Slashdot Mirror
Ask Slashdot: How Would You Secure Your Parents' PC?
New submitter StirlingArcher writes "I've always built/maintained my parents' PC's, but as Mum has got older her PC seems to develop problems more readily. I would love to switch her to Linux, but she struggles with change and wants to stay with Vista and MS Office. I've done the usual remove Admin rights, use a credible Internet Security package. Is there anything more dramatic that I could do, without changing the way she uses her PC or enforcing a new OS on her again? One idea was to use a Linux OS and then run Vista in a VM, which auto-boots and creates a backup image every so often. Thanks for any help!"
Might wanna take out the CPU as well, just in case.
All you need. Click here.
Cut the network cable, remove the power cord, and call it a day.
Like email, browsing, and perhaps some photos and videos, get a tablet. I hate to add to the PC market shrinking (it is my main bread and butter), but a tab is typically simpler, and more than enough for many use cases.
Additionally, you can root and do a nandroid backup on initial setup as a quick imaging routine in case of problems.
Disclaimer, I wrote this on the commode with a nexus 7.
Silence is a state of mime.
and call it a day
Sell the PCs and get them iPads.
Problem solved.
I'm not joking.
Most people don't need the flexibility and attendant hassles of PCs anymore. Just give them an iPad or Nexus and be done with it.
such as Band of fools
and she took a few weeks to adapt, now she uses it (mostly) trouble-free. I also enabled Desktop sharing via VNC to avoid driving to her place every time she complains 'I had my icon here and now it's gone' or 'It does not behave as berfore' or 'The menu to send my mails is gone'.
Her grand-children also spend lots of time on this computer while she takes care of them, and I used to clean lots of malware after them... not anymore.
How about Windows 7? From what I remember about the steaming pile that was Vista, 7 looks very similar. Sure it's new, but if it looks the same that may be acceptable.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
Just teach her how to use Ubuntu.
My in-laws were having Windows XP issues, so I upgraded them to Mint. Zero support calls to me since then - and they like it...
Procrastination; I'll think of a sig tomorrow.
Freeze all system changes except saving into the the documents folder. There are a number of programs to do it, seems the most popular is Deep Freeze. It allows all system changes, but after reboot it is all gone. Some tweaking will allow making a few things persistent, such as the documents.
http://alternativeto.net/software/deep-freeze/
Build your own energy sources from scratch. http://otherpower.com/
there are less buttons...
Install Firefox, LibreOffice & Thunderbird. Insist that she use them. If she ignores your advice, tell her you can't/won't help her.
(Living on your own, doing your own laundry and being over age 25 adds necessary gravitas.)
"I don't know, therefore Aliens" Wafflebox1
My mom uses her Win7 machine as a User, and not as an Administrator.
You can avoid 99% of viruses, phishing, and other BS simply by taking away administrator rights.
You are doing all you can for the most part. Putting old folks on Linux is just asking for trouble. They don't want open source, they want compatibility with their friends and family. That means Windows, or at least a Mac.
If you want heightened security, buy them a firewall that does more than just NAT. Lock down their Wi-Fi with a good WPA2 passcode. Just remember you will have to maintain it.
No matter what you set up on a PC they will break it somehow. Trust me on this one. The best I.T. decision I ever made was giving my mother-in-law an ipad.
Good-bye
Bruce Wayne, is that you?
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
kubuntu looks just like windows.. she won't feel much difference. you have to motivate her to use the new system. put some pretty wallpapers or flowers or red/fluffy theme.. kde has bunch of them. she is gonna love it.
A linux distro that mimics Win 7 UI
http://zorin-os.com/
Get a tablet, show them how to use google docs. Enough.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Unplug it.
When I see comments like this, I am SOOOO grateful that mum bought a core duo imac 6 years ago, and it still is going strong....
This sounds like a great use case for a Chromebook. Easy to use, locked down by design. Everything lives in "the cloud" so reinstall if there's a problem.
If she already uses Firefox, great, if not, see if she can accept it. If she does, then add NoScript in and pre-configure it to only allow scripts from the sites she visits and their legit links and support sites. Basically, walk through her bookmarks and URL shortcuts and give just enough privileges to make the site load properly. That'll block a lot of the skeevy ads from appearing and protect against the vast majority of X-site scripting. You may still have to deal with new sites "not working" from time to time.
You may also want to install WOT (Web of Trust) if your existing security package doesn't block dangerous sites. That'll put a big warning screen up on any sites that are recognized as unsafe.
Also, if you can at least get her to upgrade to Win 7, that should stay in her comfort zone while giving you a few more generations of security updates.
Unless she absolutely needs it, uninstall Java.
And finally, since you have her off of Admin rights, I'm assuming you are doing all the administration-otherwise she'll forget some day and go out on the web when logged in as Admin. In that case, you'll have to go over there once a month to update Windows, Firefox, Adobe Flash+Reader and possibly Java. Or at least every three months.
I'm batman, you insensitive clod!
You, the OP, are a nerd. Your parents are not. Apple get "normal people". Do them a favour and get them something they won't hate.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
An unorthodox but secure way is to put her PC behind a small little OpenBSD box or something running squid and configure it so her PC simply can't connect to anything that isn't whitelisted. There are probably whitelists out there to make this configuration easy. As a plus you can hide those annoying banner ads other "questionable" things on the Internet.
It's almost like cutting the network cable. Of course use this approach in concert with others.
What type of problems? Is she installing a bunch of ad toolbars? So many install in the user folder, so no admin rights are necessary. Some of the pop-up malware doesn't need to have admin rights to infect the pc. They drop the executable in the appdata folder or a subfolder with a randomized name and start up from HKCU\software\microsoft\windows\start so it is all in the user's area. Try firefox (or chrome) with adblock and change the shortcut icon to the IE icon. Migrate bookmarks and few people will notice the difference.
Does she just hibernate the computer and rarely reboots, so you get slowness because of memory leaks?
I'll second the suggestion to upgrade from vista to 7. From a user's perspective they are practically identical in look and feel. Only a few icons have changed and I'll bet you can find a skin for 7 to make it look exactly like vista.
I like the tablet suggestions, but if the person is really change adverse, that can be a big shock. I hate to say it, but windows rt might be the best way to transition her to a tablet. If you like the idea of a tablet, try a Kindle as a cheap way to test the waters.
In addition to some of the suggestions above, I would set their DNS servers to OpenDNS
Then try Kubuntu. It is much more akin Windows, with a taskbar, "start" menu, icon tray. I've switched my mum's pc from Windows XP to Kubuntu 13.10. As she was already using Firefox, Thunderbird and LibreOffice, the transition was easy for her. And for me it was also easy, thanks to Firefox'es sync and IMAP. The only complaint I got so far is "it looks different" :)
They are cheap, easy to use and secure.
Or install K9.
Chromebook!
without changing the way she uses her PC or enforcing a new OS on her again
systemd is Roko's Basilisk.
When the Old Man was alive, I set him up with SuSE Linux and locked it (mostly) down. He ran it for 5-6 years. It never crashed, got a virus or had any known breaches.
With the release of WIndows 8.1/8.2 which demands and tracks huge amounts of personal information, Microsoft's offering is contra-indicated.
I'll let better people than I argue about the details of which distro/browser combination to use...
*** Don't be dull.***
That which helped me the most with this issue was enforcing Firefox with Adblock and Noscript, and setting the AV to update daily without confirmation and run scans every other day. This has reduced the warnings / malware numbers from roughly 120 to 0 when I run the scans manually.
The only problem is that you need to make sure they don't simply click "allow scripts globally" every time something doesn't work.
Good luck.
With a hammer
Perhaps Unbound DNS so she is resistant to DNS Cache poisioning attacks.
http://unbound.net/
You probably already have these installed but just in case Avast Antivirus, Malwarebytes, Fanboy's TPL List For IE. If you use IE. If not he has Adblock list too.
http://www.fanboy.co.nz/ie.html
Simple as that, you don't, it's just not possible....
I'd start with Avast, maybe Malwarebytes. Install Chrome, put it on their desktop and change the icon to Internet Explorer. Use SpyBot to blacklist sites. Setup everything to auto-update and auto-scan so they don't have to be bothered with any of it.
Then come back in a month, Secunda PSI and Qualys Browser give you a good way to keep track of what needs to be updated. Update it all. Registry doesn't really need to be cleaned these days, unless it gets really bad, I've found it actually does help performance a bit, CCleaner does a good job of this. Make sure everything is up to date and clean. Now go to the Control Panel, uninstall all the toolbars, uninstall Mcafee, etc.
Repeat this process every month... You can make things better, but you can't secure it.
Windows as a guest OS, Linux as a host using Virtualbox.
Set up a base Windows VM and clone it for her. When she ruins it, delete it and launch another clone. You can even ssh in and do it remotely.
I extricated myself from Windoze over a period of years, and so this is my recommendation. Before anything backup onto external drive.
1) Find the list of application functionality that you *need*. We'll get to *want* in a minute...
2) Install whatever flavour of linux you feel comfortable with. I use opensuse, but you might find mint or ubuntu easier due to large forums for non-technical users.
3) If you can find all the applications you NEED, e.g. email, browsers etc
4) for any apps that you want that you cannot find a less involved approach is using WINE or Crossover. WINE is free, Crossover costs a little, but has some support. Many windoze apps will run unmodified under it, some need tweaks.
5) Copy all your user data to the linux user account. It is generally not a good idea to have user and admin be the same account, but this is not the linux default.
6) For applications that are running natively, your data will be in the same place. For those apps you are running using WINE/Crossover you will need to point the apps to where it is.
Avoid using a VM if you can, not because it will not work, but you cannot control the portion that microsoft provides i.e. the OS.
If you run one application at a time under linux/WINE, you can fine grain the permissions, and limit exposure to windoze failings.
This is the simplest and least developed approached. For a few years I used VMware and a SAMBA mount from the linux system.
Nowadays, I would recommend getting a BTRFS underlying linux so you have snapshots available, and stop the problems with "cryptlocker" and other nasty viruses destroying your data.... If you have important data encrypt it. If you have vital data, back it up!! externally!! Often!!
FOSS is not perfect, but provides a lot of the tools you need, if you are willing to change. Eventually when you have got away from proprietary platforms, you no longer look to them first to provide your computing needs, and will be able to help others....
My $0.02.
To run browser(s)? If she is using web based email, then all her online actions are through Linux. I would think that would be more secure than Linux host/Windows guest. It doesn't necessarily need to be in seamless mode, but it might be more user friendly to her if it is.
If you could reason with religious people, there would be no religious people
secure LAN with ClearOS edgerouter and administer it remotely...
I would secure my or any one's parents' PC by first installing a well supported and regarded Linux distribution, with a firewall, ClamAV to repel viruses that could infect a Windows computer to which e-Mails are sent, and a simple login authentication with password that they would easily remember, but could not be be easily guessed by anyone else.
Remind them never to click on any Bank or other business ad or e-mail for which they do no business, and that all their insurance and banking vendors would send important info by snail mail.
Nothing else in needed or required.
I ask since that's what we use in work. It's one of the things that makes my system really slow(since it scans my hard drive constantly.) yet I've seen at least 2 people here that have gotten viruses anyway over the few years I've been here. (Considering the site is less than 50 people that sucks as far as I'm concerned.)
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
and installing Linux and configuring an IPTables firewall script that runs every time the PC boots up so i only have to visit once a week to check for software updates., all mom does is play various solitaire games and email a few family & friends, buy a few things on amazon and Linux does all those things quite nicely
Politics is Treachery, Religion is Brainwashing
Windows steadystate is a little known godsend. In situations where networked images weren't gonna happen it can maintain a specific setup and importantly is free to use. You're welcome.
MS The Enhanced Mitigation Experience Toolkit is a nice extra security layer.
You can use Software Restriction Policies or AppLocker so that they can only run the whitelisted programs and not random .exe files and whatnot. You can set this up with various rules, like path or publisher (for signed software).
AppLocker is easier to setup, but not available for all Windows versions.
It might seem like a drastic measure, but at the end of the day your parents probably don't need to install new software themselves. Automatic updates for programs can still work, if you set it right (for example with publisher rules).
Other than that: don't install software unless absolutely required (such as Java), use a PDF reader with JS disabled, disable macros in Office (if possible) and some other stuff...
The OS is self healing and comes with a full keyboard. Your tech support calls will disappear.
Only the State obtains its revenue by coercion. - Murray Rothbard
Windows 7 and Chrome with Adblock+Ghostery
That's what I did and it hasn't worked out too bad yet.
I put my dad's PC up with Linux a few years ago. I have him set up with reduced user privileges so he cannot fuck anything up. He does very well with everything he needs to do, and I've not had to worry about anything that he's doing with that PC in just as much time.
Step 1: Ask her to stop watching porn from disreputable sites. At least introduce her to RedTube and xHamster.
You could deep freeze the computer, aka make all changes non-persistant except in her Users folder.
I'd like to share my personal similar story, which doesn't necessary apply wholy to your case.
My mother uses the computer mostly for web browsing, and on windows she seemed to always get some sort of malware after 1/2 weeks. So first I made her use a WebConverger liveCD (web kyosk linux distro) and later switched her to Ubuntu. It's what she uses nowadays.
My mother was never very computer savvy, and doesn't use office much, so it's not clear if this helps you at all, but it might, so I'm sharing it.
Best Regards.
I bought my Mother an iPad 2 years ago. I didn't realize how profound the change over was for her until I saw her helping one of our other relatives with their new iPad. Not only had she mastered her iPad, it made her feel smart again.
She still has her Vista desktop connected to a printer and uses it when she needs to print or fill out online forms. But that only happens a couple times a year. We even got her a little JBL dock so that she could listen to music last year and she fell in love with the iPad all over again. It's crazy.
But it was a good reminder for me. Technical people get caught up in different camps (i.e. Linux vs. Windows vs. Mac). We forget that good tech is good tech. And when you can watch your own tech-resistant parents become empowered by one device. It's good tech.
I specifically went with an iPad because of their walled app garden. Higher functioning users could probably be just fine with an android tablet but this was my Mother. A woman who gets very emotional when things don't work right. And now 90% of my extended family have iPads because of her.
So before you think about changing your Mother's desktop, change the way you're looking at the problem. Users will try to tell you what they think they need but *hopefully* most of us are smart enough to go back and ask them what the problem is (not what they think the solution should be).
As I said, we did keep her desktop but the tasks that would open her up to viruses (surfing) now happen on the iPad. I went from having to clean her machine 4 or 5 times a year to zero. Getting that time back was well worth the price of the iPad.
You might want to look into Local Group Policies inside Windows. You can actually do a lot security wise inside the Local GPO of a Windows Machine.
http://technet.microsoft.com/en-us/library/cc725970.aspx
Create a host file in the OS you're giving them redirecting any http requests to known online shopping tv channels (QVC and the like), reverse mortgage companies, life insurance companies that prey on the elderly, etc. Maybe redirect to something to do negative reinforcement, like goatse.
In my experience virus infections happen most often by either clicking on suspect internet banners or P2P file sharing. I doubt your mommy is racking up the copyright notices, but she very well may be decieved by fraudulent banners; so my suggestions would be 1. get her to use firefox or chrome, install adblock plus and https everywhere addons 2. Use Microsoft Security Essentials - maybe not the greatest, but just fine protection generally. 3. make sure her computer is set to update automatically, as that should help mitigate some security vulnerabilities 4. as a secondary antivirus program, malwarebytes has in my experience, been very good. All the software i mentioned above is free, good luck brotato.
With a Mac; solve a big chunk of the problems right there.
Folks hate change, but everybody loves something new. So instead of fixing their old crappy computers or installing Linux, I give them a new netbook/chromebook running some kind of Linux. They immediately start to use the new shiny one and I never get any support calls, since the machines just work and keep working, year after year.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Maybe try Zorin OS. It's linux, but looks like Windows.
People who are treated like children behave like them. Give her the responsibility to sort it out when it goes wrong, and she'll quickly become an adult and learn how it works.
Goodness. I make a fair bit of my salary from environments where people have such casual attitudes to security, and install a single tool as a "fixed all my problems".
Good security takes layers. Robust backups, proven recovery or rebuild procedures, good practices for sanitizing incoming data, procedures to transfer sensitive data securely, and ways to safely store seldom used passwords are all subjects requiring thought and consistency. Schedule some time with your parents to walk though their usage patterns with them, to help them have backup practices and recover procedures they can work with. Work with them on sound password practices.
Too many people, and companies, have too many environments where a single "fix" has been applied and all the other risks ignored. Too many such environments have one "fix" applied in one place, and another "fix" applied elsewhere, which between them make the environment twice as vulnerable because they leave a commonly used escalation path, being probed by script kiddies all the time.
Install Windows 8.1. Install all Windows updates. Install Classic Shell. Install Avast Antivirus. Install PeerBlock. Install Chrome/Opera/Firefox. Install AdBlock. Install NotScript. Install KeePass. Setup a non admin account. Get a good router and secure it. Setup regular backups to an external drive. Most importantly, teach them not to open random email attachments or download random programs.
Install Windows 95 on it as nobody uses it and nobody writes malware for it. Security by obscurity 101
"I think my computer has a virus."
"What makes you think that, Dad?"
"Well, it's been running slow lately. And once a website popped up a notice saying it had detected a virus on my machine."
"... It did?"
"Yeah. I downloaded and ran the program it suggested but it seems even worse now."
"You're right, Dad. Your computer has a virus. Better take it to the repair guy."
True story. I love my parents, but they're three hours away by car, I gave up on Windows years ago, and there's no way I can talk them through a de-lousing session over the phone. ("Open the control panel. Go to the start menu... No, the one in the lower-left. Now click on it. LEFT click. Press the button on the left side of the mouse, Dad...") Computer repair shops still exist, or in the worst case they can take it to the Geek Squad who at the very least can re-image the damned thing.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
They tend to last longer too... not sure about newer models but in the past they were better quality and the cost was worth it; but buying used on ebay helped.
Other relatives, it's linux + openbox. which has them still confused for certain things. one jumped ship already and is probably learning more new things with Windows 8 than if she just learned the parts of linux she had trouble with.
Democracy Now! - uncensored, anti-establishment news
it looks like vista. it runs better than vista. it's more secure than vista. and if your computer is able to run vista you should be a able to run windows 7. back up her data. tell her that you have to reinstall the operating system. install windows 7 instead. my mother hasn't noticed that i replaced her vista over a year ago despite the load up screen showing it's windows 7. the only thing she has noticed? her computer works better.
Greetings, As someone in the IT industry maybe I can give you some advice.
Since she is on Vista, you might want to look into Local Group Policies.
http://technet.microsoft.com/en-us/library/cc725970.aspx
You have much finer, granular control over many aspects of Windows through it. It can take some trial and error, but you can setup an environment where only specific applications run and nothing else. Or, you can do things like not allowing application to run from specific locations (E.G. C:\Users\\AppData or C:\Program Data). Doing this can greatly reduce the amount of Malware and Virus infections. You can also prevent changes to things like the Start Menu or task bar, etc. A lot can be done with Local GPOs that doesn't seem widely known to the standard Windows user, but they can really help lock a machine down.
I don't know about yours but my parents mostly use the same 7 or 8 websites, so I installed Noscript/self destructing cookies etc (firefox addons) and whitelisted the sites they use often, instantly cut the regular cleanup workload by 70-80% for me.
No you fool. He's Britt Reid. Obviously.
Sleep your way to a whiter smile...date a dentist!
So you needs to choose, either
* Develop a liking for fixing her windoze crap
* Install a GNU/Linux and be done with it
Depends on the level of hands off administration you want to do.
1) For geeks and mostly computer savvy folks an install of competent Anti-Virus, Firewall, and Anti-Malware Suite and about an hour of teaching them about safe computer usage practices will suffice. The percentage of people this applies to is still quite small.
2) For the non savvy user, the options are somewhat limited. The above will NOT work. It will only make you and them frustrated in the long run.
a) If you have the money and option, go with an iOS device - computer or tablet. This won't completely remove your IT duties for them, but it will drastically lessen them after they get over the initial learning curve.
b) In some cases, installing a distro of Linux will work. This is mainly for users who only want to do email and browser things and are not looking to do anything fancy such videos and social sites. It's not that the various flavors of Linux can't do that stuff, it just requires special attention to get it to work. But usually after it is setup it doesn't need to be messed with.
c) For the most typical case, ie the user who wants to use their existing computer, about the only option left is to quarantine them from the computer configuration. Couple ways to do this: either Virtual machine that restores the startup state on each restart, or a tool like Deep Freeze that effectively whitelists executables on the existing computer and blacklists any configuration/installation changes. For my ailing father, this was the only option, his mind was not up to doing anything else. He just wanted to look at pictures in the computer and a little bit of Internet stuff.
In all cases, a remote administration tool will help out when they have further questions. Team Viewer happens to be my particular poison in this area.
Why not go with a router that does packet inspection for everyone in the household. For computers that do not leave the household, this seems ideal. OpenWRT and DD-WRT provide some options. While Packet Protector issued and EOF in 2012 (http://en.wikipedia.org/wiki/PacketProtector), others exist.
Sandboxie - End of story. Everything except the OS runs sandboxed.
http://www.sandboxie.com/
Once it is up and running, I will refer my parents there, thanks in advance.
Gently reply
Always introduce them to free software before the switch to Linux. It's far too much of a change to do both at the same time, and they'll reject the change entirely. Once they get used to free software on Windows, they can use the same things in the same way on Linux.
Ask me about repetitive DNA
1 backup the data from the computer and wipe the computer ,teamviewer ,avast and whatever else you think they will need
2 install Win7 (you should be still able to get a LEGIT copy somewhere) DO NOT CONNECT TO THE NET
3 build on your computer a win7 and whichever MSO set of WSUSOffline patches and create a Ninite loader with Firefox/chrome,7zip, LO
4 run WSUSOffline and get the patches done (optional step install MSSE and upgrade MSIE)
5 run the Ninite Loader
6 FOR EACH OF [FIREFOX CHROME MSIE] WHERE INSTALLED =TRUE hit the adblock plus site and get it installed and configured.
7 setup Teamviewer and set a permanent password
8 set like EVERYTHING to auto update and "silent" mode where possible.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Personally, I did switch my mom to Linux. She had no problem adjusting to a Gnome desktop. I put the icons for her favorite apps and the home folder on the desktop and made the desktop folder read-only and there are no problems really.
Twinstiq, game news
https://ninite.com/updater/
Pretty nice for more or less automatic updates.. well still needs a few clicks.
Run Carbon Black on her machine and you'll know absolutely everything that happens on the machine. Combine it with a good antivirus like ESET and you'll at least know definitively when the machine is infected.
Add to this a small server and setup her machine to do diskless network boot, and you're all set. Even if she gets infected, you know exactly what happened and all you need to do to fix it is reboot, and it will pull down a fresh uninfected image and boot that. See the howto here.
This is a really hard situation. Not least because the stress of provided continual tech support for a low-skills user ends up putting a lot of strain on otherwise good family relationships.
My solution, in the end, was to practically force my mother onto an Apple. Apple is a better basis than Windows for users who otherwise muck things up. Also, dunno if this is still available, but at the time the "geniuses" provided her with decent support for a pretty marginal annual fee - relieving me of a lot of the tech-support stuff (why can't I print? I can't get on the Internet! - usually something silly). This was a relief all around.
Failing that, why not Linux. Mint/Cinnamon can be made to look a lot like Windows. Assuming it's an older version of MS-Office, LibreOffice is nearly a plug-in replacement. If Email isn't already in the web, put it there. Browsers are browsers, and no one should be using IE anyway. Set up a Linux machine with three desktop icons: Browser, Email (link) and LibreOffice Writer. Make everything read-only except where documents are saved, uninstall everything else (or at least remove the obvious shortcuts).
Enjoy life! This is not a dress rehearsal.
Get them a chormebook and be done with it. Seriously, they are less the $500 at walmart. Make it a x-mas gift. :-)
Inevitably the children must parent their parents, especially as the elders increasingly lose their capabilities in the latter years. Start now by growing a spine and challenging them to get out of the computer dark ages for their own safety's sake. The solutions pitched here so far all deserve scrutiny, but frankly if the lynchpin is that your mother is an MS Office power user (macros, etc.) then you're stuck with the Windows platform so just fork out for a Windows 7 license and hope for the best. OTOH, if you find out that her dependence on MS Office is just psychological, switch her to a tablet or a Linux-based PC solution and be done with it. If she whines, you get to play back all the old tapes she indoctrinated you with during your childhood. Fair is fair. You're doing it for her own good, after all.
I deny that I have not avoided attaining the opposite of that which I do not want.
Set mum up with a Raspberry Pi with a USB Ethernet dongle. Run all traffic through a strong firewall on the Pi. Lock down things like outgoing SMTP and IRC so WHEN mum gets a trojan it at least can't send spam.
Vista is not loved at all by MS any more. Patch support ended April 10, 2012 (http://windows.microsoft.com/en-US/windows/products/lifecycle).
Continuing to use this is problematic at best. Also, the hardware has to be getting old at this point. At least go to Windows 7.
Have you considered having her play with a Linux live CD, or coughing up one of your older machines from around the house for use as a Linux box? It wil
most certainly be easier to support locallly.
Don’t use an insecure environment to begin with. You’re the one who will have to fix it again later.
Install an easy to use GNU distribution. If they don’t like it they should get someone else to install Windows and deal with all the shit.
Buy them a Mac or an iSomething.
The great thing about buying Apple is you can always send them to the Apple store for support, once you determine you can't solve the problem via screen sharing.
These damn sites are getting very aggressive. I don't ever want to click anything to close, since it may trigger more user activated insanity, but they now block out Ctrl+w, Alt+F4, and force focus on a popup that prevents closing the tab. I've had to shutdown the entire browser to avoid them (sometimes forcefully using the task manager) ... I'm sure there is a way to prevent overriding the keyboard shortcuts, but then sites like google docs would probably break, so I never looked into it further.
For my parents, I showed them how to use puppy linux to copy off their important files and then use the restore CD. I have their most often used apps on a usb stick derived from portableapps.com and I figure if they have to go back and reinstall the proprietary stuff on their own, they may eventually be weeded off of it.
Change to linux!!
Really, windows is just problems, not worthy the trouble.
I migrate my father computer to linux, using Kubuntu.
Before the migration, already changed the email to thunderbird and the office to openoffice (now libreoffice), saving as odt, but teaching to export documents as PDF when sending to others (and solve the .doc/.odt support by others). Média player also setup to VLC and browser firefox.
After more than half year using windows and open applications and solved any difficulty encountered, i finally replaced windows by linux.
In linux, the apps are the same they used in windows, so the migration was easy. I just configured quick-launch icons for the needed apps, associate file extensions to the correct apps (mostly videos to vlc), saved authentications in main sites and main bookmarks in bookmark bar and setup digikam to import the pictures from the camera.
they only had 3 problems: using floppies ( yes, it was some years ago :) ,they didn't umount then all the times... solved by using a sync option for floppies. .exe files ... most of then are virus, so it IS a good thing they can't execute then. only once it was something useful, so i remotely setup the wine, so they could run the .exe and after that i disabled the wine ( i don't want then executing random things, even on wine).
Another problem was the
The final problem was the login page, i was ready to remove it, as they use only one account, but after some days they got used to it and i let it there.
My father uses today linux even better than what he could use windows. My mother only uses the browser on some sites (mostly banking) and have the same difficulties as in windows.
Right now the also have a tablet (BQ edison), that help the quick email check and browsing, making the PC less used.
So migrate to linux if they really need a full PC, install every app they need and configure everything. If not already, replace in windows everything you don't have in linux, to ease the migration (changing less things at same time is always better)
If they don't really need a PC, buy a tablet.
Higuita
I did Linux Mint and MS Office using Crossover as it meant that she could keep using the MS apps, but had a safer stable base to work from.
And - so my littlest sister couldn't keep installing her toolbar / chat app of the week on it - those caused more problems than anything else.
My mother-in-law had Linux (Xubuntu) on her personal computer from day one, luckily. Before that she shared an XP machine with her husband. She's happy with Linux because she's less afraid of doing something wrong and there are way fewer options and those that exist are grouped in a more meaningful way: application type such multimedia, games, etc. rather than company names.
Of course, there's still stuff that only I can fix. Mostly when an update failed or a session wasn't (re)stored properly but I always felt more comfortable that way than supporting XP.
couldn't be bothered to support them with their Windows crap, so I installed Debian, configured the thing to email me interesting* stuff from the last run's system log on every boot, so I notice if something goes wrong. Didn't happen so far. (*) since it's hard to grep for interesting stuff, instead i cut away the known-noninterestnig stuff (from a file of a-priori known patterns)
CLI paste? paste.pr0.tips!
I dunno - AV-Test gave MSSE a "Must try harder" on it's last report card. http://www.av-test.org/en/tests/home-user/windows-7/mayjun-2013/
It gripped her hand gently. 'Regret is for humans,' it said.
I get asked this a lot whenever I fix someones computer. It's hard to deal with.
"Can't I just get an anti-virus program so I never have problems again? I thought I had Norton. Maybe it expired."
Non-technical folk seem to be under the impression that they can pretty much do whatever they want so long as they have an anti-virus software. Unfortunately, in the real world, you actually need to change your own behavior. In the case of having some sort of software that blocks potentially harmful scripts/programs/connections/whatever-else, an unfamiliar user is going to see that as annoying and just disable the whole thing. Worse yet, they still think they are protected and will continue digging into things they should not under those false expectations. Far too many times have I setup a proper security environment on a client's computer only to have them call me back again with problems and they admit they disabled everything because it was preventing them from accessing content they were curious about. Basically, even if your mother knows there is a virus hidden in this mysterious executable that was emailed to her, she really, really wants to see that cute kitten!
So, don't bother. You can try as much as you like to pound these things into their heads, but they will never listen. Get ready to always be there to fix their mistakes.
You can, however, try installing Comodo firewall, enable Firewall, Auto-sandbox, and HIPS. Make sure all the common software that will be used is working properly and not being blocked (probably 90% of it will be automatically detected as safe). It should, then, mostly stay out of the way while blocking unnecessary crap. Also install Malwarebytes, and have them run that any time they experience problems. That usually cleans up most common issues.
If they just use the web and play webgames, why keep a computer at all?
We keep a shared guest computer in our home, and we face the same challenges. We don't want guests messing with settings, breaking the software, downloading viruses, etc. We're looking to either get a Chromebook or Android stick that we can just plug into the monitor. Guests just want to surf the web and check email, so why provide anything more than that?
Install Linux Mint 13 LTS. For remote administration, install SSH server & x11vnc, and forward SSH port to the LM13 machine. Done! I did this for my Dad and have had no complaints; he has Firefox, Chromium, LibreOffice and his DropBox contents. I log in on occasion and perform an "sudo apt-get update && sudo apt-get upgrade" to update his box.
in the subject line and continue in the body?
The main thing is to get rid of Internet Explorer, which, on Windows 7, you can do.
If you lock down the browser hard enough, viruses stop being a problem, but some sites don't run. (This is sometimes amusing. I have Abine's Do Not Track Me installed, which blocks almost every tracking thing known, and I have third-party cookies blocked. As a result, if I watch a CBS TV show, I get the same commercials, over and over again.)
Install Secunia PSI to keep "all other stuff" updated.
Upgrade to at least Win7, Vista is too old.
Auto updates from MS
MS free antivirus
Works for wife, old mother in law and old parents.
Jeez people, all the rhetoric about PC's, installing linux, vista, Win7, VM's, anti-virus, yadda-yadda-yadda. It's almost like you guys are doing this simply because you want to feel important in your parent's lives.
Just get them a tablet and be done with it. They can retire whatever clunky (and outdated) PC they are using, and free up that desk space for their family picture frames and cookie jars. Done.
I personally would recommend to them an iPad as the older-generations that asked for my help have been hugely thankful for simplifying their lives. I supposed an Android tablet would suffice since Slashdot is so infested with iHaters, but I'm thinking of the parents and not the "kids" with a chip on their shoulder.
Seriously. Just get a refurbished iMac and put it in there.
I converted my parents a few years back and was so happy when I could finally stop cleaning up virus and malware laden crap. Even better, when I came to visit, I wasn't scared shitless that there were any key loggers or other unpleasantry installed. Yes, I know OS X isn't malware-proof, but it "feels" less vulnerable than what they had. The OS is set to automatically update along with their apps and everything is automagically backed up with Time Machine. My Dad still likes to play games in Windows; running Boot Camp and Deep Freeze keeps things happy there and when they want to surf, they just boot back into OS X.
No, really. Turn it into a terminal that connects back to something at your place. Then you can manage it for them, like a good child should be doing.
And no, i'm not talking a VT100 as some sort of 'age joke', but a modern graphical desktop type of terminal.
---- Booth was a patriot ----
I've done the VM on boot idea for a couple of people. Within Linux I put a script that will restore from the latest backup VM on demand. This works extraordinarily well.
My parents are a similar time away (by train). I didn't want them to have Ubuntu forced on them, but after the first lost weekend -- when I was about 19 -- I installed Ubuntu alongside Windows, and set the default to Windows.
The next time it broke, I told my dad how to boot Ubuntu over the phone, and asked if he could manage with that. He could for a while. (I also pointed out that my brother and sister never needed me to fix their computers, so maybe he could ask them to fix his, since they hadn't moved out yet.)
Securing a system for novice users isn't really that hard. The two most important steps are: (1) make sure they're running as a limited user, and (2) have them run a decent, but lightweight, anti-malware program. You've already indicated that you are doing this. For the user account, I strongly recommend not even giving them the admin password so they won't be tempted (or socially engineered) into using it. You should set up remote access so you can get in if they need help with something that legitimately requires it. For anti-virus, Microsoft Security Essentials works pretty well - it's lightweight and free. Not 100% perfect, but nothing is.
DO NOT install the Java Runtime unless it's absolutely necessary. Having this crap in the browser is the #1 vector of malware infections today! If the user absolutely needs it for one or several specific sites, use a whitelist. (Or, if it's for a non-web application, disable the web plugin using the control panel.)
Watch out for the Adobe junk, too - Flash Player and Adobe Reader are major malware vectors these days. Unfortunately, you can't usually skip Flash and PDF support entirely. Therefore, I suggest having the user use Chrome instead of IE. Chrome has its own version of Flash which is automatically kept up to date. And you don't need Adobe Reader, since there is a built-in PDF viewer in Chrome (which you can also associate with the .pdf file extension if you want). Install Adblock Plus for Chrome for some added peace of mind (not to mention a better browsing experience). Uninstall IE (or at least hide/remove the icon) so the user won't be tempted to run it.
Upgrade it to 7 you moron! Hardly any real difference except it's more secure and takes less system resources. And ofc take away admin rights, install chrome/ff etc etc
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
People still use Microsoft Office? I use OpenOffice.org
To the desk with lots of duct tape so it's harder for anyone to steal the computer.
Plus if you use more duct tape to stop the user from pressing on the keyboard or moving the mouse, it does wonders for preventing "drive by" website infections... :P
I do not fail; I succeed at finding out what does not work.
It is almost inevitable that I will have to provide them with a Windows machine. The *nix alternative is too weird and too much could go wrong in their hands.
(1) I would lock them out of any significant changes. They would not be capable of getting escalated permission (to install or uninstall software, to use administrative tools, etc.) without a special* password.
(2) * I would come up with some means of rewriting the admin password using PRNG and a given sequence. Each time Admin permission is given for installation of some program or another, it would advance the sequence and re-write the Admin password. I would keep track of how many times this has been done and always know which bunch of pseudo-random characters it is currently. I would probably be on the phone with them for awhile because in some cases you have to escalate two or three times to get something installed or changed.
(3) A sub-Admin account would exist but with severely curtailed privileges. Where "Adminstrator group" permissions are given for services or privileges, I would remove "Administrator group" and replace it with the name of the fully-powered Admin account, and only add the name of the sub-Admin account where it's needed. They would regularly use this sub-Admin account instead of a regular user account. This way they could plug-and-play printers, change windows services (SOME of them) and so on without needing to call me up for the mystery password.
(4) All remote access services would be shut down. They would be entirely on their own, no remote desktop or remote help. If they somehow heard about remote desktop or remote help and wanted to do that, I would tell them too bad, that if they don't want a secure computer we can do a fresh re-install and they can have the complete out of the box experience and damn the torpedoes, but that I would no longer consult with them on that computer. That would change things, if not right away, then certainly when they are swamped with viruses and getting hijacked down the road.
(5) I would demand no outside consultancy, just like I do with any windows box I "secure". If somebody I've helped comes back to me complaining that they went to somebody else and now everything I did was undone again, I cut them loose. There are too many people posing as "computer geeks" who seem to enjoy installing anti-malware that's pure slowdown and kicks and screams to stay on the system, "speed up" and "doctor" apps that are known to be shady, and other massively market-hyped crap. Since insisting on no outside consultancy, I've significantly decreased my stress and workload by ridding myself of chronically repeat clients. In fact, I don't do street computer work any more, at all. It's not worth it. I would be doing my "parents" a serious favor at the cost of a lot of stress and hassle in my life.
(6) I have never been satisfied with the auto-update experience of most applications. I would have to choose software for them that I feel is secure enough not to need updating, and to leave it at that. Windows Update is bad enough, and they are already going to be screaming at me over the phone on those days when there's a serious patch and it's in the news and Microsoft's update service is running slow or haltingly for several days.
Alternately:
I would just install something like SUSE and a virtual machine running their precious Windows. I would get my "parents" a really expensive laptop, two sets of wi fi keyboards and mice, two wi fi monitors, and set them up with SUSE giving them two simultaneous but separate experiences inside their Windows virtual machines. It would take me for fucking ever and would be complicated as shit, and would be really expensive. Then since they would want persistent Windows experiences, Windows itself is still there to be a total complete headache nightmare. So why go the convoluted "matrix reality" style virtual machines in a linux box when they can still screw up their persistent albeit virtual Windows experience? Yes there'd be this nice safe l
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Rename the Libre Office icons all to Microsoft Office and GIMP to Photoshop . It worked on my mother in law
with a Mac or an iPad.
cue the usual "but OS X is just as vulnerable" or "only until market share" bla bla bla trolls in 3... 2... 1...
The simple fact is that a) it works, b) it's available now, not theoretically or with enough work and c) it's supported by other people aside from yourself.
Assorted stuff I do sometimes: Lemuria.org
I gave my mother an iPad as "additional" device as a present. Soon afterwards, PC useage and resulting problems dropped by 80-90%. Very good investment...
Disclaimer: Not everything is perfect with an iPad for seniors (e.g. maximum font size is still too small, most apps ignore setting anyway). But even with 73 years she took to the device like a duch to water. A 13'' or even 15'' tablet would be a better choice for older people.
ZorinOS. It's designed to make it easy for windows users to migrate. Let her try out a live session and see if she'll be okay with it. http://www.zorin-os.com/
It's called the Depart of Reality where your mom is not an IT expert and you care enough about her not to give her a platform easily exploited.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Adblock plus to keep the ads out, Web of Trust (mywot.com) to keep them from clicking on garbage, and AutoHotKey to keep them from right clicking when they mean to left click and mess everything up. Old folks lose dexterity in their hands, and don't even realize they're right clicking. I fixed this issue with my Grandfather using AutoHotKey to make right click = left click, and then I mapped the + on his num pad to a right click so that the functionality is still there when needed. I detailed it here:
http://www.tidbitsfortechs.com/2013/10/using-autohotkey-to-assist-the-elderly-disabled-and-more/
Nobodies Prefect
Tidbits for Techs Technology Blog
If they can't make do with a tablet (and most parents can), then buy a Mac. You really do not need to run a virus checker all the time. If they use the App Store to by software that cures 99% of possible malware issues. Even if they download applications the default security restrictions are good enough they may not be able to run it without asking whereupon you can advise them if they really should...
But buying a Mac is also the best move for a very good reason; you spend more time with your family instead of with their computers.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Not being able to type on a tablet might have been a problem with the broken Bluetooth keyboard support in Android 4.3, but it's fixed in Android 4.4.
You may want to consider alternative DNS servers like OpenDNS on the router.
...at least upgrade her to Windows 7.
Better performance, more secure, still supported.
Btw. people are far better in handling/learning new things than they think they are... I've upgraded my father (80+) to OpenSuSE without any problems.
Don't expect them to learn Linux now - even if it is a better option. Security Essentials or Avast should help. It would be better to encourage them to use Google Chrome or, better, to use Firefox with NoScript, HTTPSEverywhere, though NoScript can be a bear to learn to use effectively (This, only because of recent concerns about Google's on-off relationship with the idea of having respect for users' privacy). Windows 7 or later should ensure they can quickly give new programs admin permissions if required, even if they are using an account with few privileges.
I tried to plan ahead, and that worked out except.... When my parents started to use a computer it was on Windows 98, Eudora for mail MS Office and Firefox. Then I moved them to Windows 2000, then XP, keeping the old layout. When moving to Windows 7 I ditched MS Office for OpenOffice, and they didn't notice. The only thing that confused them a bit was the desktop icon. Then came LibreOffice, and even that worked out. I make a shortcut for Writer on the desktop, rename that to "Word", and that's it.
Eudora was great at the time. I used it myself. Then came Thunderbird, but my mother didn't like the buttons, so I had to move back. Now she complains because of big pictures send by her brother that don't scale down in Eudora.
I'm still very glad I got them to use Firefox instead of IE. With the plugins that's the most important security measure in my opinion. I've set Adblock Plus and I believe Noscript with settings that don't require attention from them. It blocks certain sites, but most normal sites just work.
At first I used Avast, but it became too annoying, and then I got a paid Kaspersky license, which works out fine until now. In the past 15 years they had two viruses that I know of.
As a PC shop guy I run into this problem quite a lot and there are actually a few options. You can have a program like Paragon Backup and Recovery Free set to make daily/weekly/whatever disc images and then easily roll it back when they bone it (because if they are like most older folks no matter how many times you tell them "don't click on that" they will) but the problem with those is that you usually have to be the one to roll it back, too complex to restore from disk image for an old person.
So while this way is no longer supported on Win 8 and above (but since Win 8 is a bomb who cares) this is the way that I do it and it gets the "Hairyfeet seal of approval". This method scores damned near a 10 out of 10 in both keeping infections out and in fixing if they manage to bypass your security and infect it anyway. And yes that is a problem, as i have seen older folks actually turn OFF the AV because an email told them to. As a bonus it costs $0.00 and doesn't take more than an hour tops. Ready?
1.- Install Comodo AV Free and be DAMNED SURE to pick YES when it comes to installing Comodo Dragon, the why will be apparent in a moment. You can go ahead and uncheck geek buddy, that is your job, they don't need some guy at a helpdesk in India to tell them what to do. 2.- Go into Comodo AV after install and turn it to "paranoid mode" this will run everything in a sandbox by default and treat everything as suspect. Now for your not completely clueless you can leave it in clean PC mode, but for those that click the "punch the clown and win an iPad" types paranoid is safest. 3.- the final step is to download and install Comodo Time Machine and LOCK the first image, call it "clean PC" or something else that will be easy to tell grandma over the phone. A bit of warning when it comes to CTS, it dos NOT work on win 8, it does NOT work on dual boots, you should also set it to clean out old snapshots after say 30 days. That said if you want a PC that can recover from pretty much every bug out there? here ya go.
And that is it, stick a fork, there is no step 4. Of course this assumes you have already done the common sense things like set windows update to automatic but other than that you should now have a 100% clean PC that will stay that way. The browser is sandboxed and locked down, runs by default in low rights mode, the AV is watching everything like a hawk and if they manage to talk the old folks into bypassing the AV? Time machine has you covered. I have several users that would get more nasties than a Bangkok whore on coupon night and thanks to this little 3 step program their PCs are pretty much idiot proof. Oh and as a bonus if they screw anything up, uninstall a printer driver or just trash a program? it takes less than 10 minutes over the phone to restore with CTS. You tell them reboot, hit home key when they see the big clock, pick the day before (assuming you set it for daily or snapshot on boot) and leave it alone...and that is it, the CTS will set the machine back and it'll be like they never made the boo boo.
ACs don't waste your time replying, your posts are never seen by me.
There will be some whining, but swap in a new hard drive, keep the old one "in case they want to go back", and set up a VirtualBox Windows environment for iTunes and whatever other "Win-only" software they must have.
// have done this for friends, and they are still happy 3 years later.
You'll both be happier in the long run.
My father is brilliant, but he's not a computer person. So the last time a virus took out his system, I treated him like any other non technical user on my network. I limited his ability to do damage to himself and others. NT user permissions in Windows 7 are useful for this. You can adjust anyone's group permissions, be they on a single PC or an Active Directory. It's not difficult to learn how to use these things, if you're not a systems administrator; and my dad hasn't had a single problem with viruses since I set it up for him. Remember, when you're running any PC, a virus needs admin permissions to do real damage. Deprive your users of admin rights, and (while you may still have issues with viruses) you're not going to fry your PC.
This signature has Super Cow Powers
I'm a vampire, and that offends me, you insensitive clod.
I've had significantly less 'support calls' from my parents in recent years. Back in the XP days it seems like they caught a virus every month. So I'm not sure if it's security essentials or Windows 7, but things are much better these days. The worst thing that seems to happen nowadays is that they get tricked into installing some sort of application that it designed to look like it's either virus protection or something to speed them up. They were getting phone calls - the person was trying to get their credit card number out of them by scaring them with nonsense like "our monitoring on your computer is all lit up red...". Anyway, all I have to do these days is occasionally uninstall anything that they got tricked into installing and running through windows update to install non-critical updates. The MOST important thing, I believe, is setting Java and the Adobe products to auto update - as these are components that can allow malware to be installed from just browsing
Usually this can be remedied using remote control (VNC et al). If remote control from Windows does not cut it, use remote control from a Linux boot disk/stick - next time you visit your parents bring one and configure the PC to boot from it when present. This gives you full access to the machine. Don't subject your parents to the whims of those 'computer repair shops' unless you know for sure that the shop they'll take it to is legitimate. Yes, it takes some time to help. No, you should not feel the need to do this for all your friends.
This also works for Android devices by the way, handy to know in case they decide to get a tablet and manage to mess that up. Just connect the thing to the PC and access it through adb and/or a remote control program like teamviewer.
My parents live in another country yet I still manage to help them from the midst of the Swedish forests...
--frank[at]unternet.org
Yeah, I know she thinks she wants to stick with Vista and Office. So don't replace her computer, just get her an additional one -- one that is nothing but a web browser, since nearly everything she does is on web sites anyway. Do show her how to use Google Docs on it "for little stuff when it's not worth taking time to use full-blown Office". Show her how it turns on almost instantly, and how light and compact it is.
It won't be long before she doesn't use the Windows computer any more. And when she stops using it, it will stop having maintenance issues.
I have ie11 with all security options enabled and have emet security also. I'd be willing to put this Hercules against anything.
As the others have said, just get an ipad. We got 1 for our grandparents, previously one used a PC sometimes, other scared of PCs and computers. both love the ipad, it has changed their lives for the better. ..
You can easily these days live without a PC. An ipad is just more stable, faster at "boot up" for rapid browsing, has the wonderfu Facetime, 1m apps, lots more.
Dope, upgrade them to Windows 10.x Buy them a mac.
Everything I've learned tells me you're going in the wrong direction. You'll stick them on something that they're going to hate. Get the old folks Macs. Sucks because they're more expensive, but in my experience the technologically challenged should generally be on them.
. . . if you want it to seem un-changing.
They are used to vista, but vista won't be around forever. It will be dropped, like they're dropping xp. Now they have windows 8 which looks completely different. With linux, you can keep the same look as long as you want to. Theme some window manager so it looks as vista-ish as possible, leave it at that. You can then maintain a linux system but keep that old-fashioned look forever. I use icewm, so my machines look the same as when I started using linux in 1997. Except for the increase in resolution. Much has improved since those days - but no need to go with a different look & feel unless I want to.
i'd get them a chomebook.
easier to use. minimal risk. minimal cost. simple to replace.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
It works great to keep the bad web stuff away. the moment you close the broswer it is like it never happened. Best thing i could think of without going to linux or VMing an entire OS.
www.sandboxie.com
Who became the lead developer after Bond killed him? And wasn't Zorin more of a hardware guy?
http://www.opendns.com/
My dad is reasonably tech-savvy, so he doesn't have too many problems.
Even better, my uncle (who is a few years older) is convincing my dad to try out tablets.
Everything she wants to do on the PC can be done on an iPad instead.
Pages and Numbers are outstanding word processor and spreadsheet.
Zero security issues to worry about.
Bluetooth keyboard makes typing easy.
External monitor support with AirPlay lets her mirror her iPad to her TV.
Browser supports HTML5.
Only thing she can't do is Flash, and that's dying anyhow.
My mother(88) is using Linux. She has no idea that she is using Linux. My mother in law is getting a chromebook and will have no idea what she is using. Interestingly both of their demands and security are being met quite well. My mother surfs a bit, she watches youtube a bit, but she mostly types documents to print(OpenOffice), and emails on gmail. So Linux is quite nice in that with a tiny bit of security her machine is well locked down from the predations of both the evils of the internet along with the destructiveness of various descendants.
My mother-in-law only gmails and that is it. So a chromebook is perfect. (Tablets are out due to the lack of keyboard or the fiddly keyboards) plus for the same price as an 8 inch tablet she gets an 11.6 inch screen.
But the dealbreaker for linux is often an iPhone. Yes you can hook up an iPhone to Linux but it is a pain in the ass along with things like the backups not being very good at all. iCloud can take care of quite a bit so that is becoming less important.
But for me the best bit with recommending Linux is that even the Raspberry Pi can run a fairly robust Linux. So old crap hardware can meet basic internet needs quite nicely.
But back to the original question. The security of a basic locked down linux set up is fairly good. With windows my problem was fixing all the stupid plugins and downloaders that various people would install. Now they can't install or alter much beyond things like bookmarks.
Mac or Linux - doenst even hae to be a new mac, probbaly be better to run snow leopard or lion over mavericks. Either that or Linux.
Being PC comptible is obvverated in the non-techie/retired generation. Most do email facebooks, some surfing and some light word processing. If they do thier own accounting then it would be the Mac as it has quicken/quickbooks.
But for most folks Linux would do the job. Both OSs are less suceptible to malware and do a great job for the jobs most older gernation would put it to.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Let google maintain it for you.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
I swear, read the fucking summary before commenting! Changing OS is not an option, changing platform (and therefore "the way the computer is used") is not an option, abandoning MS Office is not an option and OP is not asking for recommendations on an Internet Security package.
(Also, NoScript is really problematic for "normal people", so stop recommending it. AdBlock takes away most nasty things anyway)
Have your parents pay some service to clean their pc.
After once or twice horking out 65$ to fix for their stupidity.. maybe they'll listen to the suggestions provided by the place they're paying the fee too.
If not, let them keep burning money.
I hear what you're saying. I'm at the age where before long I'll be an old guy. The new kids will probably think I don't know anything about some new thing X, only to find out that I helped write X.
My mother was a pioneer who helped bring major companies into the digital age. She's taught programming, database architecture, etc. and was a top ranking information systems executive for Fortune 100 companies. I learned a lot from her. It would be accurate to say she's forgotten more than most Slashdotters ever knew. That's one reason she calls me for help - because she's forgotten. The other day I mentioned a principle she taught me and she didn't know what I was talking about, having been away from it for 15 years.
The other reason she calls me is because while she could patch a Unix BINARY by manually editing the machine code, Windows 8 is a new, foreign land. She had a Vista machine before this Windows 8 laptop, but she's much more comfortable with Solaris or System 7, or any environment that runs Cobol.
I greatly respect her knowledge and experience, especially her deep understanding of timeless principles. She recognizes that today's systems and today's threats are not the same as the 8080 powered systems she wrote assembler for.
I've been programming interactive web sites since 1997. Recently my wife, who is ten years younger than I, taught me a bit about Facebook.
Each of us has strengths and weaknesses. In general, as we mature we synthesize random knowledge into principles - broadly applicable statements that reflect deeper understanding than feature X and product Y. When we're younger, we're interested in each new version of product Y, the new performance feature and this new security feature.
The foolish young person might think that the "old guy" is out of date. The wise person who has seen some things realizes that the new kid actually DOES have something we could benefit from - the PFY often knows that the virus scanner we've loved for 20 years hasn't kept up, and he knows the new, improved tools.
When I want to know relational calculus or how to bid a job without requirements, I'll ask the old guy. When I want to know how to uninvite someone from a Facebook event, I'll ask that kid over there who is building the Facebook app.
Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )
APK
P.S.=> For FULLY securing a Windows-NT based OS bearing PC (using CIS Tool) I use the security guide for Windows I authored (& got paid for in 2008 but initially authored in 1997):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&qs=n&form=QBLH&pq=%22how+to+secure+windows+2000%2Fxp%22&sc=1-31&sp=-1&sk=&cvid=7aede4a8ff4f46e19c0852f67e2ac683
...apk
Explain that they have options which are pretty secure, but different from the exact UI they are used to (Chromebook, Windows RT, iOS). Then there is OSX, which does run MS Office and is sort of secure, but still lets you shoot yourself in the foot if you go to some length. Or they can stick with x86 Windows and hope for the best. Then be honest about your own time commitment in fixing any messes.
Then let them make a choice like adults. Hopefully they modeled all of the above steps during your formative years.
If a virus cannot get into the Windows registry, it's not going to be able to be a persistent problem. The only way it can get into the registry AFAIK is via administrative prileges (or a privilege escalation exploit). Any simple file downloads will be blocked by the virus scanner. Obviously, keep the computer patched so that privilege escalation exploits are limited.
If a virus does get into the registry, the only way to be sure it's gone is to reset the computer. This pearl of wisdom comes from tedious experience.
Just give them a standard account on the computer, keep the administrator account password to yourself.
Also - it's very helpful to keep their computer behind a router which provides their WiFi. The router gets probed all day long and stays mute, and the nasties never get to strike up a conversation with the operating systems behind it.
"Well, it's been running slow lately. And once a website popped up a notice saying it had detected a virus on my machine."
"... It did?"
"Yeah. I downloaded and ran the program it suggested but it seems even worse now."
"You're right, Dad. Your computer has a virus. Better take it to the repair guy."
In fact, the one thing a stereotypical senior citizen might benefit from is media education.
Has no one yet mentioned Steady State? It is meant for places like libraries, whilst not needing a server to manage the clients. It works with Vista, is free and lightweight. I recommend getting it all as clear as you can, take an image (for your own sanity) then use SteadyState to keep it as you need it.
I love Linux, but don't put that on some unsuspecting fool. Anyone who says it's ready for Dora Public to switch out from Windows has something wrong with them.
Fantastic, That'll be nice and handy for me at least once in the future.
Thankyou.
Life is like a box of chocolates, you never know when your gonna get food poisoning.
Mom got hit by a nasty set of targeted viruses about 6 yrs ago via email, then others were loaded. Her PC was unusable until I could visit 2 months later. That taught her how serious the problem was. She was tempted to buy a new PC to "fix" the issue, but I and other family members were able to talk her out of it. She had done that before in the mid-90s and got hit with a minor virus a few weeks after getting a new PC, so she wanted a total fix - one time.
For a few years, I had been swapping commercial software with F/LOSS versions on her system, so when I told her "Linux" was the answer, she was apprehensive, but after the reboot into this strange new OS, she saw all familar programs that she already knew - thunderbird, firefox, openoffice, .... you get the idea.
The first few weeks, she stayed with only those programs. As her comfort levels increased, she wanted to do more and more things, but I didn't let her have admin/sudo rights. That meant I had to setup stuff for her from my remote location. Easy with Linux.
Mom was not a power user for documents. She emailed, surfed, and printed - she printed A-LOT! Her printer was not natively supported by her distro - there was a commercial printing driver for the same price as a new laser printer. The price felt like a robbery, so Mom got a new printer, supported by all distros. I swapped out the starter toner for a 10K pg toner and Mom said it would last longer than she would live. Turned out that was true.
Mom died last July - age 82 - after 10 yrs of heart disease complications.
She was a Linux user to the end and didn't have to be worried about normal security considerations that Windows users fear. She mentioned this to me all the time and she liked that the grandkids could play games on her PC that didn't exist on their home systems. Good for bonding.
Mom never had any security issues after the switch to Linux.
I secure my parents' PC tighter than a faggot's arsehole.
Get them a Surface 2 with a Type Cover and move on. Windows RT is far safer for Mom and Pop than any combination of time-wasting maintenance activities on any x86 Windows. If they cannot install apps except from the Windows Store and Microsoft continues to do a good job of curating the submissions there's just no way they can shoot themselves in the foot and install malware accidentally. No value judgements about what's safe to install left in the users' hands. It really is the only way right now to take care of Joe and Jenny Sixpack without spending 10% of your life unsuccessfully preventing and cleaning up malware infections.
I was skeptical about RT's longevity and usefulness but it can change the entire security equation for the vast majority of people who need nothing but a browser, Office, and the built in calendar/contacts/email apps. I'm hardly a Windows fan boy since I make good money getting people out of the jams they get into using Windows as a privileged user without the ability, facts, or time to act on requests for permission to download and install programs/browser extensions. They can learn the basics of interacting with Modern apps in far less time than it would take to teach them enough about Linux. Pretty much the same can be said for using a Mac instead, never mind the Apple tax.
Ok, I'm going to try to try to actually answer OPs question. On Windows 7/Vista, a set-it-and-forget-it configuration that is secure. (I'm not going to give an alternate OS or a setup that will confuse grandma)
Use Chrome Browser. It has its own built-in sandboxing and is generally less prone to viruses than all other browsers. Configure plugins as click-to-play (chrome://chrome/settings/content). Disable all plugins except "Adobe Flash Player", "Chrome PDF Player", and "Google Update" (at chrome://plugins/). Disable Internet Explorer to prevent her from going back to her old ways. Set Chrome as your default PDF viewer.
Install an Anti-virus suite. No, not MSSE. You need more than just anti-virus. She needs a suite like Avast, AVG, or ESET. You need something that scans web sites, scans email, checks if software is up-to-date, and sandboxes scary downloads. Personally, I like Avast. If you use Avast, configure all the non-critical popups to only last 1 second, and turn off all non-critical sounds. It's free, but the Pro version is slightly better.
Set windows to "Always notify" on system changes. Viruses have gotten around Windows security to install into the system.
Set up a Standard User for her, rather than the default Administrative User that Windows defaults to. This will prevent viruses from installing into the system. It will also prevent her from installing system applications. She'll still be able to install some user-level applications, however.
Install Dropbox and tell her to always save her documents in the Dropbox folder. So, if the worst happens, she won't lose her work files. Dropbox also has a versioning feature, so she can recover old copies of files (in case of something like CryptoLocker).
Install BufferZone Pro. This will automatically sandbox Internet applications, like Outlook, Skype, etc. I like to exclude CHROME.EXE as Chrome has it's own sandbox.
she struggles with change and wants to stay with Vista
Hopefully she plans on dying in about three years. Vista is EOL in April 2017. And mainline support has already ended (she probably prefers the no-new-features angle).
OK, I haven't actually taken this approach with either my parents or my wife's mom :-) My parents bought a Mac back in ~1987, and continued to upgrade Macs occasionally. My mom's Mac is currently secured by the fact that it's a Mac, and she only uses dial-up internet because that's good enough for email and she doesn't see well enough to use the web unless she really needs to. (And my siblings all grumble about not having decent internet access when we visit, but she really doesn't want to bother upgrading, even though she did finally get cable TV when the digital transition broke her ability to receive the PBS station she likes via broadcast.)
We got my wife's mom a generic Windows PC when she retired, with AOL. It let her chat with her friends, keep up on the celebrity news, and generally stay connected to the world when she was getting less mobile. "Computer security" for her system meant occasionally formatting the disk, reinstalling Windows from scratch, reinstalling a new free AOL coaster, and having her log in to AOL, because she kept everything she cared about in the cloud rather than on her PC.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You are most welcome and if you haven't heard of them before let old Hairy turn you on to a couple of other "shop guy tricks", specifically WSUS Offline and Ninite.
These two little life savers can take the time from starting a windows install to finished and ready to go from several hours to less than an hour and a half. You use WSUS Offline to download all the updates, service packs, as well as DirectX,IE, and .NET updates and then just slap that sucker onto a USB drive (or in the case of the shop a share drive on the LAN) and let it go, takes all the hassle out of taking a Windows system from fresh install to ready to go. Works on XP- Win 8.1 so it doesn't matter which one you are using either.
And Ninite? Ohhh you are gonna love Ninite, he is the PC fixit guy's best buddy. With ninite all your major third party software is taken care of, you've got browsers and codecs and media players and antivirus and IMs and pretty much all of the stuff your average person wants, with Ninite you just check the boxes and go. oh and NO TOOLBARS, no extras, none of the crap that so many programs drag along these days, just a clean unattended install of the latest version of whatever you picked. As an added bonus if you need to update and aren't sure if your software is out of date? just check the boxes and run it, Ninite will only install if you have the older version.
So there ya have it, with that and the little 3 step I posted earlier you can take a PC from bare metal to grandma proof in no time flat, enjoy!
ACs don't waste your time replying, your posts are never seen by me.
Got my parents a Mac mini years ago, never looked back :)
If it's a Win7+ machine, the built-in backup solution works just fine. It's also simple in case you don't have/want to use the software to restore: Files are in zip archives, the system image is a vhd which can be booted in a virtual - you can actually "test" your backup images by booting them in microsoft's virtualization software. It rolls over for hdd space and all, and run effectively maintenance free (in fact, don't touch it). I can't remember if vista had a built-in backup solution.
Take a look at this article
basically, set software restriction policies such as PATH RULE
C:\Users\ DISALLOW
Or better yet, set to DISALLOW by default. And whitelist specific system directories, including the default allowed directories.
Only allow installed software to run, and software in C:\Windows c:\program files c:\program files (x86) etc.
And perhaps some temporary directories
For web browsers such as Chrome, I suggest you should use "Chrome for business" installed globally, instead of installed in the individual user's directory.
You may need to allow some programs to execute from some temporary directories of the user profile to allow automatic updates running as the user instead of admin.
My mother is 60 years old, I switched my family to Xubuntu a few months after I switched in October 2012. To say that older people are set in their ways and would much rather use Windows is silly. My family used Windows as long as I have, about 15 years, and didn't have a problem adjusting. In fact, once 7 hit the market with the new taskbar and the 8 with it's radical changes; you're going to have to learn a new OS anyway so why not go to one that's more secure and doesn't suffer all the flaws that Windows has. Not to mention my family doesn't have to go through the hassle of installing drivers on Linux, it's truly Plug and Play.
Fact of the matter is this: My 60 year old computer illiterate mother, two brothers, my 59 year old friend across town and myself have no issues using Linux. If you do, you're doing it wrong.
DeepFreeze is great if you can baseline the system with a safe config.
http://www.faronics.com/products/deep-freeze/
Install Ad Block. I'm sure a lot of the crapware comes from sponsored ads. If they don't appear she can't click them.
Well now you have definitely given me an idea ... lol :>
Or some kind of VM genn'd off a server image and transported to a thin client.
Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )
APK
P.S.=> For FULLY securing a Windows-NT based OS bearing PC (using CIS Tool) I use the security guide for Windows I authored (& got paid for in 2008 but initially authored in 1997):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&qs=n&form=QBLH&pq=%22how+to+secure+windows+2000%2Fxp%22&sc=1-31&sp=-1&sk=&cvid=7aede4a8ff4f46e19c0852f67e2ac683
...apk
Man, your ego is ridiculous. Everyone knows of these tools and substantially better ways to perform what you're trying to accomplish.
Just update your OS install media to include the WSUS items. No dumb separate key, no separate install process. Use a PXE boot installer if you're installing in house.
What decade are you stuck in that you'd want codecs? Let me guess you're one of those 'media player classic for life' guys? Please...
This is teen level desktop stuff here.
At the very least you should get rid of vista and put 7 on instead.
Make an image of the HD and have all data stored on a seperate drive so when you re-image the machine so it runs right after things get deleted or it is filled with viruses it is quicker for you.
Word to the wise from someone that has Been There Done That
computer security ... in bed, meme :)
I agree the stereotype is dated. Most people started getting home computers in the 80's. If you were a teen then you'd now be in your mid to late 40's. You'll probably know more about hardware than most people that are younger and almost certainly more than the "javascript weenies" that just hunt down an existing script and plug it into something.
Next up the OP's question: it is broken they want security but they want to stay with an obsolete OS: not going to happen. You don't have to like change but if you don't change you'll be using something that is easily exploitable.Chances are fairly good that these Office and browser type computer users would be completely fine on the latest windows/mac/linux offering. The browser will be the same or close enough and unless they are power users of office the basic type an invoice functionality isn't affected by the "new" Office ribbon to any meaningful extent. Probably 90% of users of Office could get away with a free offering (the remaining 10% are writing macros/using plugins someone else has made that they need/already know how to do in VBA).
Install a router, or something running something like tomato, that can run a composite block-list that is automatically updated. Sure they could still screw up settings and maybe install something they don't want, but this makes it nearly impossible to get anything malicious and resolves 80% of the problem.
Thanks for that insightful HOWTO!
I wish I were exagerating, but Windows PC builds that don't allow installs last a lot longer than those that do. Install the basics like Flash and Java (although, don't install Java unless she really needs it. Avoid if you can). After that, lock it down so that her account can't install anything. Also, hide the Internet Explorer Icon and have her use Firefox.
I once tried to uninstall Norton. In the end, after 12 hours battle, I decided to reinstall Windows.
Well...what is going wrong? Anything? Are you sure it's worth the effort?
My parents are still using the same ancient Dell laptop they bought when my brother and I were still in highschool (I graduated college two years ago; he's now working on his PhD). It's unpatched Windows XP, and the only real security software on there is Avast! free antivirus. Other than re-registering Avast! every couple months when I'm home, I have never had to touch that system. And now they're mostly switching over to tablets and such.
Are your parents REALLY doing anything so risky that they need such a high level of protection? For casual browsing and such you really shouldn't need any more than a decent anti-virus tool. If they need more, find and plug the holes and move on.
Hell my parents don't even get backups -- because frankly, anything essential is already "in the cloud." Should there be some catastrophe I can't recover from (which has never occurred), the worst-case is I restore from the backup I took last time I had their computer (months ago) and tell my dad I lost part of his music collection (most of which he isn't even aware he has -- it's a few hundred gigs at this point). Everything truly critical they have on there is based on some sort of online service, so it's all safely "in the cloud" where I don't have to deal with it.
Although I will say one of the best things I ever did was move my mom from directly accessing her Comcast email through Outlook to placing gmail in there as a middle-man. She still uses the Comcast address, but her now multiple devices stay in sync, and in an emergency I can help her login to the web interface from anywhere.
Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )
APK
P.S.=> For FULLY securing a Windows-NT based OS bearing PC (using CIS Tool) I use the security guide for Windows I authored (& got paid for in 2008 but initially authored in 1997):
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&qs=n&form=QBLH&pq=%22how+to+secure+windows+2000%2Fxp%22&sc=1-31&sp=-1&sk=&cvid=7aede4a8ff4f46e19c0852f67e2ac683
...apk
i know the OP posited windows as a requirement,
but there's also a hybrid approach.
my primary goal was to protect my mom from serious financial fraud - ie bank account stuff.
mom uses windows for photoshop & other SW that won't go on a tablet,
and also makes heavy use of some windows-only apps which keep her away from OSX.
so, i got her a tiny HP laptop and put Linux (mint) on it,
with the strict instructions that all banking is done on the Linux machine,
and *only* banking is done on the Linux machine. no shopping, no surfing.
shopping i figure is fine on the windows machine: the credit card is secured against fraud,
and shopping itself is risk enough that it doesn't belong on the banking machine.
I suspect she's not actually following this advice, because she hasn't asked for help w/ the Linux box,
but that's probably also a failing on my part for not following up.
BitDefender Free - Automated, quiet, self-maintaining, and much better detection stats than MS Security Essentials - switch today
Malwarebytes Antimalware Pro - One time fee, adds even better protection for people likely to click on malicious links
Secunia PSI - Automatically updates software with vulnerabilities without user interaction - the most often missed crucial piece in a secure PC. Old Flash and Java installs make giving your parents' non-admin accounts pointless - malware will just use those to elevate privilege. PSI will keep everything up to date, without anyone having to do anything manually.
CrashPlan - Install it and point it at your computer. After the one-time setup, all your parents' data will be backed up to your PC. Off-site, automated backup for free. Far superior to a simple backup external drive that is vulnerable to malware running on their system.
She's pretty much self-supporting as a result.
No Anti-Virus
No "Internet Security" software
Yes = Firefox + Adblock
Yes = Setup GMail accounts for my parents to use
My Dad is a retired electrical engineer and my Mom still runs a computer lab at my old Elementary school so they are both computer savvy to the extent they know not to open attachments from sketchy emails. They keep backups on an external hard drive and occasionally archive stuff to CD for long term storage. All they really use the Internet for is visiting the AARP website and send/receive email. They don't do any shopping or banking online as they don't trust giving their credit card info to anyone and insist on paying all bills with a check.
Setup the PC to save personal data to a separate volume, and boot the pc up into the same 'clean' image every time. That way, they can screw it up all they like, but on reboot, it is back to normal.
I bought my inlaws a used Mac Mini (intel) a few years ago when they started to get malware all the time. The only call I've had since is when the power cord accidentally came out once.
At my home we run Windows. I use free Avast, Spybot S&D, and I set up an account on OpenDNS as well. This seems to cover all my home users, and the kids go to some pretty dodgy places.
Turn the PC off, then unplug. Not very functional, but quite secure.
I gave up "securing" years ago. The only sofware they use are MS Office and Firefox . So, CrashPlan to back everything up continuously without user intervention, Microsoft Security Essentials because it is good enough and no nag screens, and then Windows Update set to automatic. If there is a problem, they put in the usb key I made with an autonated install, then reinstall crashplan and Bob's your uncle. Since I set that up, very rarely do I get support calls.
I stopped "securing" years ago. The only non-builtin software they use is Office and Firefox, So, Crashplan to backup continuously without user intervention, Microsoft Security Essentials because it is ok and has no nag screens. and Windws Update set to automatic. If there is a problem, they boot from the automated Windows install USB key I made for them, reinstall Crashplan to restore the backup and Bob's your uncle. I set that up about 2 years ago and it has been smooth sailing since then with almost no support calls.
My thoughts exactly, DD-WRT, OpenWRT, or Tomato firmware running on a supported firewall/router and most issues are non-issues. Great post.
You can't technically validly disprove my points on hosts giving users of custom hosts files more:
1.) Speed
2.) Security
3.) Reliability
4.) & even Anonymity
+ more online...
* To the downmodding weasel specifically - YOU FAIL - You know it, I KNOW IT, & anyone else reading with 1/2 a brain does also!
---
(LMAO - You're only making me STRONGER each time you do one of these unjustified downmods - Thank-You & yes, seriously - Especially since others see that's "the best you got" (& nothing more... lol!))!
---
Thus the downmods with NO VALID REASONS WHY = useless weasel tactics - nothing more: Especially when the downmodding weasel's NOT disproving my points for technical inaccuracy on MY part since my points on hosts ARE 100% valid + accurate (for giving users more speed, security, reliability + even anonymity (to an extent only on the latter)).
APK
P.S.=> BOTTOM-LINE RESULT = The cowardly little weasel downmodder KNOWS it too, hence his running from my challenge he disprove my points in favor of hosts since he "hit & run" downmods & outright RUNS AWAY when I challenge him to validly disprove my points in favor of hosts files for end users of them instead - since he KNOWS his bogus downmods to *try* to vainly "hide" my posts on hosts only prove my points all the more (& doesn't hide a thing - others see it considering MOST here surf well below the default moderation threshold))
... apk
Block lists are like blacklists dude, they just don't work. Too many legit sites get pwned every single day for block lists to be useful for anything except maybe making file sharers feel safer (protip:they aren't) by blocking known trolls like mediadefender.
It may help keep grandpa off porn sites but for actual security? Like i told APK with the HOSTS files its just not able to keep up with the thousands of new threats coming daily. With my method the system is running in low rights modes with default deny, a MUCH safer way to access the net IMHO.
ACs don't waste your time replying, your posts are never seen by me.
Not using hosts, dns poisoning. They work, with pr0n and all.
you put a lot of faith in the fuckups at best buy .. the only thing they're trained to do is upsell and overcharge, everything else is hit-or-miss, and likely won't be done properly.
I setup a caching proxy server at my shop. It increases download speed when accessing often requested resources like updates and installers, and frees up bandwidth for other things. Our cache rate seems to hover around 30-60%, and objects fetched from the cache max out the throughput of the LAN instead of downloading at the agonizingly slow 6 mbps our ISP provides,
Its still the same principle dude, a list maintained by some guy/s somewhere that is supposed to magically keep up with the 10,000+ websites pwned every single day and as I pointed out to the Linux "Just give us the source and we'll maintain it" the math just doesn't work. You've got MAYBE 50 guys working on that DNS list, you have several BILLION websites, and you have legitimate websites getting pwned all the time. in just the past few months we've seen everyone from wordpress to Google serve malware and you HONESTLY think that a text file is gonna save you?
You might as tape a rabbit's foot to the router for all the good you are doing, magical thinking just doesn't work. if it did? You'd see routers sold by default with easy to switch blocklists. the reason they don't is because you end up blocking legit sites that have been cleaned while letting in sites that have been freshly pwned, the math just isn't on your side, like blacklists you are playing an arms race with the world and you WILL lose, the only question is how long it takes.
ACs don't waste your time replying, your posts are never seen by me.
And the truth is that a hardcoded favorite site in hosts overcomes dns redirect issues... period.
APK
P.S.=> So all the technically unjustifiable downmods you apply to my posts on hosts (yet not disproving points about them I make where hosts gives end-users of them more speed, security, reliability, & even anonymity)? Useless... & you know it! apk
Simple fix to help Dad when distance is an issue:
Put "TeamViewer" (or similar, but it is parent proof) on his machine and then simply fix the issues for him.
Problem solved. :)
ultimate edition 3.7 works great for my mum although the default rekonq browser leaves a lot to be desired (comes with plenty of other browsers)
xubuntu worked great for a few months prior and before that we played around with puppy slacko
within windows xp, 7 and various form factors coming into the mix the switch to linux was well recieved atlthough for a while she was unable to upload photos to trademe.co.nz because the webuploader would not identify uppercase *.JPG files
all in all none of the half dozen or so people who use her computer on a weekly basis have any problems with it.
its a web browser, handles images, does youtube. etc...
all the stuff you talk about needing on windows sounds like a crazy amount of complication compared to a simple UI change.