I realize that virus-proof on a Windows PC is far fetched, but in the interest of keeping time spent as the “family-tech-support” to a minimum, I am looking for ideas to lock a computer down to the point that it is very hard to collect ad-ware/spyware, malware, or viruses.
Assume the user is my mom, who rarely, if ever, needs administrator access and mostly uses the computer for MS Office and web browsing.
Probably the best advice I’ve ever heard on the topic is: Stop running as an administrator.
I get very grumpy when I see these questions, because too many people just want to change the computer, and not the user (when it’s the user that causes the issues, invariably).
Consider: Almost every network has a NAT device in place between the LAN and the Internet. This stops random crap from just wandering in, so the overwhelming majority of machines are going to be just fine.
Only when the user is in place is it an issue. My solution: fix the user.
My list to keep your Mom’s PC bulletproof:
Educate her on computer security, and computer usage:
- Don’t teach her how to accomplish certain tasks (‘click here, etc’). Teach her WHAT and WHY. Think about when you open a new program for the first time. Most computer literate people will have a good idea about how to use it straight up. This is because you understand WHAT you want to achieve, and WHY you want to achieve it. The HOW follows very quickly after, because you are familiar with the HOW from other programs. Ever swapped email clients? You’ll know what I mean.
- The golden rule: If you don’t know, don’t do it.
- Secondary to the golden rule: Read what the error message is telling you, and think about what you have done to cause it – don’t just throw up your arms and swear
- Educate her that just because something is free, she doesn’t have sign up for it, or try and install it.
Install Google Chrome – Fast, lean browsing machine.
Install your choice of free anti-virus. Something with a low amount of harassment is good.
Ensure automatic updates are turned on, and that your mother knows how to deal with them. Accept them, install them, reboot the computer.
My parents ran a Windows XP machine for 4 years with no software firewall – running just Firefox and AVG. They were checking their email, doing online banking, playing some Guild Wars online, and they had no viruses. I’ve had plenty of challenges from random people who tried to find viruses on my computers, but they always just end up wasting their time.
I don’t like just providing links as answers but have a look at this comprehensive lock down guide.
Windows XP Professional Configuration Checklist Details
- Verify that all disk partitions are formatted with NTFS
- Protect file shares
- Use Internet Connection Sharing for shared Internet connections
- Enable Internet Connection Firewall
- Make sure windows update runs regularly
- Use software restriction policies
- Use account passwords
- Disable unnecessary services
- Disable or delete unnecessary accounts
- Make sure the Guest account is disabled
- Set stronger password policies
- Set account lockout policy
- Install anti-virus software and updates
- Keep up-to-date on the latest security updates
- Do not run with administrator privileges by default
- Don’t use WEP for wireless networks
Besides teaching her to avoid installing silly things, I don’t really see a way.
Of course, have the system updated and with an anti-virus (eventually a firewall).
But in general, if you want to avoid “family-tech-support”, there is no real way. Because if you start adding things to block content, block what she can do, you won’t be called for the “tech-support”, but for the “why can’t I do that ?”.