This is the setup I made for my parents: Avast, Vista firewall, Windows defender, UAC.

And most important thing: One limited user account for daily work. Another PURELY for banking/ebay etc. This eliminates majority of major threats.

What do you think?

Switch to OpenDNS for their surfing, that will help make the banking safer.

Acadia

-{ Quote: "Switch to OpenDNS for their surfing, that will help make the banking safer.

Acadia" }-
How does openDNS help here?

http://www.opendns.com/solutions/homenetwork/anti-phishing/

Acadia

-{ Quote: "http://www.opendns.com/solutions/homenetwork/anti-phishing/

Acadia" }-
They do not have static IP, so I-m afraid this doesn-t work. Or is phishing filter on as default?

-{ Quote: "They do not have static IP, so I-m afraid this doesn-t work. Or is phishing filter on as default?" }-
.
A static IP makes things easier, but you can download a small OpenDNS applet that sits in the tray to check and update the dynamic IP when necessary.

-{ Quote: "This is the setup I made for my parents: Avast, Vista firewall, Windows defender, UAC.

And most important thing: One limited user account for daily work. Another PURELY for banking/ebay etc. This eliminates majority of major threats.

What do you think?" }-
.
That looks pretty good. You could add AVG link scanner. You could also dedicate a specific browser for banking and Ebay, and lock it down.

-{ Quote: "This is the setup I made for my parents: Avast, Vista firewall, Windows defender, UAC.

And most important thing: One limited user account for daily work. Another PURELY for banking/ebay etc. This eliminates majority of major threats." }-

Yeap that looks good. No maintance.
If you use IE8 its updates would be transparent to your parents.
And use another PDF reader than adobe, say foxreader.

Ako,

A second user-id for banking and shopping is a good and easy way to create a contained environment

A few suggestions allready made

1. UAC lets (preferably IE8 ) start in protected mode with the lowest rights nessecary

2. IE8 has a cross site filter build in, plus smart screen filter which analysis the URL

3. Avast webshield, also keeps you away from known bad urls

4. Adding linkscanner Free would also protect your parents against exploits in web pages

5. You could take a way the right of that specific user to change the settings of IE8 in the registry of the HKEY_CURRENT_USER, through regedit, right click mouse, like
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\

6. Add Keylogger free (and only let it show the icon, instead of the fading pop-up screen)

Thanks! Nice comments, I will perhaps add AVG linkscanner, Foxyreader, and lock IE8.

-{ Quote: "Thanks! Nice comments, I will perhaps add AVG linkscanner, Foxyreader, and lock IE8." }-
.
Regarding locking down IE8 you could move the slider to HIGH for the internet zone (in security settings) and then add the bank site and ebay to the trusted zone sites list. You will have to uncheck the HTTPS requirement to be able to add sites like eBay that don't use SSL on the home page. Enjoy :-)

It would be interesting to know if the parents do in fact use the respective accounts as intended. I tried the same with my parents sometime back with little success ('old habits'). Please let us know how things go in a month or three.

You might confirm that ActiveX is contained. I'm trying to recall if legacy ActiveX controls circumvent advanced protections in IE8/Vista. This is one of the prices we pay for backwards compatibility.

Cheers,

Eirik

I can't say I trust Ebay and Paypal (and probably some others) much.

It might make sense to create one account specifically for online banking (assuming they use only one bank).

In the past Ebay once asked my to put them in the trusted website list. Of course, I didn't. ::)

While I don't know IE 8, in my experience (a long time ago) using the highest security settings in IE 7 makes it practically unusable. Of course it's possible to do that and add specific sites in another zone, but it's not user-friendly.

-{ Quote: "It would be interesting to know if the parents do in fact use the respective accounts as intended. I tried the same with my parents sometime back with little success ('old habits'). Please let us know how things go in a month or three.

You might confirm that ActiveX is contained. I'm trying to recall if legacy ActiveX controls circumvent advanced protections in IE8/Vista. This is one of the prices we pay for backwards compatibility.

Cheers,

Eirik" }-

:) lets see if they can learn new habits. Fortunately activeX is not executed automatically anymore.

When I read this I thought you meant something else. I actually have two bank accounts- one with a small balance for online shopping/banking and one as my everyday account which is not listed online anywhere. In this set up even if your bank account gets compromised you will only lose a small amount, not the whole thing. A lot of bank accounts are free so maybe it is something to check into?

-{ Quote: "When I read this I thought you meant something else. I actually have two bank accounts- one with a small balance for online shopping/banking and one as my everyday account which is not listed online anywhere. In this set up even if your bank account gets compromised you will only lose a small amount, not the whole thing. A lot of bank accounts are free so maybe it is something to check into?" }-

That's indeed good idea. I have also done like that: big money :) cannot be reached online.