I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

...screamer

Well....

Give her a password-protected ISR-software, not with her password, but YOUR password and keep it FROZEN.

-{ Quote: "Give her a password-protected ISR-software, not with her password, but YOUR password and keep it FROZEN." }-

Erik,

The vendors who currently sell FD-ISR no longer include the Freeze option.

-{ Quote: "Erik,

The vendors who currently sell FD-ISR no longer include the Freeze option." }-
I wasn't talking about FDISR, DeepFreeze has a password.

But will DF allow her to save documents. i.e. not discard them upon re-boot?
While its in Freeze mode? Also needs to be able to get AV updates w/o my intervention.

-{ Quote: "But will DF allow her to save documents. i.e. not discard them upon re-boot?
While its in Freeze mode?" }-
I dunno for sure, but I'm sure that DeepFreeze has options to exclude folders and you can also create two partitions : system and data.

Returnil in continious session,before and after reboot,should educate her to use VP or another parttition.

@All,

I need a simple, no intervention solution. I don't want to have to educate her or involve her in any of this software. I've got personal reasons for this.
Even installing a pristine FD-ISR Primary SnapShot and allowing her to work in Secondary SnapShot, is too much trouble, since I will be the one who has to revert to Primary.

Essentially, I want an app that will Freeze configuration, but allow updates and saving documents, w/o my intervention. Perhaps I'm asking for too much.

What do schools & libraries use to freeze their public boxes?

...screamer

-{ Quote: "What do schools & libraries use to freeze their public boxes?
" }-Probably something along the lines of Deep Freeze and Anti-Executable (to handle portable/etc. application installs and launches), both from Faronics (http://www.faronics.com/), with save locations on a thawed partition dedicated to transient data only. Or something along those lines configured using OS groups and policies since they'll typically exist on a centrally administered domain. Updates could be an issue.

Blue

If you use DeepFreeze disable the automatic update of each software including Windows.
Once a month you do this :
1. Blindfold your daughter.
2. Boot in thawed mode with YOUR password.
3. Perform all updates of Windows and Applications.
4. Boot in frozen mode.
5. Unblindfold your daughter.

Hi, screamer; If your daughter is able to turn on and off light switch, then she has the IQ sufficient to use DeepFreeze standard version. It has only three options with password protection option. She may receive AV auto updates in frozen mode, but do not worry, that update will reappear in next thawed mode. DF has x days trial, what not give a spin ?

hahaha @ Erik. Tried it, she peeks

I just sent an e-mail to Faronics w/ my situation, we'll see if they have a solution. I did a search and it seems DF has a scheduled thaw mode for up-dates: AV & Windows, now all I need to know is about her being able to save her "legitimate" docs somewhere.

...screamer

-{ Quote: "hahaha @ Erik. Tried it, she peeks

I just sent an e-mail to Faronics w/ my situation, we'll see if they have a solution. I did a search and it seems DF has a scheduled thaw mode for up-dates: AV & Windows, now all I need to know is about her being able to save her "legitimate" docs somewhere.

...screamer" }-
Since many computers have only one harddisk, DeepFreeze must have an option to exclude the folder "My Documents" for instance, otherwise you can't do anything with your computer, if you can't store files or downloaded files.

If DeepFreeze doesn't have that option, you must create a data partition to store files.

HI Screamer

Simple solution. Tested it and it works. Best part free. Returnil>

First you create a virtual partition big enough for her data. Then in RVS you set the protection mode on. This way it will always boot in with protection on. Anything bad she gets will be gone on reboot. Second you select mount VP with windows start so the virtual partition will always be there. Fourth you make sure the protection in safe mode is on. Finally you set a good password.

Now when she works with her legit programs she can save the data in the Virtual Partition. It will always be there and she can work on it from there. But is she surfs and picks up crap it will be gone. Even if she puts something infected in the VP, it can't do damage from there. Finally if she's clever and tries safe mode protections is still on. Finally if she tries to uninstall she can't because protection mode is on. Tried it and it won't let you. So her only solution is to be able to open the gui, and she needs the password for that.

Tested it and it works.

Pete

Oops. you mentioned updating AV. Couple of thoughts. 1) Install and register sandboxie. Force all the browsers. This means she will be working in the sandbox. To not use the sandbox will require the extra step. (Basis is kids are lazy). True she can change sandboxie setting(again takes work) and they will go away when she reboots, so that will discourage her. With both programs, I'd almost consider skipping the AV. 2) Go with the AV, and have it check for updates on system start. Yes is will have to do larger updates with time, as they will go away with reboots, but it would work. Then when she's home you bring system current, and then lock it up again.

Hi Pete,

That's a lot to digest right now. In essence, if she downloads research w/ Sandboxie on, will she be able to save it somewhere.

Reason for AV is not so much D/Ling an infected app as it is a infection from IM. So I really need AV on this box.

...screamer

@Erik,

Good thought about another partition :)

A few things. With Returnil this would work as long as you didn't come across the intermittant problem I have had where it loses its serial number, and no passwords work, last time that happened I had to go into safe mode and uninstall, but in the scenario you describe that may not be an option.

Also a virus program update there is likely to be a reboot which would put her in a loop, although with Avast! you could turn off the program update side of it and just allow update of definitions.

@ Perman: it's on my list of apps being considered. Basically it's come down to Returnil & DeepFreeze. Thanks for the feedback

@ Tradetime: I'll install Antivir on this box. I'll need to check if I can only do definition updates.

I'd say limited account + Returnil configured as per Peter2150's post or Deep Freeze with a data partition to save documents. Make Firefox her default browser and add Adblock Plus.

screamer,
I disabled all my automatic updatings, because I also use Anti-Executable.
Automatic updatings can occur at any moment of the day and Anti-Executable is always ON with HIGH security.
When an automatic downloads starts, AE acts immediately when executable is changed during the downloading and the upgraded software gets corrupted.
I had it two times in practice and that's why I do updatings manually, when AE = OFF.
AE is very good, but very irritating too. :)

-{ Quote: "screamer,
I disabled all my automatic updatings, because I also use Anti-Executable.
Automatic updatings can occur at any moment of the day and Anti-Executable is always ON with HIGH security.
When an automatic downloads starts, AE acts immediately when executable is changed during the downloading and the upgraded software gets corrupted.
I had it two times in practice and that's why I do updatings manually, when AE = OFF.
AE is very good, but very irritating too. :)" }-

Remember this for a young lady of college age. So it has to be hands off. No way on AE. It's very effective, but it is a pain in the arse.

-{ Quote: "Hi Pete,

That's a lot to digest right now. In essence, if she downloads research w/ Sandboxie on, will she be able to save it somewhere.

Reason for AV is not so much D/Ling an infected app as it is a infection from IM. So I really need AV on this box.

...screamer

@Erik,

Good thought about another partition :)" }-

With Sandboxie you could recover anything you need into the ReturnIL partition. Also you could force the IM program into the sandbox. Even so if an infection came from an IM, it would still be gone after reboot.

Pete

-{ Quote: "I'd say limited account + Returnil configured as per Peter2150's post or Deep Freeze with a data partition to save documents. Make Firefox her default browser and add Adblock Plus." }-

Yeah, I'd have to agree. It seems to be the least hands on solution. I'm also going to assign it a Static IP so I can block this box from the rest of the network, but allow Internet access. I think w/ this set-up and K-9 web protection, I should be on my way.

BTW: can I create a partition on C: Drive if there's already data written to it?
The box shes getting is my wifes. I'm keeping the new one ;)

...screamer

screamer <-- going into Information Overload

-{ Quote: "Yeah, I'd have to agree. It seems to be the least hands on solution. I'm also going to assign it a Static IP so I can block this box from the rest of the network, but allow Internet access. I think w/ this set-up and K-9 web protection, I should be on my way.

BTW: can I create a partition on C: Drive if there's already data written to it?
The box shes getting is my wifes. I'm keeping the new one ;)

...screamer" }-

To answer the BTW.

If currently there is only one partition on the drive you would have to first shrink it. Here's how I'd do it with Acronis disk director.

1. Defrag
2. Using disk director shrink the partition. It would move the data if it had to.
3. Create partition.

But if you use Returnil's virtual partition you don't have to do all that. Just create it when you install. If it isn't mounted it is just a file on your C: drive. When mounted it becomes drive Z:

Pete

-{ Quote: "Remember this for a young lady of college age. So it has to be hands off. No way on AE. It's very effective, but it is a pain in the arse." }-
Yes indeed, a frozen state will be annoying enough for her and two pains at the same time is too much.

I guess it would be easiest if Returnil was the last app installed?

When I turn the box over to my daughter I need to replace NOD32 w/ Avira and OutPost Pro w/ Comodo.

...screamer

-{ Quote: "I guess it would be easiest if Returnil was the last app installed?

When I turn the box over to my daughter I need to replace NOD32 w/ Avira and OutPost Pro w/ Comodo.

...screamer" }-
I would install Returnil as last software, although it doesn't matter as long you install with Returnil = UNfrozen.
After all you will install new softwares in the future and then Returnil will be installed already.

-{ Quote: "I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

...screamer" }-
I know this is probably not what you're looking for, but one real solution is Linux. Pretty much nothing can happen on a Linux box as far as malware, spyware or viruses go... something to ponder perhaps...

-{ Quote: "I know this is probably not what you're looking for, but one real solution is Linux. Pretty much nothing can happen on a Linux box as far as malware, spyware or viruses go... something to ponder perhaps..." }-

Not at all a solution. Read what OP is doing. This is not a computer geek, but a young college age girl. Simple is what is needed, but not linux.

I would suggest a good AV and an antispyware app. Maybe MVPS host files. If possible a local or online backup app, if things go wrong. Too much Sandboxing and virutalization may cause the PC to slow.

-{ Quote: "Not at all a solution. Read what OP is doing. This is not a computer geek, but a young college age girl. Simple is what is needed, but not linux." }-
Perhaps not the best solution, but many Linux distros nowadays are approaching the point where they are extremely simple to use out of the box, no geek required. Granted, adding programs and doing other tasks would not be as straightforward as Win. So I would have to agree in this case I guess...

Bottom line is: There is no substitute for a little user education...

-{ Quote: "Perhaps not the best solution, but many Linux distros nowadays are approaching the point where they are extremely simple to use out of the box, no geek required. Granted, adding programs and doing other tasks would not be as straightforward as Win. So I would have to agree in this case I guess...

Bottom line is: There is no substitute for a little user education..." }-

You obviously have never had a teen daughter.;D ;D ;D

-{ Quote: "You obviously have never had a teen daughter.;D ;D ;D" }-
Hahaha... Good one.. Yes, you are correct... ;D

-{ Quote: "I know this is probably not what you're looking for, but one real solution is Linux. Pretty much nothing can happen on a Linux box as far as malware, spyware or viruses go... something to ponder perhaps..." }-
Good on you Kerodo. ;D

Even though others disagree. I agree.

-{ Quote: "Good on you Kerodo. ;D

Even though others disagree. I agree." }-
Quite a few contradictions here.
One says not too much sandboxing and virtualization, another one recommends sandboxing and virtualization. One Windows, another one Linux.
Poor daughter, who has to work with all that stuff.

-{ Quote: "I'd like to hear suggestions for keeping her box in the condition I give it to her in." }-Is she permitted to install programs?

-rich

-{ Quote: "Is she permitted to install programs?

-rich" }-
That gives me the thought that perhaps an LUA might be the way to go....

I think this would work for you. http://www.horizondatasys.com/231846.ihtml

Drive Vaccine PC Restore Plus...
Advanced System Restore Software.

"Accomodate Windows OS And Anti-Virus Updates - Drive Vaccine (Plus Edition) can be configured to easily accommodate Windows Critical OS and Anti-virus definition updates right out of the box. No complex batch files, scripting, or scheduling PC downtimes. Drive Vaccine (Plus Edition) simplifies the process of maintaining updated security patches and virus definitions.

Persistent Storage Space (Immune area) - Administrators, can create an immune folder space in order to save files for permanent storage (Plus Edition). This enables computer users to save files and folders for permanent storage, keeping them exempt from the restoration process.
"

EDIT: And yes schools use this.

Thanks,

Chris

-{ Quote: "If you use DeepFreeze disable the automatic update of each software including Windows.
Once a month you do this :
1. Blindfold your daughter.
2. Boot in thawed mode with YOUR password.
3. Perform all updates of Windows and Applications.
4. Boot in frozen mode.
5. Unblindfold your daughter." }-


..... Hahahahaha :D This folder's contents should be recommended to S. Spielberg or Monty Python and made into a movie!

:thumb: :o

I would suggest ReturnIl for protecting the OS and Mojopac freedom on the secondary partition.

This will keep her safe and will give her the necessary freedom to test software, install games, etc. ;)

Panagiotis

-{ Quote: "I think this would work for you.

Drive Vaccine PC Restore Plus...
Advanced System Restore Software.

" }-

This sound like just what the doctor ordered. Just D/L'd a trial, I'll give it a whirl and report back

thanks,

...screamer

-{ Quote: "This sound like just what the doctor ordered. Just D/L'd a trial, I'll give it a whirl and report back

thanks,

...screamer" }-
Looking forward to your results. Mine were good. If I didn't need snapshot software I would be using it.

Thanks,

Chris

If you install Linux OS like PCLOS, Ubuntu or SuSE, there is no way she can botch it up, and Ubuntu updates on its own so you won't have to do any sort of maintenance, no need for AV, reg cleaners, defraggers etc. and no chance of system file being damaged so its basically a good strategy for novices.

-{ Quote: "Looking forward to your results. Mine were good. If I didn't need snapshot software I would be using it.

Thanks,

Chris" }-

Chris, I installed, but needed to un-install. "immune folders" were not present nor were any settings to make folder immune??? Said option would be available May 07. I don't see it.

...screamer

-{ Quote: "If you install Linux OS like PCLOS, Ubuntu or SuSE, there is no way she can botch it up, and Ubuntu updates on its own so you won't have to do any sort of maintenance, no need for AV, reg cleaners, defraggers etc. and no chance of system file being damaged so its basically a good strategy for novices." }-

And of course if she is in college and is required to run Microsoft Word she will be able to do that?? Plus some schools require an AV just to get on the net. Linux is not yet the ultimate solution for everyone.

I'm not familiar w/ Lunix, so if she runs into trouble it'll be a long time for a fix. Search, search, search...

It's outa the question, I need to stick w/ Windows. Her professors post the work in Word .docs.

...screamer

Avast Pro and Home have IM scanning capabilities. You can use this for her IMing.

-{ Quote: "Chris, I installed, but needed to un-install. "immune folders" were not present nor were any settings to make folder immune??? Said option would be available May 07. I don't see it.

...screamer" }-
I'll get you an answer quick on this one and I'll let you know. Sorry I didn't see that part. They are usually very good at getting back to me quick so just hang in there..

Thanks,

Chris

-{ Quote: "screamer <-- going into Information Overload" }-
In an effort to not make you explode completely, this is the 'potted' version of what I do in the same circumstance :) :

Image the drive as it is.

Create a second partition on your C drive for the data (if the drive is big enough, create a third one for backup images and yes, this can be done with existing data already on the drive).

For simplicity, use Folder Mover (http://www.eazsolution.com/en/download_foldermover.php) to move your desktop and My Documents etc to the data drive.

Install an AV and firewall to the data drive so that it can be kept updated.

Defrag the C drive.

Take another image.

Install Rollback RX (http://www.horizondatasys.com/169614.ihtml) and set it up to:
....only protect the C drive
....do a restore at reboot to the current snapshot
....go into stealth mode as required
....not to automatically take any snapshots
....not to automatically do anything else at all


You will then have a system which will have a system drive which cleans itself on rebooting. System changes can be kept by simply taking a new snapshot (just takes a few seconds) but if the changes prove to be bad you can still revert to the previous snapshot.

The My Documents data and Desktop will stay current as they are on the data drive. If you don't want your daughter to make snapshots then you can password protect and/or hide completely the Rollback interface but even if you do allow her to take snapshots, you still have the option of restoring back to a previous snapshot if you don't like the changes.

I use this system on my home pc's and it works for me as it is pretty much transparent to whoever uses the system but is very flexible if I want to make changes.

For backing up and for simplicity, I would be inclined to use the built in imaging in Rollback which can be used to image any partition even if it is not protecting it. It will currently only restore a single snapshot but that is probably good enough with this setup in the event of disaster recovery.

For speed, it is handy to have a third partition to store backups but make sure you have a seperate backup on a second or external drive in any event.

Documents can be backed up as frequently as required to a pen drive using any number of backup applications.

Graham

Graham

I don't remember, but does Rollback have a good password protection scheme. I also don't remember if it does what you can then do or not do at the preboot phase. I think that is an important component.

Pete

I'm in the process of a clean install of Win XP Home at the moment. Then I think I'll give Returnil a whirl. I tried this app last night / early this morning and had issues getting it to turn protection off. I did install w/ Protection OFF, create virtual partition, set scheduling for app updates... Looks good, except for turning protection off thing. I think I can live w/ that issue though.

I've got ~a week before I need to turn this machine over to her, so I have time to fool w/ everything ;)

...screamer

-{ Quote: "Graham

I don't remember, but does Rollback have a good password protection scheme. I also don't remember if it does what you can then do or not do at the preboot phase. I think that is an important component.

Pete" }-


yes.....

-{ Quote: "To prevent unauthorized users from rollback the system or recover your hidden files, you can password protect the access to Rollback Rx consoles by enabling Access control. Access Control's user accounts and password apply to both Rollback Rx Application Console and the Subsystem Console.
" }-

-{ Quote: "I don't remember, but does Rollback have a good password protection scheme. I also don't remember if it does what you can then do or not do at the preboot phase. I think that is an important component." }-
Pete, I'm not qualified to say if it is a good password protection scheme but, yes, it does have one :) . I don't use it myself but it appears that you can set up as many users as you like and individually configure their access to the various actions available.

The configurable items are:
Rollback system
Take snapshot
Change password
Change program settings
Schedule rollback
Recover files
Update baseline
Delete snapshots
Reset to baseline
Schedule new snapshots
Set data security
Delete program logs

Any of these which are normally available via the sub-console would also be password protected there as well. Of course, you can also change the key to invoke the sub-console as well as hiding it on bootup.

Graham

-{ Quote: "I'm in the process of a clean install of Win XP Home at the moment. Then I think I'll give Returnil a whirl. I tried this app last night / early this morning and had issues getting it to turn protection off. I did install w/ Protection OFF, create virtual partition, set scheduling for app updates... Looks good, except for turning protection off thing. I think I can live w/ that issue though.

I've got ~a week before I need to turn this machine over to her, so I have time to fool w/ everything ;)

...screamer" }-
Hi screamer,

if you plan to use windows xp for your daughter you should give a try at Windows SteadyState (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx). It is free and since you do not want multiple snapshots it should be ok for your setup. It can be instructed to retain updates of the OS and of antivirus programs.
-{ Quote: "Windows SteadyState replaces the Shared Computer Toolkit as an efficient method of managing shared computers running Windows XP. Now you can learn more about it in the handbook. The handbook includes:

* New user console with tabbed navigation that lets you easily manage shared computers from a single console.
* Windows Disk Protection is now file-based so you can set up and install without changing your disk partitions.
* Windows Disk Protection now supports group policy so you can manage it in an Active Directory environment.
* More software restriction options give you greater control over which programs can be used.
* More user restriction options, including significantly greater control over Internet Explorer.
* High, medium, and low security defaults allow for quicker and easier customization.
* Easily import and export user restrictions directly from the console, without using command line tools.
* Easier setup and better documentation to help you get started." }-

Would Altiris SVS, along with good antivirus etc be an option? This would save her losing anything on a reboot using Returnil.

I'm 62 yrs old and it only took me three days to figure out how to use the basics in Altiris. I finally got my neighbor and his son over here. The kid had never seen Altiris before. He had it figured out in barely fifteen minutes and walked me through it. Piece of cake.............................NOW. I was doing it correctly from the start, by the way, but was too stupid to realize it.

Altiris isn't security and isn't intended to be, but all school work she did in Word or OpenOffice would be saved in layers, and anything else she installed such as games or whatever, would be in its layer and never touch the HD.

-{ Quote: "I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

...screamer" }-
I feel for you man. I set up a Dell for my daughter, and her 2 daughters 10yrs, and 12 yrs. old. The 12 year old uses computers in school, has no fear and thinks she knows what she's doing. My Daughter is totally computer illiterate and can't even tell you what's wrong when she has a problem. I am constantly going over to my Daughters house to save their bacon. It's actually good practice for me but who needs it.:blink:

Hello,
Would using non-MS OS be even considered as an option?
Mrk

-{ Quote: "Hello,
Would using non-MS OS be even considered as an option?
Mrk" }-

Is there one, that would meet the need, of simplicity, foolproof security, and the ability to run MS Office programs. Remember her teachers will be using DOC files, and yes open office is supposed to be compatible, but if she does something and turns it in and the teacher can't open it in Word, it will be her problem. So it begs the question, why chance it. Also some schools say you have to run "this" AV, and if won't run under non-mS operating system, she doesn't get network access.

Non MS OS's have there place, but I don't think this is one of them. Yet.

-{ Quote: "I feel for you man. I set up a Dell for my daughter, and her 2 daughters 10yrs, and 12 yrs. old. The 12 year old uses computers in school, has no fear and thinks she knows what she's doing. My Daughter is totally computer illiterate and can't even tell you what's wrong when she has a problem. I am constantly going over to my Daughters house to save their bacon. It's actually good practice for me but who needs it.:blink:" }-


hahaha, yeah, I'm there now, been there and will be there for a coupla years to come. The one in college knows "Everything" about computers... This is why she's on her second one in as many years. If it's possible for it to autostart on logon, she has it, but wants to know why her box takes sooo long to start. I tell her, and I get an argument. Actually I was happy just let her go to the library to use theirs, but the wife... Geez, I can't win. Not only do I need to pay for it, I need to set it up & make it foolproof / bulletproof.

...screamer

btw: tried Returnil, couldn't get it to boot into a thawed mode :(
tried the MS app (name escapes me) Pain in the ass
Tried DeepFreeze, wont work for this situation. No external drive

Just sent an e-mail to Horizon Data about their Drive Vaccine PC restore app. If it does actually have a partition to save files to, I'll give it another shot

Pete: you are correct, she needs to submit here papers in MS Word. That's the way the assingments are posted also.

-{ Quote: "hahaha, yeah, I'm there now, been there and will be there for a coupla years to come. The one in college knows "Everything" about computers... This is why she's on her second one in as many years. If it's possible for it to autostart on logon, she has it, but wants to know why her box takes sooo long to start. I tell her, and I get an argument. Actually I was happy just let her go to the library to use theirs, but the wife... Geez, I can't win. Not only do I need to pay for it, I need to set it up & make it foolproof / bulletproof.

" }-

and pay and pay and pay...;D This is exactlly why suggesting LInux is almost a laugh.

Open Office under Linux reads almost all the MS Office formats, I have had no problems opening MS Office documents in my years of running Linux, I teach in a university so I do get a lot of them. As for bulletproof and foolproof OS which will need minimal user intervention after setup as well as no chance of the user running it leading to all sorts of issues. No need for imaging or system restore in Linux, as a novice, you simply can't ruin a Linux install as you are always on a non root account. No need to tell the user to keep updates for the virus program checked or download latest programs and signature for the HIPS. If the HIPS asks for permission for a particular program, the panicked user would have to rush to the original installer, now all this is not the case with Linux.

Good on you Arup. :thumb:

@arup
@zapjb

You guys are like broken records that just keep on repeating and repeating. What is it about he isn't going to use linux that you don't understand.

From my own perspective Open Office is good for a lot of things, but it isn't a replace for MS Office. I've looked at it, and it sure wouldn't replace office for me.

Same is true of Linux. And if I were sending a kid off to college, thats the last thing in the world I do.

Glad you guys like it and thats great, but it's not for everyone or every situation. For this thread give it up.

-{ Quote: "And of course if she is in college and is required to run Microsoft Word she will be able to do that?? Plus some schools require an AV just to get on the net. Linux is not yet the ultimate solution for everyone." }-

hmm, no malice whatsoever, p2150... M$_WORD ability as a fully functional WProc is not imperative in course works. OpenOfc can do that job as well, more so with its recently relased v2.0., both at opening/editing/saving to & from .doc format. Same too for OpenOfc's .xls & .ppt equivalent of M$-Ofc's.

And if you're not satisfied with the extensiveness of OpenOfc's templates... then use the openSource version of STARofc (which is the most closely knitted with M$ WORD's). Either one of these 2 open source apps were substantially lighter than that sumo-size & sec-nightmarish M$-Office Suite!

As far as AV is concern, AV-Libres are available for Linux (anyFlavour). Just browse for one, dwnload & bolt it on. Therefore, that's no problemo either.

re: arupOn the otherhand... the intended user was a college lady, who had never touch a Penguin in her whole life, and so does her dad who - started this post. Therefore Arup...let's do a K.I.S.S.

...for the benefit of the college gal, ok?

------------------
EDITED: missed words

I have Word 2002, have seen and used 2007 but don't see the point of changing, and have OpenOffice 2.3.

Other than Word having a sometimes useful grammar check, I much prefer OpenOffice. One problem with that I've found in Word is, when you approach the 175 page mark in a novel, it will sometimes (not always) begin messing up the formatting. OpenOffice is rock solid in that respect.

OpenOffice can also save in Word format, although the formatting is sometimes screwed up in places on long documents.

-{ Quote: "@arup
@zapjb

You guys are like broken records that just keep on repeating and repeating. What is it about he isn't going to use linux that you don't understand.

From my own perspective Open Office is good for a lot of things, but it isn't a replace for MS Office. I've looked at it, and it sure wouldn't replace office for me.

Same is true of Linux. And if I were sending a kid off to college, thats the last thing in the world I do.

Glad you guys like it and thats great, but it's not for everyone or every situation. For this thread give it up." }-

I am not forcing anyone to use Linux, just pointing it out as an option, its entirely up to the person to use whatsoever he or she wants.So in your words you are banning the mention the mere mention of Linux as an alternative to MS forever. Fair enough, its apparent you have no idea about today's Linux and its evident your perceptions are based on the days of Linux where one had to install from Kernel onward. In that case, I would ask for a voluntary ban as well, what good is a forum where you are being forbidden to post your views and options. I guess GOD is the synonym for MOD here. I am glad to have been given the opportunity to post here and have made good associations and this forum has enriched my perspective about security and software in general, but now its time for goodbye.

About OO versus MS Office, OO is far more stable with way less issues and if you get OO Oxygen, it has everything you need compared to MS Office except the hype but I guess, hype is the norm here. OO is free so it will never get the respect of a $700 suite.

Open Office Oxygen??? Never heard of it. Guess I'll have to find it and take a look. I can see another download in my future if it's anywhere as good as OO 2.3.

-{ Quote: "Open Office Oxygen??? Never heard of it. Guess I'll have to find it and take a look. I can see another download in my future if it's anywhere as good as OO 2.3." }-


http://sourceforge.net/projects/ooop

Its 2.3 with many more features including VBA support.

-{ Quote: "I am not forcing anyone to use Linux, just pointing it out as an option, its entirely up to the person to use whatsoever he or she wants.So in your words you are banning the mention the mere mention of Linux as an alternative to MS forever. Fair enough, its apparent you have no idea about today's Linux and its evident your perceptions are based on the days of Linux where one had to install from Kernel onward. In that case, I would ask for a voluntary ban as well, what good is a forum where you are being forbidden to post your views and options. I guess GOD is the synonym for MOD here. I am glad to have been given the opportunity to post here and have made good associations and this forum has enriched my perspective about security and software in general, but now its time for goodbye.

About OO versus MS Office, OO is far more stable with way less issues and if you get OO Oxygen, it has everything you need compared to MS Office except the hype but I guess, hype is the norm here. OO is free so it will never get the respect of a $700 suite." }-

Wasn't posting as a MOD. OP said Linux was ruled out. To keep posting about it's benefits are pointless.

-{ Quote: "I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

...screamer" }-

I am requoting the OP question to try and refocus this discussion. No question here about which office program, etc. While Linux conceivably could be an option OP ruled it out.

Discussing OS, Office programs and the like are pointless. We don't know the constraints, requirements etc, so posting about them gets futile, and leads them into la la land.

Lets confine the discussion to specifics about the question. If he wants to discuss Office products, new thread.

Pete

Just as an update: I partitioned C: into C & F w/ Disk Director. I'm using Returnil. It seems to be behaving better after 4 re-installs. All my updates, scans and de-frags are done during a thaw period from 1am -> 5am.

I put the My Docs folder into F and I'm attempting to use SyncBack to back-up the Firefox Profile folder to ( F) on Logoff or Shutdown. Then sync back to (C) on Logon. It's gonna take a little tweaking, but I'm confident that I can get something acceptable to handle the Bookmarks issue.

I don't remember where I read that the Firefox Profile has to be in the system partition and not on separate partition / external HDD. Can anyone confirm this and perhaps save me some fiddling around?

If anyone has a suggestion on this part, I'd love to hear it.

...screamer

-{ Quote: "

I don't remember where I read that the Firefox Profile has to be in the system partition and not on separate partition / external HDD. Can anyone confirm this and perhaps save me some fiddling around?

If anyone has a suggestion on this part, I'd love to hear it.

...screamer" }-
This might be of help came up in another thread.
http://www.wilderssecurity.com/showpost.php?p=1088521&postcount=7
from this thread
http://www.wilderssecurity.com/showthread.php?t=187197

-{ Quote: "If anyone has a suggestion on this part, I'd love to hear it." }-Since it's not really been mentioned and I would assume that Returnil will implement this type of functionality at some point, have you considered either ShadowDefender ($35) (http://www.shadowdefender.com/) or ShadowUser Pro ($70) (http://www.storagecraft.com/products/ShadowUser/)? Same basic idea as Returnil, but you are able to define excluded drives and/or folders or files (vs the scheduled thaw). Not sure if either is better/worse for your needs. See Which Shadow Program and Why? (http://www.wilderssecurity.com/showthread.php?t=188322) for some additional discussion.

Blue

a different tack ...


FD ISR for when it gets messed up

day to day Defensewall + prevx

@Tradetime, thanks, that'll work.

@BZ, I may consider SD $35.00. I just bought the new box.

In fact I may need to swap out Returnil, she uses Picassa for photos and I guess (w/o checking) that Picassa stores the photos on the system drive.

...screamer

-{ Quote: "a different tack ...


FD ISR for when it gets messed up

day to day Defensewall + prevx" }-

FDISR already ruled out. Won't do the required job. Has to be kid proof and she can't turn it off.

-{ Quote: "Since it's not really been mentioned and I would assume that Returnil will implement this type of functionality at some point, have you considered either ShadowDefender ($35) (http://www.shadowdefender.com/) or ShadowUser Pro ($70) (http://www.storagecraft.com/products/ShadowUser/)? Same basic idea as Returnil, but you are able to define excluded drives and/or folders or files (vs the scheduled thaw). Not sure if either is better/worse for your needs. See Which Shadow Program and Why? (http://www.wilderssecurity.com/showthread.php?t=188322) for some additional discussion.

Blue" }-

I Played with SD in light of this need, but it doesn't do the job. Password doesn't work quite the same way as in Returnil

-{ Quote: "I Played with SD in light of this need, but it doesn't do the job. Password doesn't work quite the same way as in Returnil" }-

Can you specify what you mean by this?

I have no problems with SD excluding files/ folders from shadowing & automatically commiting updates to these exclusions.
I appreciate you had some problems with SD but the latest update does seem to work without problems.
I haven't played around with passwording SD so I have no idea how robust it would be.
Returnil is a nice app. but IMHO doesn't offer any more than SD in this regard.
That said, with the OP's request I'm not convinced shadowing's the way to go anyway.
The problem at the moment for parents of semi-computer savvy kids is that there isn't yet a single product that covers the need for a steady state & protected system and allows easy data back up & maintenance such as Windows & AV updates without too much parental intervention!
I've spent hours trying to develop a suitable setup for my oldest and 3 months later I am still thrashing around looking at different combos of Deep Freeze, Shadow User, SD, Returnil, Rollback Rx ,SandboxIE, Folder Mover, Drive Sentry and various folder 'locking' softwares.
The problem is that none of these softwares were truely designed for the job required - usually they're for public computers where steady state and centrally administered updates are the norm & often they're far too complicated to be used in a largely unattended fashion.
My best suggestion at this stage for the OP would be to go for Rollback Rx, Defense Wall, Online Armor, Realtime AV & on demand AS with a separate Data partition, moving My Docs to that area , accepting that every week or so you will need to clean, Rollback & update in that order.
Ultimately, I guess some smart company will address the need for a suitable system for home users but by that stage I guess my oldest will probably have downloaded half the spyware on the net & hacked a few corporate mainframes... Ho, hum...

-{ Quote: "Password doesn't work quite the same way as in Returnil" }-

This is confusing...what's the difference ? I don't know about Returnil but for SD, if you set the password, users will need to key in the password to access the menu or disable it.

OKay, my bad, I just went back and tested the password stuff in SD. You guys are right, but ironically it won't accomplish what screamer wants.

Remember he's concerned about his daughter downloading every piece of crap under the sun. Yes if shadow defender is on and passworded protected she reboots, and crap is gone, and nothing she can do about it, right. Unfortunately wrong.

Daughter download a whole bunch of stuff that gets installed, and she wants to keep it. Dad's little toy gets rid of it on reboot. Her solution is go to explorer, right click on the whole C: drive, and commit it. With commit there is no password challenge. She can reboot, and she has completely defeated Shadow Defender.

Pete

-{ Quote: "Daughter download a whole bunch of stuff that gets installed, and she wants to keep it. Dad's little toy gets rid of it on reboot. Her solution is go to explorer, right click on the whole C: drive, and commit it. With commit there is no password challenge. She can reboot, and she has completely defeated Shadow Defender.
Pete" }-

Agree.....screamer's best bet is Rollback scheduled to take snapshots in the background without her daughter knowing it. Then when the computer has problems, he can rollback to a functional state and she will learn her simple ways. Really no point talking about a pristine computer with a new user.

Personally, this is my set up. I have 4 partitions. C: is my Windows drive. E: is my Program Files drive. F: is my documents drive and G: is my security drive. I use Deep Freeze and have my C: and E: frozen. I have any program that keeps a profile or data file saved to my documents drive (ie Firefox & Thunderbird profile, Quicken data files, My Documents, etc). My anti-virus, firewall...essentially any security program that requires an update installed on the G: drive.

Works great for me.

-{ Quote: "Personally, this is my set up. I have 4 partitions. C: is my Windows drive. E: is my Program Files drive. F: is my documents drive and G: is my security drive. I use Deep Freeze and have my C: and D: frozen. I have any program that keeps a profile or data file saved to my documents drive (ie Firefox & Thunderbird profile, Quicken data files, My Documents, etc). My anti-virus, firewall...essentially any security program that requires an update installed on the G: drive.

Works great for me." }-

LOL.....what is your D drive ? Is this a test or what ?

-{ Quote: "Personally, this is my set up. I have 4 partitions. C: is my Windows drive. E: is my Program Files drive. F: is my documents drive and G: is my security drive. I use Deep Freeze and have my C: and D: frozen. I have any program that keeps a profile or data file saved to my documents drive (ie Firefox & Thunderbird profile, Quicken data files, My Documents, etc). My anti-virus, firewall...essentially any security program that requires an update installed on the G: drive.

Works great for me." }-

Fine binary, but we aren't talking general solutions, we are talking about what the original poster wants to accomplished. Don't think your setup would cover it.

-{ Quote: "LOL.....what is your D drive ? Is this a test or what ?" }-

Answering this would be off topic. Lets stay on topic.

Pete

-{ Quote: "Agree.....screamer's best bet is Rollback scheduled to take snapshots in the background without her daughter knowing it. Then when the computer has problems, he can rollback to a functional state and she will learn her simple ways. Really no point talking about a pristine computer with a new user." }-

He won't be there. Use of Rollback would be to use it as a freeze type program.

-{ Quote: "Fine binary, but we aren't talking general solutions, we are talking about what the original poster wants to accomplished. Don't think your setup would cover it." }-I admit, I didn't read each post, but I thought this might help. One correction though. C: and E: are frozen. Malware can't infect the program files or window files. Since both the F: and G: drives are unfrozen, documents can be saved to the F: and emails and favorites are saved there also. New virus files, modification to the firewall, etc are allowed on the G: drive.

I guess I'll go read the entire thread thoroughly when I get home.

-{ Quote: "tried the MS app (name escapes me) Pain in the ass
" }-
Windows SteadyState a pain in the ass? ???
Maybe you are talking about its predecessor Shared Computer Toolkit; that was really difficult to configure and maintain even for advanced users. But SteadyState is a pretty easy. And the most important, is the only application that can deliver what you want.

ps. You do not even have to install another software for achieving what you want. If you know how to use the account group policy, you can easily make XP safe for your daughter. SteadyState makes configuring and managing the users accounts a joke. ;)

-{ Quote: "Windows SteadyState a pain in the ass? ???
SteadyState makes configuring and managing the users accounts a joke. ;)" }-

There were too many options to configure for my liking. Unfortunately, when I un-installed this app, it took some of my configuring and managing abilities with it. In limited account I no longer had XP Style Start Menu, couldn't access the registry even when I change her account to Admin. Fortunately all I needed to do was to delete her account and set up another limited account. All the settings were available again.

I'm in the process of trialling Shadow Defender. It doesn't show up in the task bar of the limited user account and I can always remove it from the Start Menu. If push comes to shove, I can disguise the folder name in Program Files, but I really doubt it'll come to that.

I want to thank everyone for their active participation in this thread. :)

...screamer

if your daughter is pissed off because of the application you installed in her new PC, she might run windows recovery disc and she can start from scratch without you knowing it.

how you will solve that? ;D

-{ Quote: " Her solution is go to explorer, right click on the whole C: drive, and commit it. With commit there is no password challenge. She can reboot, and she has completely defeated Shadow Defender." }-I would have assumed that this only committed the predefined commit locations, but the shell menu extension can also be removed by unchecking the "Enable shell context menu extension" option. I haven't tried, but assume that password enabling prevents this from being altered at will as well.

In any event, physical access and a motivated user are two things that are difficult to defeat.

Blue

-{ Quote: "I would have assumed that this only committed the predefined commit locations, but the shell menu extension can also be removed by unchecking the "Enable shell context menu extension" option. I haven't tried, but assume that password enabling prevents this from being altered at will as well.

In any event, physical access and a motivated user are two things that are difficult to defeat.

Blue" }-

You are right.

Hello,
Can you set her machine up with security policies?
That should be fully transparent.
Mrk

-{ Quote: "Hello,
Can you set her machine up with security policies?
That should be fully transparent.
Mrk" }-

After I removed Steady State, I can't access the security policies. Naturally I didn't follow my own rule of backing-up prior to changing something significant. I'm afraid this will take a complete re-install, and I'm not willing to go that far.

The documents she worked on yesterday were saved, the changes she made to the box were discarded.
It appears that Shadow Defender (thanks Blue Zannetti) is the answer and I'll run it till weeks end. If it proves itself a viable solution, I'll purchase it.

...screamer

-{ Quote: " the changes she made to the box were discarded.
" }-
Was the daughter happy with the removal of the changes, she made to the box ?

-{ Quote: "Was the daughter happy with the removal of the changes, she made to the box ?" }-

No, but it doesn't matter, My House, My Food, My Rules...

...screamer <-- demigod

-{ Quote: "It appears that Shadow Defender (thanks Blue Zannetti) is the answer and I'll run it till weeks end. If it proves itself a viable solution, I'll purchase it." }-screamer,

My pleasure - but yes, try it on a bit to make sure it fits your needs.

Current build seems stable enough, and this type of package (as either SD, Returnil, ShadowUser Pro, or many of the other somewhat related applications) go a long way to providing anyone simple effective protection.

Blue