Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Protecting Home Computers From Guests?

Posted by timothy on from the quick-name-an-os-that's-never-been-compromised dept.

An anonymous reader writes "We frequently have guests in our home who ask to use our computer for various reasons such as checking their email or showing us websites. We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware, despite having antivirus and the usual computer security precautions. We have tried using a Linux boot CD but usually get funny looks or confused users. We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised. What tips do you have to overcome this problem, technologically or otherwise?"

20 of 572 comments (clear)

  1. Guest wifi... by Anonymous Coward · · Score: 5, Insightful

    I think they call it guest wifi and byod.

    1. Re:Guest wifi... by Anonymous Coward · · Score: 4, Insightful

      Uhhhh, a guest account with limited privileges, maybe?

    2. Re:Guest wifi... by Austerity+Empowers · · Score: 1, Insightful

      He means by previous users. He takes no responsibility for what uses do to themselves, but doesn't necessary want them losing passwords or credit card numbers because of what the last person did.

    3. Re:Guest wifi... by chipschap · · Score: 3, Insightful

      I understand your point but the problem is that many, maybe most people don't know any better. They don't even know how to take responsibility.

      I would never let a guest run Windows. I have guest accounts on a couple of Linux machines. All they get on the desktop is a browser icon or two (Firefox and Chrome). That's more than enough for anything a guest needs to do and I don't see how they can get confused.

      If they have things to do like edit documents or write papers or whatever, they probably have already brought along a laptop and they can use my network with little chance of harm (other than blatantly illegal activity). Or they can use their Google Drive account.

    4. Re:Guest wifi... by epyT-R · · Score: 3, Insightful

      Friends who respect you will take care when using your stuff. They will ask permission and they won't willingly or carelessly damage, and they will replace what they do break, and if they can't, they won't borrow it in the first place. The gp is right: today's culture doesn't teach respect of property, self, or the truth. Immediate indulgences and the expectation of entitlements are stronger social imperatives these days. Saying 'no' has become 'offensive' because no one should ever be so mean! Choosing not to share all the time, or even being choosy with whom you choose to share with is considered 'anti-social.'

  2. Linux Boot by Sylak · · Score: 5, Insightful

    Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.

    1. Re:Linux Boot by lesincompetent · · Score: 1, Insightful

      Ditto. A browser is always a browser. Hell you can even run chrome on linux!

    2. Re:Linux Boot by Isarian · · Score: 1, Insightful

      You have nothing that needs interoperability with your work that can't be handled by Linux.

      Does that mean WINE has stopped being terrible at handling games like Path of Exile, Starcraft 2, EVE Online, etc?

  3. Virtual Machine by FiveLights · · Score: 5, Insightful

    Set up a VM in Virtual Box for them to use. Take a snapshot of when it was healthy and new and just revert to that each time someone wants to use it. Even paying for a Windows install for the VM would be cheaper than an iPad.

  4. Virtual Machine by Anonymous Coward · · Score: 5, Insightful

    Something like VirtualBox or VMWare that supports snapshots. Install an OS into the virtual machine and set some firewall rules to keep it from accessing anything else on your network. When they ask to use your computer, launch the virtual machine and set it to full screen. They won't know the difference. When they're done, revert to snapshot.

  5. VirtualBox by whtmarker · · Score: 2, Insightful

    Setup a windows XP virtual machine. Save a snapshot, or a VDI/VMDK file of a clean hard drive image. When they come, boot up the virtual machine in full screen. When they leave, restore the clean snapshot or clean hard drive image.

  6. Obvious answer by jamesl · · Score: 2, Insightful

    ... many of these guests have high risk computing habits and have more than once infested one of our computers with malware ...

    Change a few words ... many of these guests have high risk driving habits and have more than once driven one of our cars into a phone pole ... and the answer is obvious.

    Not convinced? Try this one ...
    ... many of these guests have high risk sexual behavior habits and have more than once infected one or more of our girl/boy friends ...

  7. Re:NoScript by acariquara · · Score: 4, Insightful

    Except that NoScript does not protect anyone from downloading "hi_I_saw_you_wanna_fuck.jpg.scr.pif.exe.bat.com"

    --
    Dear aunt, let's set so double the killer delete select all
  8. Re:Chromebook? by DeDmeTe · · Score: 4, Insightful

    Amen to that. That's what friends and the kid's friends get handed when they ask to "check their email and Facebook". It works.

    --
    -Guns kill people like spoons made Rosie O'Donnell fat-
  9. Re:Locked down guest account? by sexconker · · Score: 4, Insightful

    And put it in its own separate guest network, which is logically isolated from your own stuff by a firewall, maybe run a print server too (people often want to print boarding passes)...
    As for funny looks, a browser is a browser and i've never had any problems giving someone a linux livecd, it has both firefox and chrome and most people are perfectly familiar with these applications.

    Why go to the trouble of a separate network?
    The odds of even the most retarded of users inadvertently fucking anything beyond the one machine they're touching is absurdly low, unless you're running outdated shit on your network. Remote exploits are remote exploits, and you should protect each device regardless or whether or not you trust the rest of the network.

    If someone is so fuck-up prone that you think your proper boxen could be fucked by some schlub lolcatting around on the same network, you should be more worried about them tripping in your house and suing you.

  10. Re:Linux Boot + PRINTER by xxxJonBoyxxx · · Score: 4, Insightful

    >> Printing boarding passes? How quaintly retro!

    I think you'll find that the same guests who want to borrow your computer are also the same ones who won't be able to get boarding passes on their phone.

  11. Re:Linux Boot + PRINTER by QuasiEvil · · Score: 5, Insightful

    I consider myself to usually be on the bleeding edge of technology, but phone-based boarding passes are right out. I've never had a piece of paper run out of power, but I've had my phone die halfway through the travel day for reasons unknown (turned into a little toaster and burned through its battery - presumably the radio got in a weird state) and have had it stolen while traveling. I keep two boarding passes, typically - one folded in my pocket, and one in my carry-on. If I lose one, I just grab the other one.

    And yes, most of the time when my guests want to borrow a machine, it's because they need a printer for boarding passes.

  12. Re:iPad by AmiMoJo · · Score: 1, Insightful

    Compromised in the sense that Apple does a certain amount of data collection/spying and limits what you can do with it. To be fair unless you install Cyanogen then Android does allow Google to collect some data as well.

    It's a very responsible attitude. Guests didn't click "I agree" to the privacy violations and you can't expect them to research all that stuff when visiting. You should do them a favor and set them up with a more respectful OS, just like you wouldn't immediately open up the browser after they left and see if they forgot to log out of their email account.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  13. Re:iPad's cost money... by iamhassi · · Score: 3, Insightful

    Or just install VMware on any version of windows and boot them into that. You don't need windows 7 pro and some anytime kit. Still think a five year old MacBook would be easiest, it will run flash and familiar browsers but less likely to get viruses and spyware, and if you want you can use time machine to roll back to the original install, that will wipe anything they ever did. System restore is available for windows too but mac time machine works better.

    --
    my karma will be here long after I'm gone
  14. Re:iPad's cost money... by Gription · · Score: 3, Insightful

    After all the hype it didn't deliver any more than Virtualbox and all the others.

    Except for the part where it can be setup by non techy types by installing three "updates" from a single simple download page.
    Plus it comes with a pre-installed, licensed and activated copy of virtualized XP for 0$ that is legal for free use even in enterprise environments.