security for a reckless internet kid - Page 2

Hungry Man · #26 May 18th, 2012, 04:00 AM

Most of what I've seen listed here would not work for a kid.

1) If I were a kid and someone put software on my computer that was annoying I'd just uninstall it. Password or not it's not like it's hard to remove this stuff - at most you'd have to boot to safe mode and do it through there.

2) The basis of a lot of what I'm seeing is that changes won't be permanent... uhhhhh the kid will just make them permanent. He trusts that pirated game crack more than security software.

Focus on security that stays away from the kid. Nothing they'll have to interact with. EMET and Chrome or IE9 to deal with exploits without being a pain to deal with and pretty much any AV will cover the rest, I'd go with MSE because of its consistently low false positives.

Anything more than that and they're just going to ignore the security.

Yanick · #27 May 18th, 2012, 04:58 AM

Quote:

Originally Posted by Tsast42

Good idea, the only thing is I don't think it has password protection. On the other hand it's only being used as a failsafe and as it'd be more work to turn it off than to just use the VM it could work, just save the virtual hard drive (of the VM) on a non-system partition so that it would remain constant between uses.

I wouldn't recommend application sandboxing for such a user, as such programs are limited by design: sooner or later the child is going to want to install something that won't run inside the sandbox because it requires some further measure of system access than is allowed by such software, and this is exacerbated on a 64 bit Operating System. The consequence is that he'll just install his junk outside it. A Virtual Machine allows him a lot more free reign.

On the subject of free reign another idea to consider is an internet filter such as Norton DNS or K9 Web Protection. These will block a lot of malware before it even reaches the computer and will allow for some measure of control over where he goes online: no child should be allowed uncensored viewing of the World Wide Web.

Norton DNS is good for minimal filtering of malware and pornography, it's completely automated and you hardly ever notice it as nothing is installed on your computer; a further bonus is that it speeds up the connection. Where it falls down is in additional content filtering: beyond malware and smut there's a third option to block what it calls 'non-family-friendly' sites, but as there is no installation on your system this cannot be configured and is very rough - it will stop the entire household from buying a lottery ticket or tobacco but will allow the viewing of nudity for artistic purposes

K9 Web Protection is designed as a parental supervision tool: the upside to this is excellent customisability and that it cannot be evaded and switched off without the password where Norton DNS can be easily removed with a few clicks. The downside is that it tracks and lists every connection that is ever made through your computer to another website: whilst it's true that you need to login to your account to view it, just the idea of having a huge undeletable list of every site your computer has ever accessed by time and date creeped me out. Of course this may be just what some parents will want.

Actually, Returnil has Password Protection

It will lock all settings etc.

blasev · #28 May 18th, 2012, 06:33 AM

install two os (both can be windows 7) on different drive/partition.
One for dad -> password protected log in, truecript the whole drive
One for son -> MSE (auto delete threat), set UAC so only signed app can be installed, + other security of your choice.
Image both drive for last resort measure

Downside :
Malware can still infect father drive/partition
But the son could have "freedom"

Ps: Until the "real malware" is terminated, I dont think you'll ever find the final solution.
Hints: wise and patience education can erase that kind of malware

Tsast42 · #29 May 19th, 2012, 07:42 PM

Quote:

Originally Posted by Yanick

Actually, Returnil has Password Protection

It will lock all settings etc.

Perfect combo then

bo elam · #30 May 19th, 2012, 08:24 PM

Quote:

Originally Posted by amiti

For now bufferzone looks promising but I am worried it is too bloated and thus wouldn't be stable in all situations.

I am not a big fan of BZ but I know someone else in another forum that had pretty much the same situation with his own kid. The kid was getting infected every month, that stopped when he installed BZ in the kids computer. Now the boy installs games and everything else in the buffer zone, keeping the system clean.

How stable it is? I don't know and I have doubts about the program but in some cases, like your nephew, I guess, it can help.

Bo

amiti · #31 May 21st, 2012, 01:53 PM

OK. I think I will go with Avast! free with Bufferzone and as a last line of defense an image backup of the system.

Do you think the general approach of bufferzone to see signed applications as trusted and unsigned applications as suspicious is safe enough?

bo elam · #32 May 21st, 2012, 10:37 PM

Quote:

Originally Posted by amiti

Do you think the general approach of bufferzone to see signed applications as trusted and unsigned applications as suspicious is safe enough?

For the reckless kid, I would uncheck trusting digitally signed applications. I would also enable application control to insure that any executable downloaded via a Buffer Zone program, runs in the buffer zone if executed.

Bo

MRF71 · #33 June 8th, 2012, 12:38 AM

Quote:

Originally Posted by Hungry Man

MSE. Low false positives so the kid isn't constantly harrassed/ loses trust in his AV.

Chrome with Adblock. No Flash/Chrome exploits to worry about and some Java exploits will break.

EMET. Prevents many Java exploits.

Not much else to do. I use this setup for old people/ young people and it's always worked well.

How do you setup EMET?

Hungry Man · #34 June 8th, 2012, 12:43 AM

Here's a guide.

MRF71 · #35 June 8th, 2012, 12:47 AM

Quote:

Originally Posted by Hungry Man

Here's a guide.

That was fast, thanks!

Will EMET and CIS and most security programs work well together?

Hungry Man · #36 June 8th, 2012, 01:53 AM

They should, yes.

MRF71 · #37 June 8th, 2012, 03:23 AM

Ok i'm just testing it out in vmware and my question is why is SEHOP and ASLR unavailable?

1chaoticadult · #38 June 9th, 2012, 01:22 PM

Quote:

Originally Posted by MRF71

Ok i'm just testing it out in vmware and my question is why is SEHOP and ASLR unavailable?

If you are using XP, SEHOP and ASLR are not supported.

MRF71 · #39 June 9th, 2012, 07:23 PM

Quote:

Originally Posted by 1chaoticadult

If you are using XP, SEHOP and ASLR are not supported.

Ahhhh ok so just turn on DEP to always on and that's it?

1chaoticadult · #40 June 9th, 2012, 09:41 PM

Quote:

Originally Posted by MRF71

Ahhhh ok so just turn on DEP to always on and that's it?

Nope, also add internet facing programs such as your browser(s), pdf reader & media player(s) in the configure apps part of EMET.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search