Hi All,
Setting up a new PC running Win XP Home w/SP2 for a friend who has a brain injury and severe memory loss and has not used a PC since the 70's.
Im wondering what steps you would take to help prevent virus and malware infestations using free utilities with little to no user intervention.
I have read posts here on system hardening and some of the apps available such as Secure-It and Safe-XP but i dont want to have to be driving an hour to install software or tweak things.
I may get him going with what i think hell need and possibly set him up as a limited user but im not to thrilled with that idea either.
Any suggestions would be appreciated.
He will be on dialup initially so my short list right now is:
Avast AV
Spyware Blaster and or Firefox
SpywareGuard or Spybot S&D Teatimer
XP's firewall (do not want to have him deal with outbound notification popups and being that he will be on dialup i feel that XP's firewall is sufficient for now).

Given the situation of your frnd (I feel sorry about him), I would recommend the following:

Avast Home
Spyware Blaster with Firefox
Arovax Shield
Zone Alarm Free (Its pretty non-intrusive)
Spybot and Adaware

I would not recommend things like Prevx home, ProcessGuard/Antihook or any kind of hardening or sandboxing/virtualization stuff as that my prove to be complicated for our friend.

hardening is pretty much set once and forget, so it might be worth a try. espically if it's a single click

Thanks guys for the replys.
Ill check out Arovax (had not heard of it) and will probably stick with Windows firewall.
I did try installing ZA yesterday and i got a BSOD due to a conflict with Avast and its web module. (pretty well documented issue at the avast and ZA forums)
I lost faith in ZA a long time ago and was willing to try it again at the recommendation of someone else. The BSOD will probably keep me from trying it again.
Deviladvocate,
What hardening softwares or steps would you suggest for a close to set and forget setup without him needing to have me come over to install software etc.?

What your friend doesn't need is for computing to be an unpleasant experience. I suggest you partition the harddrive and install Deep Freeze or ShadowUser. Other than that show him how to back-up files to CD. That should make it easier on the both of you. Then you can turn him loose to discover whatever it is he's interested in.

Lyn,
Funny i went through this same thing about 9 months ago with a young girl with MS. She would click on anything that came her way. After several spyware and virus cleanups and a few reformats, i looked into Deep Freeze. After a short stint with setting her up as a limited user (and her mother giving in with the admin password) i was considering Deep Freeze. I decided against i as i think it would be to restrictive. Taking away her emoticons, screensavers, backgrounds and all the other little things she would install would take away one of her biggest pleasures.
I opted to make a boot disk and a restore DVD using Ghost and showed her somewhat computer literate sister how to start form scratch. Havent heard from them since so no news should be good news.
Im not saying that is a viable approach for all such situations, but for her it did the trick.
Im not sure how things will be for this guy. He may just be content with some simple browsing and emailing and if i impress upon him the importance of safe hex, maybe the basic security measures will be enough.
Then again maybe not and ill end up taking your advice and giving Shadowuser or Sandboxie a try. Time will tell.

The other thing would be to install and password protect Process Guard 3, and same with Nod32, including have Nod32 run a daily silent scan. Add to this the usual suspects like SpywareBlaster and Spybot Search & Destroy, a Hosts file with simple updating (Bluetack), IESpyad etc… basically see the link in my signature, and you will have a very secure system...

The person will not be able to install anything without permission and will remain safe and secure. I have set quite a number of systems this way after parents being fed up with teenagers clicking on absolutely everything looking for p@rn... These systems do remain clean, and we are talking over 9 months now, and each system has been in for a check up.

You will just have to give the adult a little instruction with PG3.

Cheers ;D

Blackspear,
Thanks for the very informative advice. I had used Host files in the past but had gotten away from it due to being to lazy to update and some sites being blocked etc.
I downloaded and installed the Bluetack HOST file and followed your instructions to disable the DNS client and i also grabbed Bluetacks Host Manager.
Man that makes it easy to update, edit, and write protect. Question for you, is it advisable to Append or replace the HOST file when Bluetack has an update?
I chose replace as i figure bluetack must weed out outdated sites etc.
I did notice Netflix was on their blacklist for some reason but the host manager made it real easy to comment out.
Is there a way to keep sites like that off the list when doing updates?
How often does Bluetack update their host file?
I need to only use freeware for securing his PC. Im using Avast, spywareguard, windows firewall, spywareblaster, ill add the bluetack Host file and possibly install Spybot S&D do you recommend using Spybots teatimer along with Spywareguard?.
Doesnt IE-Spyad do pretty much the same thing as using a Host file? And im afraid we would be getting to far away from set and forget for him to keep on top of things.
Why the password protecting of PG3 and Nod32? To keep him or other users from disabling or modifying program options?
And is it worth using the free version of PG3?
And there is no adult where this particular computer is going just the friend with the brain injury. Any updating or program mods would probably require a visit.

{QUOTE-> Thanks for the very informative advice. <-QUOTE}My pleasure.

{QUOTE-> …i also grabbed Bluetacks Host Manager. Man that makes it easy to update, edit, and write protect. <-QUOTE}Indeed.

{QUOTE-> …is it advisable to Append or replace the HOST file when Bluetack has an update? <-QUOTE}I Append changes, this way as far as I can see it then will not replace files that I “always exclude”.

{QUOTE-> I chose replace as i figure bluetack must weed out outdated sites etc. <-QUOTE}Yes, initially I always replace, after that I append changes.

{QUOTE-> Is there a way to keep sites like that off the list when doing updates? <-QUOTE}Make a search, then click on the entry, then rightclick and “exclude”, then save. See screen shot.

{QUOTE-> How often does Bluetack update their host file? <-QUOTE}Quite often, every week or so.

{QUOTE-> I need to only use freeware for securing his PC. <-QUOTE}On this one I will have to strongly disagree, either you or someone is going to be regularly fixing a mess. Another option would be to go totally free plus one paid product, Acronis True Image 8.0 (pay for 9.0, and ask for a link to 8.0), this way when something goes wrong, and it will, you can simply place an image back on.

{QUOTE-> I’m using Avast, spywareguard, windows firewall, spywareblaster, ill add the bluetack Host file and possibly install Spybot S&D <-QUOTE}I would definitely use Spybot Search & Destroy, and make sure you use its “Immunise” feature.

{QUOTE-> …do you recommend using Spybots teatimer along with Spywareguard?. <-QUOTE}I would actually just install Spybot S&D and leave SG off.

{QUOTE-> Doesnt IE-Spyad do pretty much the same thing as using a Host file? <-QUOTE}No, it places sites in IE’s restricted sites list, it is updated every month. And with that point, I would also install Firefox, far safer to use, has tabbing as well.

{QUOTE-> And im afraid we would be getting to far away from set and forget for him to keep on top of things <-QUOTE}Things like the Hosts file and IE Spyad are pretty much set and forget, as in if they are not updated for 6 months, they will still protect you from what is within their lists. So this can be a job for you to follow up on when you visit, teach him as you do it, and hopefully given time he will take an interest in maintaining the security of his system. You will be surprised at how many people do actually take it up, old and young alike.

{QUOTE-> Why the password protecting of PG3 and Nod32? To keep him or other users from disabling or modifying program options? <-QUOTE}Exactly, it stops them from installing any programs or having any programs self-install, it stops Trojans from injecting .dlls, as well it stops the user from terminating a scheduled scan of Nod32. Basically it protects them from themselves. Process Guard also protects all of their programs from being terminated by garbage software.

{QUOTE-> And is it worth using the free version of PG3? <-QUOTE}100% Yes, have it protect the anti-virus program that you end up with. You only have to take a look at the latest Trojan spreading through Messenger that kills Norton to see why you need PG3.

{QUOTE-> Any updating or program mods would probably require a visit. <-QUOTE}That’s a good idea, you are going to need an imaging program, something goes really wrong, throw an image back on and you are back to where you 1st set up the system. Just make sure you partition the drive, and place his data on the 2nd drive.

There is a link in my signature that has various setups.

Hope this helps…

Cheers ;D

{QUOTE-> On this one I will have to strongly disagree, either you or someone is going to be regularly fixing a mess. Another option would be to go totally free plus one paid product, Acronis True Image 8.0 (pay for 9.0, and ask for a link to 8.0), this way when something goes wrong, and it will, you can simply place an image back on. <-QUOTE}

So aside from PG3 Full and NOD32 what are you disagreeing with here?
And i agree with the imaging idea and may use the copy of ghost i have.

{QUOTE-> I would definitely use Spybot Search & Destroy, and make sure you use its “Immunize” feature.
I would actually just install Spybot S&D and leave SG off.
<-QUOTE}

With or without teatimer?

{QUOTE-> No, it places sites in IE’s restricted sites list, it is updated every month. And with that point, I would also install Firefox, far safer to use, has tabbing as well. <-QUOTE}

If he were to use Firefox exclusively then there would be no real need to use and keep IE-Spyad updated correct? One less thing to update.

{QUOTE-> That’s a good idea, you are going to need an imaging program, something goes really wrong, throw an image back on and you are back to where you 1st set up the system. Just make sure you partition the drive, and place his data on the 2nd drive. <-QUOTE}

Out of the box his new PC only has the one partition, and i guess i could create the 2nd one for data. I dont see him creating a whole lot of documents or having many personal files that require backing up.
I suppose it still may be a good idea though, never know if his computer use will change in time.

Just wanted to add that since setting up the bluetacks host file, my google searches have slowed to a crawl and im a fatwallet patron and a lot of the links to deals use adservers and the majority of links posted do not work. I guess i could go in and exclude them as they crop up but?
This is the reason i got away from using host files in the past. May be o.k. on someones system who knows when and how to disable a host file, exclude certain sites as needed etc. Im thinking it may be more trouble (and i hesitate to say than its worth) but thats the impression i get for the non techy user. Ill continue to evaluate it and may add it to my personal arsenal but for my friend im not so sure.
I may have a look at the MVPS host file discussed here at wilders and see if its smaller file size may be more suited for my use.
Hmmm interesting the MVPS host file is doing the same thing with google and some of the fatwallet links. Have to check into the google thing and see what might be slowing things down. I also tried the Hosts file manager (http://www.mvps.org/PracticallyNerded/SoftMain.htm) from MVPS and its no where near as slick as the one from bluetack.
Disabled adservices.google.com and adwords.google.com and things are back to normal with bluetack. I take that back google is still slow as heck even with thsoe 2 disabled. Any ideas?
Thanks again for all the input

{QUOTE-> …what are you disagreeing with here? <-QUOTE}If a person is “click happy”, you are going to at the very least need an imaging program, or you might as well move in with them (you are going to be there so often).

{QUOTE-> And i agree with the imaging idea and may use the copy of ghost i have. <-QUOTE}Excellent ;D

{QUOTE-> With or without teatimer? <-QUOTE}With Teatimer.

{QUOTE-> If he were to use Firefox exclusively then there would be no real need to use and keep IE-Spyad updated correct? <-QUOTE}I still place on IE Spyad, so that should they use IE they have that layer of protection.

You can update this when you are around.

{QUOTE-> Out of the box his new PC only has the one partition, and i guess i could create the 2nd one for data. I dont see him creating a whole lot of documents or having many personal files that require backing up. I suppose it still may be a good idea though, never know if his computer use will change in time. <-QUOTE}Agreed.

{QUOTE-> Just wanted to add that since setting up the bluetacks host file, my google searches have slowed to a crawl and im a fatwallet patron and a lot of the links to deals use adservers and the majority of links posted do not work. I guess i could go in and exclude them as they crop up but? <-QUOTE}You shouldn’t see any difference in Google Searches at all, did you turn off DNS? Right Click on My Computer> Manage> Services and Applications> Services> DNS See this thread (http://www.wilderssecurity.com/showthread.php?t=78363) and then REBOOT your PC.

{QUOTE-> a lot of the links to deals use adservers and the majority of links posted do not work. I guess i could go in and exclude them as they crop up but? <-QUOTE}That is one of the irritants for me, is the advertising side of things, I don’t care about ad’s, as I’m not buying. I hope in the future that we will be able to choose not to block all ad’s should be so desire.

{QUOTE-> Im thinking it may be more trouble (and i hesitate to say than its worth) but thats the impression i get for the non techy user. Ill continue to evaluate it and may add it to my personal arsenal but for my friend im not so sure. <-QUOTE}100% I would set it up for your friend, it is a very good layer of defence.

{QUOTE-> Any ideas? <-QUOTE}Addressed above.

{QUOTE-> Thanks again for all the input <-QUOTE}My pleasure.

Cheers ;D

{QUOTE-> You shouldn’t see any difference in Google Searches at all, did you turn off DNS? Right Click on My Computer> Manage> Services and Applications> Services> DNS See this thread (http://www.wilderssecurity.com/showthread.php?t=78363) and then REBOOT your PC. <-QUOTE}

Yes i did disable DNS per the instructions at that link and rebooted. It doesnt seem to do it with all google searches but it does do it with most.
Was just testing this with firefox and it would do it both from the google search bar and also when i tried typing in Googles URL in the address bar. It hangs for 20-30 seconds before displaying the page. Does not do this with IE. Im going to try deleting the cache and see what happens.
Deleted the cache in firefox and that seemed to do the trick. Did several searches from both the address bar and the search bar and pages loaded right up. Man i dont freakin believe it, it seemed to work fine after deletng the cache but now a couple searches later its crawling again.
Ill post over in bluetacks froum and see what gives.

{QUOTE-> That is one of the irritants for me, is the advertising side of things, I don’t care about ad’s, as I’m not buying. I hope in the future that we will be able to choose not to block all ad’s should be so desire. <-QUOTE}

To bad there wasnt a way to allow specific sites to bypass the host file or is there? Seems to me when i gave proxomitron a try it had similar issues and i was able to add individual sites to my bypass list. Different deal altogether, but it seems there should be some way to incorporate something like that into
a host manager program. Any programmers out there?
I just updated the bluetacks hosts file using their host manager and i chose to append this time, then i noticed that the 2 netflix entries i had previously excluded were being listed again. That should not happen correct?
Edit: never mind i didnt have the "Use Always Exclude List" checked off in the options.

Hi Allison, welcome to Wilders.

I have split you post off into its own thread HERE (http://www.wilderssecurity.com/showthread.php?t=104245)

Cheers ;D