Protecting Your Family's Computers
If your family members are anything like mine, by default you wind up being the tech support for your entire family just because you are the “techie” guy (or gal) in the family. A number of years ago I became frustrated by how often this role became a malware removal or rebuild role. Although there are no silver bullets to prevent a computer from being infected, I came up with a standard configuration that I apply to all of my family’s computers to substantially reduce the likelihood of a serious infection. I have continually tweaked it over the years, but here is my current standard build:
Malware Protection
Antivirus is rapidly becoming irrelevant in the current malware world, however, I don’t think I am willing to go without it yet. There are several free antiviruses available, and I have tried most of them, but the last few years Microsoft Security Essentials is the one I usually install for family use. I don’t know if it is any more effective than the alternatives, but it seems to do the job, and it doesn’t expire regularly and leave the machine unprotected. Don’t forget to uninstall the antivirus trial software that comes on nearly every computer. Two antiviruses running on the same computer rarely get along.
Safe Browsing
I have long run out of patience with Internet Explorer. For family computers I give them a choice between Firefox or Chrome. My family are not technical people. They don’t have the knowledge to judge a good link from a malicious one. I have looked at numerous extensions to reduce the likelihood they will get infected while surfing the Internet. In the end I settled on only two: Web of Trust (WOT) and Adblock Plus. I install Web of Trust (WOT) so at least if they try to go to a bad site they will get a warning. I install Adblock Plus to reduce the likelihood of infection from a malicious ad. It also has the added advantage of speeding up the browser experience for some sites.
I used to install noScript, but found it was too complicated for my average family member. I have also been experimenting with SSL Everywhere. I haven’t added it to the toolkit yet, but I probably will in the near future.
Up to date applications
The last tool in the box is Secunia Personal Software Inspector (PSI). PSI is the free, for non-commercial home use, version of Corporate Software Inspector (CSI). Its function is to scan the computer for what software is installed and to keep most of the software up to date. Although PSI will automatically keep most software up to date, some software will require manual intervention to stay up to date so you may need to train your family a bit to handle those instances.
So that is my toolkit. I am always looking for improvements. What is in yours?
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Comments
For up-to-date software I used to use Secunia PSI, but now I use Ninite. I have a Ninite Pro subscription, which can silently update programs and disable the annoying auto-updaters for other programs like Java (curse you Minecraft), but the free version can also work... just not silently. Create the installer, and put it in the Startup folder. Ninite also makes bundled toolbars etc. a non-issue.
Finally, I use OpenDNS FamilyShield or an OpenDNS registered account plus the OpenDNS Dynamic IP Updater Client for DNS-based filtering.
Anonymous
Nov 2nd 2013
1 decade ago
I have cleaned more PC's with this product then with any others, it constantly scores low on protection from independent organizations, sadly even Wiki gave :( . For those that do not want to pay cents a year for data protection, Avira, AVG. Comodo. Qualys to check the bad dogs, browser plugins, Java and yes.. No Script Just my .02 worth
More on MSE http://www.fixedbyvonnie.com/2013/10/microsoft-admits-security-essentials-will-always-be-on-the-bottom/
Anonymous
Nov 2nd 2013
1 decade ago
Anonymous
Nov 2nd 2013
1 decade ago
Anonymous
Nov 2nd 2013
1 decade ago
IE is actually not bad these days, I'd certainly choose it or else Chrome over FireFox for mitigation tech. Enabling ActiveX filtering and adding some of its tracking-protection lists would also be worthwhile, although users will need a primer on how to enable ActiveX features on sites that legitimately require them.
Other than that, Secunia PSI is a must-have, and simply uninstalling all unnecessary software and particularly Java.
Anonymous
Nov 2nd 2013
1 decade ago
Anonymous
Nov 3rd 2013
1 decade ago
Anonymous
Nov 3rd 2013
1 decade ago
For free url filtering, I'm use good K9 Bluecoat
and Immunet Sourcefire for antimalware protection.
Enabling more windows audit logs and using nxlog.
Best Regards
@Rmkml
Anonymous
Nov 3rd 2013
1 decade ago
I also tend to use non-persistant VMs for banking.
Anonymous
Nov 3rd 2013
1 decade ago
I also tend to use non-persistant VMs for banking.
Anonymous
Nov 3rd 2013
1 decade ago