you could minimally create a guest account which your root cron could destroy and rebuild during the nightly maintenance run (or whenever).
If a user with such restricted access can modify common areas of the system (beyond a "drop box" directory), then you have bigger problems.
Windows XP with Steadystate
http://en.wikipedia.org/wiki/Windows_SteadyState
Let them run Puppy and if they get confused lend them a hand. Usually most people seem to want to check email or some other trivial task. You do want to be certain that your email account does not allow auto sign in while you have company.
Get a cheap computer (i.e. used/refurb), and keep installation media on-hand.
You can optionally install Linux to make it more resistant to stuff.
And put the homepage to something that discourages them from visiting naughty sites.
Dual boot into it. Problem solved. Everyone loves Chrome. And it's like a rock.
We should learn what we need to know about issues, before we decide what we need to feel about them.
Lot's of people suggesting you just make a dual boot Linux for them.
Just a word of caution: If you do this, you very well could be giving them access to your entire harddrive, instead of just accessing the user account they're logged on to.
Linux should stop most self-run viruses, but you're giving up a lot of security by giving them full HDD access. IOW you need to encrypt your main installs partitions before giving them Linux access
I stay in a university dorm and my friends often come over just for hanging out and killing time. My desktop is always on and I don't protect it with password. So if they find it free, they'll use it right away.
A particular friend has a hobby of collecting freeware. So he downloads tons of these stuffs from both reliable and unreliable sources. When he finds a very interesting piece, he won't wait until he gets to his own home, he'll just install it in my computer. In turn, I got a good collection of malwares. I do have antivirus installed, but some naughty wares still go through sometimes.
The simplest solution would be to installed Sandboxie and then run the web browser using it.
After they're done, just delete the Sandboxie contents and you're all set.
Depending on the airline/airport combo, paper boarding pass might be the only option. Couldn't get a mobile boarding pass for US Airways in San Diego, for example.
As a text message?
That seems incredibly easy to forge.
Or awkwardly cumbersome to "give" to the ticketing agent.
I'm surprised they don't use a bar code or something along those lines instead.
Might be a MMS, they're getting fairly common as a delivery option and smartphones are all but the norm anymore.
I keep a chrome laptop around for this. It's enough for most people, and after logout everything's clean.
I want my Cowboyneal
After having the same thing happen one too many times on our media PC in the living room, it now operates under a limited user account. It can still function as the media PC, but guests can't install anything, and I don't have to worry about it getting fubar'd.
My two cents...
Keep an extra media bay or hard drive for a notebook that lets you just remove your hard drive and stick another in. .iso or other backup from which to do a restore.
Take your regular hard drive and put it away when you've got guests coming over. let anyone use your notebook with this alternate media to boot and run from. Just keep a
At the end of the night, just reimage the alternate media and put it back on a shelf.
Put your drive / boot media back in and you've got your machine back. No worries...
You do have to tie up a drive and / or drive carrier or media bay, and may need to pay a license for the OS if you don't plan to use Linux.
-- Sam
Run backups before they arrive, and run restore after they leave. Plus your machine gets backed up which you probably needed to do anyway.
Say no. Moving on.
If you're willing to buy a $499 iPad just for guests to use, then you'd probably be willing to buy a $249 Chromebook instead. It's a great second laptop, and perfect for guests to use. There's even a "Guest" account they can use, and it clears the data when they are done using it. And it's secure - which you want if your guests have "high risk computing habits."
Extra computer, different network/workgroup/domain, different room. Who would "share" one's own machine with anyone?
'nuff said.
Also, take out X11 and use only lynx/mutt. Any guest who is able to go online with that can probably be trusted.
If you have a Mac, just enable the Guest account and fast user switching. Log into the Guest account for them and they can do pretty much whatever they want. When they are done and the account is logged out, everything is deleted. Poof, all their bad habits are gone. The guest account on Mac OS X is created on the fly. It does not exist until you log in and ceases to exist when you log out. For this reason it has been referred to as the porn account. As long as your other accounts have passwords and they should, you will have no issues with letting someone go hog wild in a guest account session. You can even restrict the account further if you enable Parental controls and only allow certain applications to launch. So you can restrict them from Terminal, finder window and such. Pretty much only give them web browser and nothing else.
Sandbox, Live CD, VM, etc.
If a library can successfully do this, you shouldn't have too much trouble...
... but sometimes there are commercial solutions that fit a specific problem quite well - I'd use deep-freeze, a piece of windows software. I briefly attended a school that had it on their computer lab computers - effectively the computer is reset every time you restart it. It keeps a second partition sitting around with your save point or something like that. Guests are generally non-malicious so probably won't disable the software.
"We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised."
So you won't get an iPad for guests because you don't like Apple's philosophy of the platform?
Or ??????
You were mistaken. Which is odd, since memory shouldn't be a problem for you
>> Printing boarding passes? How quaintly retro!
I think you'll find that the same guests who want to borrow your computer are also the same ones who won't be able to get boarding passes on their phone.
Create a Standard User account. Last I checked ~90% of all known malware targets the Admin acct on Windows boxes. It'll prevent them from installing stuff and keep them out of you bookmarks and passwords.
If you have a Professional/Ultimate edition you could incorporate AppLocker or SRP. This will require a bit of know how (Wilderssecurity has write ups on how to do this). The last I checked 0% of known malware targets such a setup.
Build youreself a "guest" VM with browser of choice and script protection.
Just put Windows 8 on it. Nobody will be able to figure out how to launch anything besides Bing and Zune.
Table-ized A.I.
If you have a Mac, there's a standard user account called Guest. This account has privileges to do normal user things, but can't install apps or make other changes to the computer. (And the account has no access to other users' data.) No matter what the guest user does in that account, it can't hurt you —and the entire Guest account is in a fresh state each time you log in to it. It's designed exactly for something such as this, and it works very, very well in real use.
These comments suggesting a Linux boot CD, or a Virtual Machine (VMWare , VirtualBox, etc) are all viable solutions if you trust your guest to stay within the environment you give them.
A VM, in my opinion, is really just useless, because the guest can switch away from it too easily and get at your main machine. Then perhaps become confused which browser is which, see your firefox on the desktop, double click and continue away... This is common with guests that are not too computer savvy....
Someone mentioned using a VM with a guest network and router firewall rules?? that's just more useless, the guest is sitting at your main machine. See the point above.
A linux boot CD is much better than a VM, with firewall rules to prevent this booted machine from accessing the local network, but any linux environment gives local access to local drives, so before you know it your (computer savvy guest) is browsing your local hard drive from your standard everyday system you use, and reading all your fine datas. Or if they are a reboot happy user (I've seen that, if the browser gets slow they power off) then that user may reboot when you're out of the room, and they may now boot into your main system and continue along, without you even knowing it, until much much later. You won't know this unless you are watching what they are doing every minute, and I am sure that won't go over well either.
The only way to go here is to have a separate guest network (hardwired or wifi or both) and have your guests BYOD. If you wish to be accommodating when they don't have their own device then you can give them a slow, cheap, small laptop from craigslist or something, and make them use that. Use any hard drive mirroring software to wipe and reinstall the Linux OS on it after they leave, or use a netboot to boot an image from a local server which you have a virgin copy of for the next user. As someone else already said, make sure it can access the printer, guests always want to print something.
I do the above. An old DELL Latitude D600 is the device for my guests. It has a 14" screen, 1 GB RAM, Pentium M 1.6Ghz, a 30GB hard drive, and dual boots Linux Mint or Windows XP so they have a choice if they care. The entire HDD is overwritten from a server image when they are done.
I say all this because I am the type of person that doesn't want anyone sitting at my local machine. I wish to give them full access, freedom to take their time and do what they want, without me watching guard over them to be sure they aren't reading anything of mine. I don't want them to start my Yahoo, or MSN , or read my email, my PC has years of financial data on it, local documents to my Condominium Corporation, letters to family, and the other 50% is ... well... we all know what the Internet is really for ;)
99% of the printes just work out of the box on linux.
What are these "guests" you speak of?
I'm not familiar with the word....
Or equivalent other thin linux distro. I assume they really only need web access.
I consider myself to usually be on the bleeding edge of technology, but phone-based boarding passes are right out. I've never had a piece of paper run out of power, but I've had my phone die halfway through the travel day for reasons unknown (turned into a little toaster and burned through its battery - presumably the radio got in a weird state) and have had it stolen while traveling. I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.
And yes, most of the time when my guests want to borrow a machine, it's because they need a printer for boarding passes.
I know this sounds really arrogant, maybe it's because I'm of the younger generation but I just can't fathom how this is an issue--I believe you since you said it's happened, but it really surprises me. What exactly are they doing on your computers? Most people's risky browsing habits are things I would think they wouldn't do in public (I'm not just referring to porn, I mean downloading and installing stuff as well. Like you don't do that one someone else's computer.)
Install sandiebox.
create limited user visitor account (not guest, just another user). Setup all the browsers to open in sandiebox. Done.
(assuming windows 7 and above)
How about letting them trash the machine however they want, then when they leave, just drop the VM and fire up another one?
Just because they are guest doesn't mean you have to let them use your computer. Do you let them use your toothbrush also?
This is a really stupid question. All the answers you need are a easy search away. Why are we answering questions for complete noobs? There is a million of websites like that already.
Be seeing you...
a Guest account on windows can't install software, throw chrome/firefox with adblock or IE with a good TPL/adblock list, dont install java and keep it up dated, you could browse the most gross sites on the internet and be fine. you could even go as far as enabling "Only allow signed apps" to run (secpol) and thats a done deal.
how about "stop using Microsoft Windows"?
Enough said... Let them do their worst. Create a "thawed" drive and push backgrounds, bookmarks, documents, etc. to that. This has worked great for my guest-use PC. Reboot and the porn, viruses, and malware are all gone.
If your ADSL or cable modem is just the device that converts modem signals into Ethernet and you have your own Linux/BSD firewall between that and your internal network then turn on the modem's WiFi, put a password on that and use it for "friend internet". This assumes that you would have your own internal WiFi with a different password if you needed/wanted WiFi at home.
Just say no. That's all there's to it. Grow some cojones, amigo!
why not install a VM, making it act as a sandbox ? And there are options to not make it read-only, so it goes back to a pristine state everytime it starts up. The one issue is that the guests have to willingly stay in the VM, there's nothing preventing them from alt-tabbing out of it.
Other than that:
- a guest account with no admin rights;
- a cheap tablet that you restore to factory default between guests, with a dummy account that has no credit card liked to it for activation
- even a net/notebook or PC which you re-image between guests. there's plenty of free imaging software.
The Cloud - because you don't care if your apps and data are up in the air.
When guests knock on the door, hide the computer and let them know that you've reverted to the stone age. Make sure to wear your Fred Flintstone costume.
But on a more serious note, it's quite dangerous to allow guests to use your computers or even your Internet connection unless they are closely supervised. Aside from the malware issues, only God knows what else these folks like to surf for. Real pornography addicts will surf for their shit literally anywhere, and there are certain kinds of porn that some people like that will attract the attention of law enforcement. You do not want the FBI knocking down your door and taking away all your computers because someone just had to get his kiddy porn fix at your house. Given the current state of the law, both state and federal, and the paranoia over the pedophiles in our midst, it's best just to politely decline, or refer them to the local Starbucks.
Incidentally, the same logic applies when it comes to securing your wifi hot spot. Even if the cops find nothing on your computers, you've lost them for a while until they are finished with their forensic sweep. You may lose them permanently because cops are not particularly careful when it comes to protecting evidence. Expensive evidence has a way of disappearing.
Wear a condom. Put plastic wrap over the computers like it's 1963.
Buy a really cheap computer, bare bones systems are a few hundred dollars, probably cheaper than an ipad. Install windows/browsers/antivirus/etc and create a backup image. After every use, kick the format button.
One way is to just make a guest account.
But if someone wants admin rights to install a game or something, you can use Faronics Deep Freeze or Fortres Grand Clean Slate to ensure that no changes to the Windows filesystem survive reboots or even log-offs.
My rude guests think the CD tray in my computer is a toilet seat. I tried taping it shut and putting a little sign that points to the bathroom but they get confused. What should I do?
Create as hostile an environment as possible.
1. Run Linux or BSD, not Windows.
2. Use a less-common keyboard layout, like Dvorak or Colemak. To complete the effect, get a blank keyboard.
3. Switch the language to something they don't understand if possible.
Then they won't even *want* to touch it. :)
But seriously, don't give them access to a Windows machine. It's as simple as that. And always have multiple user accounts, just in case. If you get blank stares because it's "different," tough--they must not want to use it that bad. If they do, they'll use it and get used to it.
If all they want to do is browse the web and check their e-mail (which I assume is also through a web browser using a webmail service), then seriously... the operating system does not matter. They could be in front of an old 640x480 CRT on a computer running Windows 95 and a maximized web browser taking up the whole screen and it shouldn't matter too much.
Except for the fact that there probably are no modern browsers that are still maintained for that specific OS, but you get the point. If an OS can run a suitable browser, then it can be used. Sure, Windows can, clearly it's the absolute worst option if it's "protected" by anti-virus software and it still gets infected regularly by your guests.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Why bother? Printing boarding passes saves less than 5 minutes. Actually, if you are hoping to get a last minute seat change, they save 0 minutes, because you have to use the kiosk anyways. If I am not using a E-boarding pass, I just print one at the airport from a kiosk. There isn't really a line to use a kiosk. While you are there, you can check to see if a better seat opened up, and maybe change your mind about one of the upgrade options. There are advantages to checking in early at home, and pre-paying baggage fees if necessary, but I skip the print boarding pass step, and just do it at the airport. Why would I want to carry around an entire sheet of paper all folded up with ads printed all over it, when I could have a nice tiny official airport printed boarding pass? Plus, if you re-checking in at the airport, you might be offered generous compensation for giving up your seat when the flight is overbooked. I've never taken them up on that offer, but one of these days, I might.
Comment removed based on user account deletion
Either that or a guest account on a Linux box with a web browser, or guest account on a Mac. Windows? Sorry, no. Too fragile. Confused by the relatively modest differences in UI between a Windows setup and a recent Linux UI? Deal with it. It's no worse than Windows XP to Win 7 or Win 8. Either that or bring your own machine and you can get the password to the wifi (which I'll change after you go).
I certainly wouldn't expect that if I was staying over at a friend's house, I could have ubiquitous unsupervised access to using their home computer - why would I? I might expect that they would let me log in to print something or to check my email while they were there, but hang out on it and install sketchy software while my friend wasn't around? Why would you let your friends do that? Put a password on it, don't tell them the password, let them use their own computer. (Alternatively, if you're worried that they're going to install sketchy things while you *are* watching them, then you're as much of an idiot as they are if you just sit and watch them do it.)
tsia
Some routers have guest accounts. Get one of those routers and not allow sharing under the guest account. If you do not have one of those routers, then make sure you have account passwords on all of your computers. This way you do not have to worry about them getting access to your computers. Finally make sure you have a good firewall.
Sorry, but my house, my rules, my OS.
Besides, please explain to me how you get "odd" looks from someone who wants to check a homepage or his webmail? Some little bits might look different, but browsers are all alike, across plattforms. That's the whole idea behind it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Comment removed based on user account deletion
Surprised no one mentioned that Macs have a guest account that can be enabled and will wipe out whatever is created by the user in the filesystem after logout.
If they give you funny looks for offering a linux boot CD, they don't deserve to ask you to use your computer in the first place. It's not safe for people with such a low IQ to play with technology.
On the flip-side, if they can use Android or an iPad, then they can use Linux. That means they're obviously just ridiculing you for not offering exactly what they wanted. Fuck 'em.
Text message ? What a fad.
The last time I've flown (from France to Hong Kong and back, last year), my passport was my boarding pass!
(I understand that you don't need a passport for domestic flight.)
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
I made an account with username 'guest' and password 'password'. then just let them log on.
I also had ssh installed. one day the sysadmin at work come to see me and tells me that my laptop had been blocked from the network because it was making a large number of outgoing ssh connections. important lessons were learned.
(some distros offer a locked down password-less guest account. this is a much better idea)
If saying, "no," isn't an option, try these suggestions.
One option might be to set up a laptop with some sort of reversion/reimaging software. If you're into Windows, try something like DeepFreeze. This is probably the least labor-intensive option. You just need to un-freeze it, in a clean state, to do software and OS updates before re-freezing it again. The user has full control over the computer (as much as you want, anyway) and is simply reset to the pre-defined state upon reboot. The DeepFreeze software, I believe, can also leave some areas unlocked so changes there can persist through a reboot, if desired.
Another option might be to set up a laptop to PXE boot and get a read-only image to boot from. Configure all changes to be saved to local media until you decide to wipe it clean. This requires some network infrastructure to set up as well as keeping the custom boot image up-to-date.
Yet another option would be offer up an "unlocked" laptop but drop it on a "protected" VLAN with heavy internet filtering. Again, there's some network infrastructure to set up as well as some likely subscription fees for filtering software/hardware at the gateway. The bonus here is that, if you have any (now or later), kids' computers can be placed on that VLAN without too much worry on your part. It also protects the rest of your computer equipment from being attached from the inside of your LAN by a compromised device since it'll be on a totally separate "untrusted" VLAN. This isn't exclusive to the other options presented here, either, and can be used in combination.
You could also just bite the bullet and simply re-image the laptop every time someone uses it. Again, if you're into Windows, you could easily set up Windows Server with WDS and capture a customized WIM image so it'll have all the apps you want installed from the get-go. Other options exist for Linux and Mac.
One last option I can think of involves an Android tablet that can be re-imaged back to stock form easily. Samsung units are good about this with the ODIN tool and a USB connection. Just connect the device to the computer, select the appropriate image in the ODIN utility, and it's back to factory-fresh form in a matter of minutes.
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
I have a secure Win 7 PC and a secure Wi-fi b/g/n - if they want to browse, they're welcome to use the coffee shops at the end of the block.
Besides, visitors shouldn't be staying indoors.
-- Tigger warning: This post may contain tiggers! --
Host Machine is Linux. Main Computer is a Win 7 VM. So It is as easy oh you want to use my machine, sure one sec. [Grab Snapshot] Let them use it oh cool story or whatever [revert to snapshot]. Profit !
Printing boarding passes? How quaintly retro! The last few times i've flown, the boarding pass has been sent to my phone as a text message.
It possible in Tel Aviv. You'll upset them though.
Go to India or Pakistan and you won't get into the terminal without pieces of paper.
Text message ? What a fad.
The last time I've flown (from France to Hong Kong and back, last year), my passport was my boarding pass!
(I understand that you don't need a passport for domestic flight.)
How do you know what seat you're in ? What if someone's in your seat?
Was this Cathay or Scare France?
I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.
I just get a new one printed from the check in desk, lounge, or gate.
Israel and India excepted.
Have no friends. Problem solved!
Best Buy has laptops for about 250, which are good enough for web work. Just make the backup CDs and refresh it when they fuck it up. Or use Norton Ghost to image it
Fullscreen firefox and change the fullscreen hotkey. That's enough for me :-)
A blog I run for the wealth
Wait, this is Slashdot. "Guests" implies "friends". You are obviously in the wrong place.
... administer my machine.
I create a non-Administrator account right on my main system and delete it when they leave. Been doing this since XP SP3, with zero infections.
Hey now, my last smartphone had a screen so shiny barcode scanners couldn't actually read it. It was rather unpleasant to have the TSA give up and make me run to the check-in desk to get a hard copy and then wait through the same half hour security line for a second time.
... with a bootable SD card that will wipe the hard drive and re-image it with the OS. It takes a while to write the whole hard drive, so this is a per-day thing, rather than a per-user thing. Eventually I plan to move to a virtualized system where I can "fake wipe" the hard drive more instantly, and even give each user their own VM.
now we need to go OSS in diesel cars
That'll be 50 quid, says your local Michael O'Leary.
Maybe there isn't even a usenet group for it yet .
Rule 35.
Is it just my observation, or are there way too many stupid people in the world?
When a guest only needs a boarding pass I offer to print it for them. If they insist on doing it themselves they get to use a Linux guest account. If they can't figure out how to print with that, I again offer to do it for them. I never let guests run Windows, I don't even run it myself very often.
Sorry, but my home office has become a portal to an alternate universe and as such is being guarded by a pair of Narns!
I killed da wabbit -Elmer Fudd
...you probably don't want to be using that machine. Did you happen to bring your own laptop?"
I consider myself to usually be on the bleeding edge of technology, but phone-based boarding passes are right out. I've never had a piece of paper run out of power, but I've had my phone die halfway through the travel day for reasons unknown (turned into a little toaster and burned through its battery - presumably the radio got in a weird state) and have had it stolen while traveling. I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.
I just carry a USB charger battery pack in my travel bag and if my phone battery dies, it's easy to plug it in and charge it up - they charge slowly but are effective. I used to fight over the 2 outlets in the boarding zone during long layovers so I could keep my phone charged (carrying a 1->3 outlet adapter helps!), but now I just use the battery pack - I can get around 1.5 full charges out of the 5000mA charger (and that includes powering my phone during the several hours it takes to recharge fully)
Use a virtual machine with software of your choice. If the computer you look at porn, download torrents, or just about anything else that ventures into non-family-appropriate territory is on your main computer that others have access to, you need a VM anyways NOW. Plugging in cameras/phones/usb sticks to the host OS would be your only other attack vector you'd really have to worry about. And you can lock that down if super paranoid and apologize to others stating you've had bad experiences with viruses. Most will understand.
P.S. To the Slashdotters who mentioned NoScript, you must not host many parties or family events. The last bloody thing I want to worry about when hosting a house full of 50+ people is trying to teach somebody how to use my "special" web browser.
Buy a Chrome OS device, anyone can use the computer. No virus, no malware, no guests messing with your system settings or online porn collection.
Chrome OS is the best thing to happen to computing since the dumb terminal.
Those of you thinking the guest should just be told "No", don't have friends with teenage nephews.
===
If you're even willing to spend $$ for separate hardware, but don't like the idea of foisting this off on the next guest, get any cheap set of hardware that can boot. Set it to boot off the CD (Read-only, not R/W drive, preferably; findable in some older, cheaper computers), and stick a Knoppix or whatever Live CD into it.
Even if they restart it, it'll boot from the CD.
Erase//reformat/clean the drive between visitors, after warning them to take all their files with them.
No messing configuring VMs.
No worries about them seeing your personal stuff.
No worries about leaving a toasted environment for the next person.
No worries about having to re-install the system.
Seriously, I have no idea how Windows 7, which freezes everything and blanks out the screen every single time I want to run something to ask me twice if I am sure that I want to run software I installed already, still lets you delete most of a drive without even asking. My cat somehow managed to walk on the keyboard just the right way...
PS3 has a generally-terrible web experience. Let them use that, mostly as punishment for asking.
Sandboxie lets you open a browser in a sandboxed environment. After they leave, delete the sandbox and you're good.
Used to use this at SAIT (major tech school in Calgary, AB) in our computer labs. You could infect it with all kinds of viruses, malware, crapware, bloatware...pr0n, whatever your little shitheads can think of. Then, at next reboot, it's back to normal. It's totally worth it. http://www.faronics.com/products/deep-freeze/ As an administrator you can allow or disallow things at will. You have the power...
Or you could image your computer using software like Acronis True Image, Macrium Reflect (free version available for home users) and revert back to a saved image once the aforementioned shitheads leave...it's a bit more of a PITA but achieves the same effect.
Everyone has different "feelings" about other people using their computer. I see my computer as an extension of myself because it contains my job and so much of my life.
Anyone who uses my computer only ever does so for a very short time and only under my constant supervision.
Maybe it's because I don't run A/V and I disable UAC as I find them annoying as hell. My computers have never had an infection or been compromised ... because I'm not retarded with how I use my computer.
My advice is to setup an open and isolated AP and tell people to BYOD. You can do this with a dual-channel router or by throwing dd-wrt on any compatible router you can find on eBay for $20.
If you *must* let people onto your PC, put them in a sandboxed, non-persistent VM and set it to full screen. Make the VM "let me back into the host system" combination something that they'll never press.
For winoze you could write protect the hdd with M$ enhanced write filter. Without any non-volatile storage available malware only lasts until reboot.
Or use a live-cd/VM session w/o access to the hdd, in the OS flavor you prefer.
That'll be 50 quid, says your local Michael O'Leary.
Well I only fly on real airlines.
I setup the shared computer with Linux and problems went away. As long as they had a web browser that covered most of their computing needs. One of my roommates even commented she liked it better after I switched because of how much faster the computer became. If guests are persnickety about OS, they can bring their own device. After all, you are doing them the favor by providing them with anything.
You can try applications like Deepfreeze. A log out will wipe out any configuration or data stored in a user session. It is widely used in computer labs across universities.
http://www.faronics.com/products/deep-freeze/
... many of these guests have high risk sexual behavior habits and have more than once infected one or more of our phone poles ...
I would suggest installing Deep Freeze Have it unfrozen when you yourself are using it. Freeze it before your guest uses it, Then one simple reboot and every single thing is back to how it was when it was frozen. Then just unfreeze for you to continue using it as a normal computer. We use this program on our WiFi Cafe computers after getting very tired of having to 'repair' the software about once a fortnight to clear various plug-ins, add-ons, programs etc that the users were installing. With Deep Freeze we have just set all the options as we need, then freeze it. No cookies left, no temp internet files, any virus or installed programs or anything is obliterated on reboot. Works great.
he answered his own question... well, almost: livecd + FULLSCREEN firefox & DMZ/isolation. :)]
my recommendations depending on the level/type of security your looking for is the DoD Lightweight Portable Security [out of date
http://www.spi.dod.mil/lipose.htm
or tails from the Tor project @
https://tails.boum.org/
remove your hard drives prior to any liveboot, pray you don't get hit with a firmware attack [pci/bios or mac keyboard etc] /virtual/ isolation through tor+proxychains
and for gods sake... USE NETWORK ISOLATION.
both of these livecd's are Linux... any organized person could prolly weaponize either live instance [tails or lps] vs your network and anything on it...
so isolation is a consideration
the autoreboot feature of lps will keep their sessions CLEAN
while tails can provide further security with
tails is updated more than LPS
any other suggestions?
As of a couple of weeks ago, there is only one machine in this house now running Windows (an XP box which is only for CAD & DAW, decidedly not for general access).
All the other 'desktop' machines in the house are now running Linux, Debian to be exact (main server is a Slackware box). Visitors have no other option but to use the Linux boxes. Web access is transparently proxied and the content both scanned for viruses and heavily filtered at the boundary Firewall machine (another Slackware box).
I say they have no other option, but if they bleat on that they want to use their own WinX box, they might get grudging access to the one (of four) WLANs running in the house which allows access to the internet on standard web ports only, again, transparently proxied, filtered, scanned, etc. and which isolates them from the rest of my LAN (All the other systems on the LAN are configured to reject traffic from the IP number all the devices on that particular WLAN are NAT'd behind, it's the WLAN I normally use for testing all suspect desktops/laptops I get in for backups, virus cleaning and repair etc. - the boundary firewall pays particular attention to all traffic originating from this IP number to all outside sites).
That way, even if I do relent and allow them to use their own WinX boxes on my LAN, I don't have to care too much or worry about how 'high risk' their normal computing habits are, they won't be indulging in them on my LAN, nor fecking any of my systems with them.
is all you need.
people would rather pick up a newspaper, read a book, or feed themselves to the rabid pitbull next door, than use that piece of shit.
smartphones are all but the norm anymore
Then it appears you disagree with some other Slashdot users who have told me that smartphones are a luxury, not a necessity. The only necessity is an $80/year dumbphone in case of urgencies, and that's only because payphones are being removed. But I'm willing to consider your arguments as to why a smartphone is a necessity.
Get a thin client such as an HP t610 and use Enhanced Write Filtering to protect from any changes.
You can set a system baseline and lock it down with EWF. Once locked down, any file calls from the operating system or software are intercepted and redirected to RAM. No changes are made to non-volatile memory. Once powered down, the system expunges all changes and reverts to the baseline you set.
Hmmm...
In that event, why wouldn't you just stop at an airport kiosk and print a new boarding pass? Or, I don't know, charge the phone before you need to check in? You're giving up a lot of convenience for a fairly low probability situation.
Not using an electronic boarding pass because your phone might crap out or get stolen 1 flight out of 1000 is like refusing to use the paper ones because you might drop it or misplace it. Does it have to be tattooed on your arm?
How do you know what seat you're in ?
First come first served, I guess. At least that's how it was when I traveled via Greyhound bus.
1) Restricted guest account .exe other than Progrfiles/windows dir's.
2) Use OpenDNS to restrict websites the user can go to
3) Software Restriction Policy/Parental controls (don't allow them to save anything, or run any type of
If its not pre-installed, they don't need it.
4) Keep this machine up to date
5) If you really want to be evil.. Change permissions so that this user can't run adobe reader or flash (deny them file permissions just for the 'guest' user. if it can't be run, can't easily be exploited either. Give them google chrome if they need to see pdf's they read on thier gmail.
You have nothing that needs interoperability with your work that can't be handled by Linux.
Does that mean WINE has stopped being terrible at handling games
Icebike said "your work". Compared to the general population of people who would need to borrow a home computer for a while, very few people develop or review video games for a living. If that is your job, icebike's comment was probably not addressed to you.
If I want to use a kiosk at my local airport to print my boarding pass, I need to scan the ticket barcode.
What can I do about friends who borrow my car but always bring it back with fresh dents and scratches and new unsettling engine noises?
How do you know what seat you're in ?
I look down. If I see my legs, that's the seat I'm in.
Who doesn't have a smartphone/tablet these days to do such things?!
There are at least five cases I can think of. Minors aren't old enough to hold a job and buy a smartphone or tablet, or they may not be allowed to carry it to school and back based on the school district's policy on storage of electronic devices in student lockers. Typing without a Bluetooth keyboard isn't so easy on a smartphone or tablet. Nor is printing. Nor are SWF sites or sites that detect the user agent and error out: "This web site is not available for mobile devices. Please visit this web site using a computer."
Otherwise, Nuke from low orbit, it's the only way to be sure.
With the number of people with smartphones, I don't really see a legitimate need to set up guest computers.
If someone came up with a plausible explanation of why he didn't have a smartphone, or why a smartphone wasn't suitable for a particular thing he wanted to do, how would you reply? Please see the five scenarios in my previous comment.
If you MUST use my machine you are getting a Linux Live Cd.
That's fine; I've used Linux before. Have you got CUPS working on your live CD? Or could you otherwise help me print a boarding pass?
TSA doesn't scan the barcodes on your boarding pass, jackass. The barcodes are scanned at the gate.
Or Drop dead, go away.. or whatever?
Set a guest account that is non admin, remove flash and adobe acrobat and java ......
Done ...
I have MY PC.. Always locked, and nobody gets to use it. Wife, kids, etc.. Doesn't matter. That being said...
I have several core2duo's setup for the wife and kids for minecraft/office/internet. After setting them up, I resized the partition space so I could keep a clean image on the hard drive (in a separate, non-accessible partition by windows formatted ext3) Whenever their PC's get so nasty with malware that it's barely usable, I boot off a USB stick with clonezilla on it, then restore the base OS/Apps image.
Takes less than 15 minutes to do a restore.
On another note... Watch out for chrome's "Logged in user" I left my daughter logged in with one of my accounts on her PC. She visited the app store and installed a bunch of junk, which when I log into another PC guess what? It's on there, even the nasty stuff.
...and the problem is multiplied like by a bazillion. Linux is a perfect solution except for all those kids games like Freddy Fish and when they get older, Call of Duty etc. I learned to fear my children much more than the People's Republic of Crafty Hackers. After awhile you pretty much get resigned to it and end up teaching them how to do the internets the right way. And you'll still have to re-image every so often.
"He's using a quantum encryption scheme! That'll take hours to break!"
VNC / Remote Desktop / LogMeIn / GoToMyPC connection to their home PC. They infect their own computer. Bonus: All their data is right where they expect it!
You can have a "CD imge" (i.e. a read only boot image) stored on an SSD, and boot a live Linux distro that way. It does all the same stuff (e.g. creating a temporary read/write union filesystem based on a readonly file system), but just way faster because it would be reading from an SSD instead of a CD.
Also if you have a lot of ram, you can load the whole OS to RAM. It takes a bit longer to load, but is ultimately faster during use. This loading process should go much faster from an SSD, but maybe you won't even need this option if you have an SSD.
I am pretty sure you can also do this with windows also, but I've never done it, so I can't give any first hand experience.
Another option would be network booting. I am not sure it would go much faster than a CD, (certainly slower than an HD or SSD) , but it might be cheaper because you wouldn't need to buy an SSD, HD, or CDROM.
Install Linux Mint 14 MATE on a thumb drive. Boot into it and install Firefox on it. I have it on a 32GB USB drive and it works perfectly.
Use Universal USB Installer – Easy as 1 2 3 - http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ to do the install. Take the maximum persistence in step 4.
Don't be worrying about strange looks from them. Mint looks like Windows, so they should have no problems running Firefox. Have mint running with the browser up and running before they arrive. They probably won't know that they are on Linux. Firefox runs fast on my MATE.
Linux Mint iso - http://www.linuxmint.com/download.php
Ahh how I love being the idiot stuck in the line behind the fool using his phone as a boarding pass going through security. Readers don't read them well and the rest of us poor slobs have to wait behind this dolt as he makes all of us late. So he could play with his latest tech toy
Just have a Linux partition ready for them.
I use the Lian Li BZ-H06 SATA power switches and turn off my drives and boot to an old spinner with a clean install of Windows 7. After they are gone, I restore it with a clean image I make before they arrive. No worries.
Yes, TSA scans your boarding pass barcode, if it is a mobile boarding pass on a smartphone.
Quite RIGHT! using a phone for a boarding pass is a big PITA. My daughter (cutting-edge on all things) tried it and couldn't get it to work. Now she carries a sane little piece of paper. Much more sensible. And yes, two copies, just in case.
lxc-start-ephemeral won't protect you (yet) if they decide to chmod +x and then run a local-escalation rootkit, but some day it will. And who remembers to chmod +x the rootkit anyway? I never remember. And without the local escalation I'm fucked, because I always forget to type "sudo."
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It might be overkill for the OP's situation, but here's an interesting solution:
http://www.thogan.com/blog/windows-xp-vista-7-iscsi-boot
What OS are we even talking about? I'd you're talking about Windows you can enable the guest account. If you're afraid of getting a virus that attacks the built in Guest account it's not a problem to create a standard user account and give it whatever name you want to. If you're running Windows 8 you could even add their Microsoft Account to the machine and then remove it when they leave. Are you letting your guests run as Admin? You shouldn't even be allowing your self to run as Admin. Every OS that I can imagine you would be running at home (besides iOS) wallows for creating accounts that don't have permissions to install anything.
Just launch them a browser in Sandboxie and you'll be fine. The free version is all you would need. When the browser closes it will take everything with it.
http://soylentnews.org/~tibman
1) Make a guest account, lock it the f*ck down, and you're done. Limited executables (Firefox + NoScript), good antivirus/firewall, yadda yadda. If you have a Mac this is even better as most people who are average Windows users won't get far off the trail and Linux users will generally be safer users as it is.
2) They don't have their own laptops? Their own smartphones? How frequently are they using your computers in lue of their own devices? If you need to Ask Slashdot then you have a bigger problem than what can be solved here, or your lying about this being your house and guests (underground internet café? Is that a thing?). Seriously, your friends and family should know better and, if they don't, educate them instead of attempting to just "hope" that you can lock it down.
How does the old adage go? The only time a computer is safe is when it's unplugged, in a safe, buried underground, with armed guards outside. And it's still probably not safe.
Create a new "User", not "Admin" account on your computer, call it "Guestuser" or something like that. (Don't use the built-in "Guest" account.)
"User" accounts, by default, do not have permission to install hardware or software. It also does not have permission to open any other users' folders on the computer. Viruses and malware have the same permissions as the account that triggers them so your "User" is unlikely to cause any major damage. Regardless, you should always monitor your antivirus software to make sure it is running and up to date.
This also is a great approach for sharing a computer with other family members. Everyone gets their own account which means that they get their own Desktop, Favorites and Documents folders. Parents use "Admin" accounts and kids use "User" accounts. Kids can't mess with each others files or their parents' files. Parents can always check on the kids' files or lock their account when they don't want them to use the computer.
some of us don't want easily hackable cellphones used to track credentials of any kind.
Adding complexity always drives up the possibility of failure... Needless complexity drives down reliability for no good reason.
The same as with children, watch what they're doing!
I have one friend who is notorious for surfing "questionable" web sites while visiting friends. I simply tell him "nothing but YouTube and Facebook", and watch from the couch to make sure he complies. Sitting and watching someone Facebook isn't particularly fun, but it beats the heck out of having to reinstall a system.
I do not fail; I succeed at finding out what does not work.
...but being windows, well, there's plenty of ways for Bad Things to happen. But it's been good enough for me, knock on wood, so far.
Never let a lack of data get in the way of a good rant.
I'm suprised at so many BYOD propenents. If you can't trust the guest not to mess up your computer, why on earth would you trust their computer on your network. You're on the hook for anything their computer does!
You always have them fire up a Virtual Firefox instance - http://www.virtualfirefox.com/en
Enable the Guest account in Windows 7/Vista. It is disabled by default, but is very airtight - nothing can infect the machine from there. Don't forget to run with UAC on. Set Firefox browser to erase all history/cookies on exit.
I've been running like this for years without a single hick up. It protects my machine, my files and my privacy. Also protects the guest's privacy by auto-erasing all browser history.
Adding complexity always drives up the possibility of failure... Needless complexity drives down reliability for no good reason.
A battery pack is a parallel redundancy - failure of the battery pack won't make your phone fail, so it doesn't increase the possibility of failure.
If that battery pack sat between my phone's battery and the phone, then it could make the system less reliable.
Either use guest account in windows 7 or setup the distro of your choice running openbox/blackbox/ice or whatever other lightweight Window Manager you prefer. Have it call opera in kiosk mode.
http://web.archive.org/web/20130223014915/http://www.opera.com/support/mastering/kiosk/
They are asking you the host to provide. To turn up their nose to what you offer is like turning up their noses to the dinner you provide because it isn't good enough.
KF4UWL
Macs (OS X) come with a built-in Guest account that automatically wipes itself after the person logs out. Problem Solved?
Just create a bootable "live" windows CD off your main system you let guests use, configure it to not allow writes to the HD and anything the guest does "goes away" when you turn the machine off. NOTE: It does run a tad slow as everything runs off the CD instead of the HD and if they need to download something they will need a thumb drive.
"We have tried using a Linux boot CD but usually get funny looks or confused users."
So, then, you already solved your problem. Why are you posting to Slashdot?
Just use a virtual machine. Revert after use.
1) Get smarter friends
2) Linux or even MacOS box and tell them to live with it
3) Deep Freeze
4) VM with snapshots/non persistant storage
this is slashdot, so the most verified response should be "develop your inner sociopath to resemble most of us, this should solve the problem of guests"
I can't trust someone not to screw up on my computer, they don't get near it, and probably don't get in the front door. We had some friends staying with us for a while. I already had a pc set up for friends so we could play Smokin Guns via the local network. It had Aptosid installed. These were Windows users. They had no trouble using Iceweasel (Debian version of Firefox). They used some of the other software too. OpenOffice, K3b, Pidgin, Gwenview, Gimp etc...Very seldom did they need help from me. When they left, they offered to buy that computer, but I didn't want to sell it. I did offer to install Aptosid for them if they got a computer later on.
Just use a VM of whatever OS you choose. Keep the base snapshot patched to current levels, and after someone has used it restore said snapshot.
Or have a separate guest SSID for wireless and tell them to bring their own damn computer :)
Firefox and Chrome look the same no matter the OS. Adding a large icon for the browser and download folder is everything most web users need to work in Linux.
run that from a live cd. Interface is windows like.
If you are running Windows then with any luck you are running Win 7 Pro. If you have the Home version you can upgrade with the "Anytime upgrade" bit.
With Win 7 Pro you can install XP Mode which is an XP virtual machine. Set up a guest user and set that to autorun the XP Mode VM in full screen. Once it is setup make a copy of the VHD as a backup. They can hose it up all they want and when they are done just delete the VHD and copy in the fresh copy from the backup.
I use a product from faronics called Deep Freeze. It is neat because you just reboot the computer and it is back to its unmolested state. I use it on computers in a high school library and it has been awesome.
I've used this before on a "public" machine.
http://dx.com/p/recoverystar-crash-recovery-pci-card-for-pc-2896
It resets the machine with every reboot. It is a little cumbersome to make permanent changes, but it stays clean!
You can print to file on a flash card and then insert the flash card into my printer that accepts such things. I suppose you could counter with 'well what if there is no USB driver for the flash reader', or 'does the Live CD support your NIC?'.
Good-bye
Set up a thin client for guests, then they will not ask for computer access again.
There was an unknown error in the submission.
First dump Windows. Then install Linux. (it is just a matter of time for you too) Go from there. As you discover Linux, make notes on which apps do what. Then make a cheat sheets for guests to use. Have them use a guest account.
I would have a hard time believing that anyone is such a good computer user that they never have issues with Windows. It is just impossible to stay 100% clean all the time.
Create a limited (ie - non-admin) account, then only let them use that.
As long as the drive-by malware or whatever doesn't take advantage of a privilege escalation bug, it should only be able to affect that one account (which you never use).
If you feel the need to reset it, just delete it and create another.
Webconverger (http://www.webconverger.com/) is a livecd and USB stick bootable linux distribution for kiosk applications, which also puts it in the same territory as ChromeOS for guest access, only it will work out of the box on a wider range of hardware.
By design, it gives the user a tightly locked down, full screen Firefox browser, and nothing else, but it's somewhat configurable and even supports printing (http://webconverger.org/printing/). Out of the box, it supports the Flash and Google Talk Voice/Video plugins, so most if not all websites will work out of the box, and the user can even do voice calling and Google+ hangouts.
The with the exception of the couple of proprietary browser plugins mentioned above, the software appears to be entirely open source, and they offer a free version, subscription service to customize and manage it for you, or source code if you are comfortable getting your hands dirty. Overall, this looks like one of the easiest ways to provide a safe, controlled environment for your guests, locking them into a browser window where they can do what they want, but nothing will be saved. Given the plethora of cloud apps out there to serve as as substitutes for local apps, with a little creativity, this should be all anyone who doesn't bring their own computer will need.
Get a live cd and a computer without a hard drive for guests. Power cycle it when you switch guests. Problem solved. If they want to save something they can stick their own usb device in and infect it all they want. They just have to take that usb device with them when they're done.
"High Risk Browsing Habits"? Really?
Like what? They are browsing shady porn and warez sites while you are there?
Even if so, you make a guest account with almost no access and it shouldn't be much of a problem - even on Windows. Mac OS is better, and Linux is yet better.
If they just want to browse the web, they can damned sure figure out Chrome or Firefox on Linux. If you need to use a VM to protect your machine then you probably shouldn't be lending it to that person.
And the iPad may have been compromised? iPad, like it or not, is one of the most secure platforms. Basically nothing that hasn't been code-signed will run, and it can't catch viruses. I don't think Apple and the FBI are really interested in your friend's browsing habits that much. (Or... is that what you meant by "high risk"?)
I keep two computers and a kvm switch at my desk for this very reason. I loathe people using my computer as nobody seems to follow what I would think the first rule of etiquette is: don't change things. When someone asks to use my computer I just power up the old one and away they go.
I've seen that a few people that had never seen linux before managed to download and run knoppix from a CD to troubleshoot and solve various hardware of MS Windows file problems without spending much time or getting very confused. The UI is far closer to what they are used to than MS Windows 8 is.
I run a Linux desktop with multiple logins and just create a new one for guests to use on the fly. That account is then deleted and the data scrubbed when they're done. Sometimes that's a student living with us for a few months, sometimes a one day photo viewing session.
As for Windows, creating a restore point and creating a fresh non-privileged account for them to use then deleting the user and/or running system restore back to that save point should suffice in most cases.
- Michael T. Babcock (Yes, I blog)
Guest computer: Chromebook touching local wifi. Backup the OS before they touch it, restore the OS after they are done. Keep them away from anything important. Done.
Something like a Wyse V90 on ebay; 79-99$
embedded windows with a read only file system
Seriously, let 'em boot off a CD, do their internetness, and let it all go away after reboot. If you have guests that are sufficiently malicious as to scrub through your hard disk from a live Linux environment, you've got plenty of other issues right behind it. If you're simply looking to fix stupid, then grab a Live CD boot off it, and let it exist that way. Unless there's a particular need, don't complicate things.
Anyone can use a Kindle.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Just tell em to fuck off.
nt...
Any Mac can have a Guest account enabled that gets nuked again when the guest logs out. We do this all the time. When a guest arrives without their own machine they are welcome to use the Guest account on the MacMini that's plugged into the TV. We can use the FastUser Switching to flick it back to my, or my wife's account, as needed, without logging the guest out, but when they leave we just log them out and voila - the Guest account is wiped.
I used to have a better sig than this, but I got tired of it
Why? You protect their needs or you protect your needs, which would be a functional computer. With a dysfunctional computer, both parties lose. But you lose more since you have the cost of re-installing windows and software.
The linux fanatics will sing the praise of non-windows computers. They have a point and your guests can learn to deal with it. If your friends and family can't take a six minute lesson on Puppy linux or similar, it can't be important.
The simplest option is a windows XP live CD. Your guests get the Windows they know and love. You get peace of mind.
Another option:. Set your computer to boot off a USB-HDD. Install windows onto it, then create a hidden copy of the windows partition. If the boot partition suffers from mal-ware, simply copy the hidden partition over the boot partition. This option allows software to be installed (from a third partition) as needed.
I've had pretty good luck running Deep Freeze in cases like this.
With deep freeze, you set up your computer up into the ideal state you want it and then "freeze" it. Users can use the system to their heart's desire, and then you can restore it to the ideal state by rebooting the box.
wikipedia article about it: http://en.wikipedia.org/wiki/Deep_Freeze_(software)
Product website: http://www.faronics.com/products/deep-freeze/
Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
Init 3. If they can use the computer from that state, you know they are clever enough to be let loose doing whatever they want.
When guests have gone, init 5.
1. Disconnect the internet when you have guests over. Tell them it is broken and that your ISP is scheduled it some time in the future.
2. Find a better class of friends who are computer literate, security conscious and generally more considerate.
3. Get a shitty netbook dedicated for the guests. Wipe it clean when they leave. That's probably the most considerate thing you could do for guests, as you would be protecting their privacy as well.
4. Block port 80 and require the use of an HTTP proxy on all systems. Proxy can provide caching and reject unwanted sites and allow you to audit network access.
5. Install a hosts file that already includes all the malware sites.
6. Innoculate your matresses with bed bugs so that your guests see what it's like to deal with an infested computer by having a literal infestation.
7. When you find malware on your computer, go insane with rage, burn down your house, then ask to stay at your friends house. If your guests aren't willing to put up a homeless friend for a night, you can start to ask yourself why you bothered putting up with their fucking bullshit for so long.
What the hell are with all of these complicated answers? Virtual Machines? Snapshots? Linux installs just for guests? Two routers? Shit, this is not that hard. BOTH WINDOWS AND UBUNTU FOR EXAMPLE ALREADY SUPPORT A GUEST ACCOUNT OUT OF THE BOX WHICH HAS NO ADMIN ACCESS. THAT IS A PERFECT SOLUTION FOR THIS.
If Mac or your favorite flavor of Linux don't have a "guest account" feature, then just make an account named "guest" that doesn't have admin access. If you're worried that the account alone is compromised, then delete the account and re-create it (or just delete everything under its home folder).
You get funny looks with an Linux boot CD but not when you hand them an iPad? Maybe you should look funny at your "friends".
Go with the Linux boot CD (or better: USB stick). If your friends really can't use Firefox or Chrome in Linux than they're just too stupid to breathe.
I too sometimes look down and see your legs. WTF is going on?
You can't handle the truth.
I've not used DeepFreeze personally, but I've read about it. From what I've heard, If you want to make changes you boot the system to get a clean state, and then "thaw" it. Then any changes you make will be permanent. You reboot to get back into a frozen state.
It seems to me that using DeepFreeze probably requires doing manual updates every once in a while, but it's not as onerous as making a whole new disk image.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Webconverger
I have written a bunch of How to Video's on Virtualization, including one about Previewing Windows 8 on VirtualBox. I usually choose virtualbox because it's free although vmware player is also free but I don't think it includes snapshots capability if I am not mistaken(not sure if they changed this capability in recent player versions). But what you can do is put the virtual machine into seamless desktop mode so that you can't tell your in the virtual machine. You can also make it so that the snapshots automatically roll back to a previous state. I might add that another good thing about snapshots is you can revert them back to a state where an individual guest comes to your home. So you can have a snapshot for every Dick, Tom and Harry. So you can sell it to your guests that this is the reason for doing it. Eventually the hypervisors will be integrated into every machine (some already are) inside the chips so that you can have an instant on computer instead of using your full desktop. Here is a link to my videos in case you want to watch them. NOTE: The Menu at the TOP of the page has a virtualization Menu Item for a full list of videos.
"
You can restore a snapshot by right-clicking on any snapshot you have taken in the list of snapshots. By restoring a snapshot, you go back (or forward) in time: the current state of the machine is lost, and the machine is restored to the exact state it was in when the snapshot was taken.[4]
Note
Restoring a snapshot will affect the virtual hard drives that are connected to your VM, as the entire state of the virtual hard drive will be reverted as well. This means also that all files that have been created since the snapshot and all other file changes will be lost. In order to prevent such data loss while still making use of the snapshot feature, it is possible to add a second hard drive in "write-through" mode using the VBoxManage interface and use it to store your data. As write-through hard drives are not included in snapshots, they remain unaltered when a machine is reverted. See the section called “Special image write modes” for details.
To avoid losing the current state when restoring a snapshot, you can create a new snapshot before the restore.
By restoring an earlier snapshot and taking more snapshots from there, it is even possible to create a kind of alternate reality and to switch between these different histories of the virtual machine. This can result in a whole tree of virtual machine snapshots, as shown in the screenshot above.
"
If the live CD is set up to not mount your harddisk, and if it has a guest account without root privilege, then only malware that does privilege escalation (becoming root) after exploiting a bug can do damage.
Now I'm not a real security expert at all, but I think if the live CD is paranoid enough to not have any harddisk kernel modules, have SELinux on in "setenforce 1" mode, and if the live CD is burned to a DVD-R instead of DVD-RW then I think you'd be quite safe.
Seeing as Linux is used for a lot of different tasks, I believe (but I'm not certain) that there are several distros especially *for* this purpose; hardened Linux distros for computer forensics, penetration testing etc.
A quick look at distrowatch.com shows (N.B. I haven't tested any of these, my family are not computer criminals AFAIK):
Now if your guests are not only hardened computer criminals but also very old, consider the extreme user-friendlyness of the Italian project "ELDY":
..slightly.. )
http://www.eldy.eu/
I haven't tried it yet, but I respect their philosophy: "when you were a baby, they taught you how to walk and cycle. Now that you're grown up and they are getting senile and feeble in the head, you can teach them computer use. Do your best to try, anyway". (I paraphrase
To be, or not to be: isn't that quite logical, Slashdot Beta?
Ignore the funny looks and continue to use Linux. Nothing that they ought to be doing should require Windows and it is a simple and apt method of protecting the computer. Especially if the hdd is not mounted on the live CD.
Oh the insecurity... ;-)
Please stay with MS Windows!
Link: http://newstechnica.com/2008/11/09/ask-jack/ (probably NSFW)
To be, or not to be: isn't that quite logical, Slashdot Beta?
Your guests are stopping by a visit before going directly to the airport, and didn't think of printing the boarding passes before hand? Or they don't have a printer? You have some dumb friends.
Vote monkeys into Congress. They are cheaper and more trustworthy.
I deal with something similar myself. I've messed with a few different methods in the past. The first one I did was making a live linux Ubuntu disk, but like you, I got a bunch of odd reactions to Linux.
I tried to using a Windows live boot disk using something similar to this. I didnt much care for this method either since it allowed the user too much access to the things on my system if they were at all computer savvy or just were prone to click-happy deletions.
http://www.technorms.com/8098/create-windows-7-live-cd
Finally, I settled for a virtual machine. I have VMware Workstation running in a guest account on the computer which only has access to just that VMware VM(modified the local security policy in Windows). From there, I installed all the commonly used programs like trash.. I mean flash, java and the VM tools. After it was a stable as I could get it, I took a snapshot and fullscreened the VM. Considering that most people don't know the keystroke for getting out of a full screen VM (and they're using a heavily restricted guest account anyway), I felt pretty safe. After every visit, I just revert the snapshot.
There are several programs which "freeze" your harddrive until the computer is rebooted, meaning no changes are saved on the computer, and can be used on a normal windows just pressing a button. This won't defend against malware spreading through the network if one of your guests have downloaded malware which does that.
See Shadow Defender or Returnil.
Install some virtualization software e.g. VirtualBox and install whatever OS your guests like. Then clone the image for each guest to use, and delete it after that.
You can buy a used, but perfectly usable and cheap windows XP/7 laptop from your local Craigslist or ebay. Re-image it regularly.
Most airlines or railway companies I buy from (Spanish) still want to produce a pop-up or use Javascript for redirections, purchases... I always have to deactivate NoScript and have the website in the popup white list to make sure the boarding pass is produced.
I bet the website my guest would use is not in my whitelist, so he would be blocked.
I like NoScript, but not for my guest.
If you're running with zfs, just take a snapshot of the file system before handing over the system. When they're done, roll back to your snapshot. Both take seconds to perform. There may be other filesystems that can do this, but this is the one I'm familiar with and it works extremely well and doesn't require any virtual machine layer.
insert the flash card into my printer that accepts such things
I wasn't aware that such printers existed. Is it USB or SD, so that I have something to type into Yandex or Google?
This is what I would do - crude, but it should work: Install Linux on your system, then some VM - I prefer VirtualBox, personally. Then install Windows in a VM, with all the things you want there. Shut it down, and make a clone/backup or whatever; this is for when you want to clean out your guest Windows. Now, you can let your guests play with Windows, and when they muck it up, you restore it from backup to a know, clean state.
But in that case, presumably, they would use their parents', or their parents would buy them one.
So are you claiming that a laptop for a child is a necessity, not a luxury? This appears to directly contradict what I was told in the last article about Alan Kay and the iPad: kids deserve to have a limited-function tablet, not even a beater laptop. And how do you expect the child to have the laptop with him if the school forbids storing laptops in student lockers or carrying them on school buses?
Keep a pre-loaded virtual machine image on standby. Make a copy your clean drive image for "one use" and fire it up for them. When they are done, just delete it. Rinse, wash, repeat
iPads do not get "compromised"
I don't understand why everyone wants to turn this into an hour long project. Just install deepfreeze (http://www.faronics.com/products/deep-freeze/), spend 5 minutes on configuration, and be done. Guests can do whatever they want and not screw any of your stuff up. No, it's not free, but it's 1/10th the time of downloading and setting up Windows XP mode on Win 7 / or dual booting and cheaper than a secondary box for them to login to.
Ubuntu has a guest account that gives limited priveleges and doesn't require a password. It never ceases to amaze me all the BS people put up with to keep using windows, perhaps you shold dual boot and leave Ubuntu as the default so if a guest boots up a PC they get a Ubuntu Guest account unless they know the magic keystroke combo to switch to windows.
Guests shouldn't need to install software anyhow, that's something you'd do on your own machine, not someone else's.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Use ubuntu, create a guest account, install windows in virtualbox, clean the virtual machine at each login, data can be saved using a shared folter. When you have switched to unix way of thinking, all this becomes so simple.
For the person that wrote "Windows may be a problem here..." Windows also has a "guest" login that can be enabled very easily if needed Linux for most average folks is beyond their ability to install let alone use. Many of the newer routers have a "guest" option, enable it! Finally, common sense, keep everything up to date on your computer NO MATTER WHAT OS and have the proper software installed to protect it!
Create a VM and run it in fullscreen mode.
Aside from pressing the key combo that cancels fullscreen mode (CTRL+ALT+Enter for VMware), there is nothing that a normal web/email user can do to tell the difference. Just create a snapshot before the guests arrive and revert to it after they leave.
This used to be possible with the free VMware player---don't know if that's changed or not. The paid VMware Workstation product definitely can do it, or an equivalent product from their competitors.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
get the blue screen of death wallpaper and tell them it's broken! Get your own damn computers guests! :P
I'm highly anal about who uses my computer and what they do and what they visit. I don't appreciate finding my computer in a bad state after other's have used it either.
Stop being a possessive paranoid nerd? Where are your "friends" going where you are getting all this malware? Are you sure its guests, and thirdly are you SURE its your guests? I dont use antivirus or malware protection unless i know something is up or im on a binge of downloading alot of illegal/questionable software and i rarely get infected. Seriously, i run win7 and chrome, and once every 6 months i either install a shatty AV, scan, uninstall, clean the registry OR I just reinstall my OS (automated, so i just goto bed and get up and its bascially done) . Again, im going to slip this in here and say im pretty sure it isnt your guests showing you websites. Its porn. porn porn porn. possibly "moms makes 65k at home" websites too, but mostly porn.
They'll never know the difference.
1. If they have infested computers with viruses before, they lose access. Done deal. I'm sorry, but if you crash my car I'm not letting you drive it again. Dumb on my part, really.
2. Cheap Android tablet. If you can't do it on an Android tablet with Chrome then you can't do it on a computer either. Added bonus of this not being a super-comfortable and easy to use form factor so they won't stay for hours and hours.
3. If all else fails, TAILS booted onto my computer.
Duh
I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.
You worry too much about boarding passes. If you happen to lose one it takes about 60 seconds to get a replacement at the nearest airline kiosk or at the gate.
I always use my phone. If something happens, I have my ID and can quickly get a paper pass. That hardly ever happens.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Or perhaps your friends are from out of town, are visiting at the end of their trip before going home, and were either staying with you or couldn't/didn't print the boarding pass at their hotel. IIRC, the airlines don't let you print a boarding pass more than 24 hours prior to scheduled departure.
hahahahahahah.... never gonna happen.
I keep my family on a seperate lan segment from my machines, and guests are on their own ("there's a Starbucks up at the next intersection...").
PXE boot gPXE, to load your Linux/Windows off of iSCSI from a central NAS/SAN. Other than the NAS which anyone this technical probably already has you don't need any special hardware. Just a DHCP server that has a next-server option, and some onboard NICs that support PXE booting.
If your iSCSI target is something like ZFS snapshots/rollbacks are easy. "you want to use the computer? Sure!" Just roll it back to an auto snapshot after they are done. Big plus if you have multiple desktops, as you can do one OS install and clone/boot on multiple hosts.
Windows seems to be hit or miss on which hardware it can boot its root drive via gPXE on, but I have done it before. Linux is a breeze of course... If performance is a concern you can always have your OS locally on HDD and the guest OS via PXE.
Has a full array of card readers on the front, Epson RX595. I also have a HP 1102W LaserJet for mobiles/AirPrint. The whole system was designed by me to NOT rely on workstations to function.
Good-bye
bullshit?
If something is both "the norm" and a luxury, then it would be polite to accommodate someone who can't afford luxury, wouldn't it?
For those of you who are talking about booting from live distros or dual booting, always remember that any *nix distro worth a crap will have NTFS support enabled from the get-go, so they could easily screw up your files on your primary hard drive and not even give it a second thought.
My solution? TrueCrypt...the end.
or Mac OS X which even has a guest account preconfigured. Best of it: The guest account gets completely wiped at logout.
It is just one more example on how M$ screws us all. Because Windows could provide guest accounts as well.
If they find something before visiting me, they don't need to use my computer to share it with me
That's sort of what I meant. I was confused.
And if your phone can't have printer drivers, can't view flash, and can't run a browser with a desktop user agent string... you need a better phone.
Are you referring to Android? I thought Adobe was no longer making Flash Player available on Google Play Store, and I thought Chrome for Android no longer supported Flash Player. So someone would have to download Firefox, turn on "Unknown sources", and install Flash Player from an APK.
Maybe this could help:
http://en.helpdoc-online.com/virtualbox_4.1.2/source/ch09s18.html
regards,
P.DSP