Slashdot Mirror
Ask Slashdot: How Would You Secure Your Parents' PC?
New submitter StirlingArcher writes "I've always built/maintained my parents' PC's, but as Mum has got older her PC seems to develop problems more readily. I would love to switch her to Linux, but she struggles with change and wants to stay with Vista and MS Office. I've done the usual remove Admin rights, use a credible Internet Security package. Is there anything more dramatic that I could do, without changing the way she uses her PC or enforcing a new OS on her again? One idea was to use a Linux OS and then run Vista in a VM, which auto-boots and creates a backup image every so often. Thanks for any help!"
All you need. Click here.
Like email, browsing, and perhaps some photos and videos, get a tablet. I hate to add to the PC market shrinking (it is my main bread and butter), but a tab is typically simpler, and more than enough for many use cases.
Additionally, you can root and do a nandroid backup on initial setup as a quick imaging routine in case of problems.
Disclaimer, I wrote this on the commode with a nexus 7.
Silence is a state of mime.
and she took a few weeks to adapt, now she uses it (mostly) trouble-free. I also enabled Desktop sharing via VNC to avoid driving to her place every time she complains 'I had my icon here and now it's gone' or 'It does not behave as berfore' or 'The menu to send my mails is gone'.
Her grand-children also spend lots of time on this computer while she takes care of them, and I used to clean lots of malware after them... not anymore.
Freeze all system changes except saving into the the documents folder. There are a number of programs to do it, seems the most popular is Deep Freeze. It allows all system changes, but after reboot it is all gone. Some tweaking will allow making a few things persistent, such as the documents.
http://alternativeto.net/software/deep-freeze/
Build your own energy sources from scratch. http://otherpower.com/
My mom uses her Win7 machine as a User, and not as an Administrator.
You can avoid 99% of viruses, phishing, and other BS simply by taking away administrator rights.
Bruce Wayne, is that you?
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
"Is this how sons-in-law say 'F- You' these days?"
"Must be!"
"Don't call him ever again."
Might wanna take out the CPU as well, just in case.
One might assume some 35 years after the advent of PC revolution, there are more than a few grey hairs running around like me with infinitely more knowledge on how to secure a computer than some smart mouth tweener. Having spent years securing their computers, I would not trust any child of mine to do a better job than I would and it's time to put the tired meme that kids know tech better than their parents to bed where it belongs.
Something like Faronics Deep Freeze might be useful, restoring the computer to a clean slate after each reboot. You still want your usual anti-virus and firewall to protect the machine when it's running, but at least your parents would know that if things break a restart should generally fix everything.
Leave My Documents and the browser profile unfrozen and set up a regular backup of files written there, taking precautions to make sure the backup isn't susceptible to encryption by ransomware.
Is it as bad a Symantec?
No. In fact, I can't really think of anything that is. Maybe there are a few viruses that are as bad.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
I bought my Mother an iPad 2 years ago. I didn't realize how profound the change over was for her until I saw her helping one of our other relatives with their new iPad. Not only had she mastered her iPad, it made her feel smart again.
She still has her Vista desktop connected to a printer and uses it when she needs to print or fill out online forms. But that only happens a couple times a year. We even got her a little JBL dock so that she could listen to music last year and she fell in love with the iPad all over again. It's crazy.
But it was a good reminder for me. Technical people get caught up in different camps (i.e. Linux vs. Windows vs. Mac). We forget that good tech is good tech. And when you can watch your own tech-resistant parents become empowered by one device. It's good tech.
I specifically went with an iPad because of their walled app garden. Higher functioning users could probably be just fine with an android tablet but this was my Mother. A woman who gets very emotional when things don't work right. And now 90% of my extended family have iPads because of her.
So before you think about changing your Mother's desktop, change the way you're looking at the problem. Users will try to tell you what they think they need but *hopefully* most of us are smart enough to go back and ask them what the problem is (not what they think the solution should be).
As I said, we did keep her desktop but the tasks that would open her up to viruses (surfing) now happen on the iPad. I went from having to clean her machine 4 or 5 times a year to zero. Getting that time back was well worth the price of the iPad.
"I think my computer has a virus."
"What makes you think that, Dad?"
"Well, it's been running slow lately. And once a website popped up a notice saying it had detected a virus on my machine."
"... It did?"
"Yeah. I downloaded and ran the program it suggested but it seems even worse now."
"You're right, Dad. Your computer has a virus. Better take it to the repair guy."
True story. I love my parents, but they're three hours away by car, I gave up on Windows years ago, and there's no way I can talk them through a de-lousing session over the phone. ("Open the control panel. Go to the start menu... No, the one in the lower-left. Now click on it. LEFT click. Press the button on the left side of the mouse, Dad...") Computer repair shops still exist, or in the worst case they can take it to the Geek Squad who at the very least can re-image the damned thing.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
Greetings, As someone in the IT industry maybe I can give you some advice.
Since she is on Vista, you might want to look into Local Group Policies.
http://technet.microsoft.com/en-us/library/cc725970.aspx
You have much finer, granular control over many aspects of Windows through it. It can take some trial and error, but you can setup an environment where only specific applications run and nothing else. Or, you can do things like not allowing application to run from specific locations (E.G. C:\Users\\AppData or C:\Program Data). Doing this can greatly reduce the amount of Malware and Virus infections. You can also prevent changes to things like the Start Menu or task bar, etc. A lot can be done with Local GPOs that doesn't seem widely known to the standard Windows user, but they can really help lock a machine down.
As a PC shop guy I run into this problem quite a lot and there are actually a few options. You can have a program like Paragon Backup and Recovery Free set to make daily/weekly/whatever disc images and then easily roll it back when they bone it (because if they are like most older folks no matter how many times you tell them "don't click on that" they will) but the problem with those is that you usually have to be the one to roll it back, too complex to restore from disk image for an old person.
So while this way is no longer supported on Win 8 and above (but since Win 8 is a bomb who cares) this is the way that I do it and it gets the "Hairyfeet seal of approval". This method scores damned near a 10 out of 10 in both keeping infections out and in fixing if they manage to bypass your security and infect it anyway. And yes that is a problem, as i have seen older folks actually turn OFF the AV because an email told them to. As a bonus it costs $0.00 and doesn't take more than an hour tops. Ready?
1.- Install Comodo AV Free and be DAMNED SURE to pick YES when it comes to installing Comodo Dragon, the why will be apparent in a moment. You can go ahead and uncheck geek buddy, that is your job, they don't need some guy at a helpdesk in India to tell them what to do. 2.- Go into Comodo AV after install and turn it to "paranoid mode" this will run everything in a sandbox by default and treat everything as suspect. Now for your not completely clueless you can leave it in clean PC mode, but for those that click the "punch the clown and win an iPad" types paranoid is safest. 3.- the final step is to download and install Comodo Time Machine and LOCK the first image, call it "clean PC" or something else that will be easy to tell grandma over the phone. A bit of warning when it comes to CTS, it dos NOT work on win 8, it does NOT work on dual boots, you should also set it to clean out old snapshots after say 30 days. That said if you want a PC that can recover from pretty much every bug out there? here ya go.
And that is it, stick a fork, there is no step 4. Of course this assumes you have already done the common sense things like set windows update to automatic but other than that you should now have a 100% clean PC that will stay that way. The browser is sandboxed and locked down, runs by default in low rights mode, the AV is watching everything like a hawk and if they manage to talk the old folks into bypassing the AV? Time machine has you covered. I have several users that would get more nasties than a Bangkok whore on coupon night and thanks to this little 3 step program their PCs are pretty much idiot proof. Oh and as a bonus if they screw anything up, uninstall a printer driver or just trash a program? it takes less than 10 minutes over the phone to restore with CTS. You tell them reboot, hit home key when they see the big clock, pick the day before (assuming you set it for daily or snapshot on boot) and leave it alone...and that is it, the CTS will set the machine back and it'll be like they never made the boo boo.
ACs don't waste your time replying, your posts are never seen by me.
I hear what you're saying. I'm at the age where before long I'll be an old guy. The new kids will probably think I don't know anything about some new thing X, only to find out that I helped write X.
My mother was a pioneer who helped bring major companies into the digital age. She's taught programming, database architecture, etc. and was a top ranking information systems executive for Fortune 100 companies. I learned a lot from her. It would be accurate to say she's forgotten more than most Slashdotters ever knew. That's one reason she calls me for help - because she's forgotten. The other day I mentioned a principle she taught me and she didn't know what I was talking about, having been away from it for 15 years.
The other reason she calls me is because while she could patch a Unix BINARY by manually editing the machine code, Windows 8 is a new, foreign land. She had a Vista machine before this Windows 8 laptop, but she's much more comfortable with Solaris or System 7, or any environment that runs Cobol.
I greatly respect her knowledge and experience, especially her deep understanding of timeless principles. She recognizes that today's systems and today's threats are not the same as the 8080 powered systems she wrote assembler for.
I've been programming interactive web sites since 1997. Recently my wife, who is ten years younger than I, taught me a bit about Facebook.
Each of us has strengths and weaknesses. In general, as we mature we synthesize random knowledge into principles - broadly applicable statements that reflect deeper understanding than feature X and product Y. When we're younger, we're interested in each new version of product Y, the new performance feature and this new security feature.
The foolish young person might think that the "old guy" is out of date. The wise person who has seen some things realizes that the new kid actually DOES have something we could benefit from - the PFY often knows that the virus scanner we've loved for 20 years hasn't kept up, and he knows the new, improved tools.
When I want to know relational calculus or how to bid a job without requirements, I'll ask the old guy. When I want to know how to uninvite someone from a Facebook event, I'll ask that kid over there who is building the Facebook app.