Home User Education

I have been toying with idea of doing a public service gig at my local public library by offering a free very basic security workshop for non-technical home users.

Topics to cover?

Windows Updates

Windows Firewall

AntiVirus Software (Yes, you do have update the definitions. Yes, you do have to renew subscriptions.)

AdAware

Spybot

Spyware Blaster

Don't visit porn sites, hacker sites, gambling sites, etc.

Any other suggestions?

 

If you have data that you value at all, back it up regularly.

That should be the first point...

 

Don't forget email, another avenue for infection...

 

Excellent point.

I'm not sure how to handle this one at the home user level, though. Most people could handle some sort of point and shoot full system back up, but the complexities of selective data back up might be a bit more challenging. And with the P2P stuff that kids install, it is not uncommon to find 30 Gb + user profiles, so with a point and shoot full system back up, there is problem of back up media size. (Edit: I don't see many home users forking out for SCSI cards and SDLT drives and tapes.) There is the irony that if you have the skills to select the files that need backing up, you probably don't need help doing it.

This topic would probably make a good workshop on its own.

 

Also an excellent point.

Most decent AV programs have some basic level of e-mail protection. But they don't usually cover the hazards of SPAM.

I have set up the freebie MailWasher program for some lowtech users and tweaked its RBL settings, but even the lovely simplicity of this nice little app is a tad mind bending for some users.

G-Lock's anti-Spam freebie is better in terms of features but much much worse in terms of user interface -- a very scary looking program for home users.

 

Don't forget browsers. I would also go through what each of the kinds of threats are, explain the differences between virii, trojans, worms, adware, spyware, and rootkits. You should also go through configuring the system to display file extensions and explain what extensions are what, and especially double extensions. You might print up some material that they can take home with them, so they have a list of what common extensions are. After explaining that, going over backups shouldn't be as difficult, becase at that point they will know the difference between file types. People are also usually well aware of what documents are important and which ones are not. You could include some free backup software that would make things a little easier, XP (and I believe 2k) users also already have the built-in backup program (in the Start menu under Accessories > System Tools) that will walk them through the process and make it a little easier.

What I would do is pick up a copy of "Windows Security Inside Out" and take a browse through it. It covers all of the basics (and expands a little on some points). This would be a good way to see what all needs to be covered, and may give you some of the finer points that are worth addressing.

 

A lot of excellent and detailed suggestions.

Thanks for your time here.

 

And an excellent idea, houseisland.. let us know how it goes!

 

Indeed it would make a good topic on its own, but that's no reason to discount its importance in the great scheme of things.

I guess the thing I usually ram home is that anything the user values is in danger as soon as it's on the PC, since malware, disc failure and so on are always there waiting to pounce and destroy their data forever. Now, whereas the MP3s that the kids download are "of value", in the great scheme of things they are really expendable since they were merely downloaded and can always be downloaded again. The same goes for anything which has been simply transferred to the PC from DVD, CD, internet download and so on - the originals are usually still available and the data can always be reloaded.

The data that is really "priceless" (thanks, Mastercard ) is that which the user has created themselves and which doesn't exist anywhere else, or indeed data that can't be obtained again, ever. Such as the book they are writing, their thesis, their accounts, their emails (although these are usually ephemeral and in any event usually exist on other computers by virtue of their very nature), artwork, digital photos, MP3 that they created of their own band, and so on. This data needs to be backed up ASAP. Most PCs these days have DVD writers and except in extreme cases, backup to DVD-R/RW is feasible, easy and it works. Again, in extreme cases, a decent backup app will span the data over more than one DVD so that 30Gb isn't impossible to backup, but in that case it's a time-consuming chore.

I guess you need to impress on them that a backup will take around 20 minutes to configure initially, then about 1 minute to set off each time and another minute to remove, label and store the media. How long would it take to re-create all of their missing photos or accounts...? It's no contest, bearing in mind that disasters do happen and will happen to them, it's simply a matter of when not if.

Here endeth the lesson.

 

Hi,
Maybe also:
Passwords for default Admin and all power + users.
Disabling Guest account.
How to format and install Windows?
How to handle java and javascript - also Sun Java updates.
Various important plugins that can be a serious system liability, like Flash, QuickTime etc.
Adblocking.
Mrk

 

Preaching to the choir here!

 

Hi.

Is this for real? I love it!

"Gateway 2000 DX-33, Intel 486DX-II 66MHz, 16Mb EDO RAM, 520Mb HDD, 1.2Mb 5.25" floppy, 1.44Mb 3.5" floppy, 8x IDE CD-ROM, 3Com Etherlink III 10Mb NIC, NE2000 Compatible 10/100Mbit card

MS-DOS 6.0, Windows 3.11 for Workgroups, Norton Commander 7.0"

What are you using for a browser with these systems? How do you lock them down?

 

Hi,
Sorry to disappoint you, buit it's no longer for real.
I used to have a machine like that - and I wish I still did.
But I guess Lynx might work with a setup like that.
Mrk

 

Disappointing, yes.

Until very recently I had to work with DOS a lot. Novell and MS clients, mainly industrial plant floor systems.

At home I have a couple of DOS boxes and a 486 laptop with DOS.

The laptop serves as some primitive XBox/Playstation on which my kids play old DOS games. They are greatly amused by the low res graphics. Lemmings is a hot favorite.

 

Hi,
I wish I had a pair of DOS boxes. It would make for excellent Doom2 LAN parties.
Sorry, parallel cable parties.
Mrk

 

Oh, the bandwidth..

I feel so intimidated by you high tech guys. My null modem cable is a social embarrassment.

 

Hi,
Know where to find a decent DX4 133Mhz? Or two?
Mrk

 

I have long ago disposed of most of my vast surplus of this stuff. I have one extremely quirkly little Zida Tomato 486 PCI board sitting doing nothing, but I am reluctant to part with it. I do, however, have a spare DX4-100 processor and lots of 72 pin fast page (and some EDO) ram, 4 mb, 8 mb, 16 mb, and 32 mb. You are welcome to the processor and a sampling of the sub-32 mb ram for the cost of postage. I am reluctant to part with the 32 mb sticks.

 

Hi,
Thanks for the offer.
I meant do you know places that sell retail antiquities like those? A good place to look for?
Mrk

 

I don't know where you are. If you were in North America, I would suggest charity thrift shops -- Salvation Army, SPCA, etc. Most PC recycling shops don't even want to deal with Slot1 or SlotA systems anymore, never mind 486s.

By the way, I miss my Commodore PC-20, a killer XT with an awesome Western Digital (non-Raptor) 20Mb hard drive. My mother-in-law killed it by moving it while it was powered up - crashed the heads on the hard drive.

 

Tell users to IGNORE and DELETE any email from an unknown source IMMEDIATELY without even opening or reading them.

Spam-emails want your money or identity or want to infect your computer with malwares.
Some spam-emails can even infect your computer by just opening them.

An Anti-Spam software is only a tool to make it easier, but doesn't protect you from reading and believing them.
Lottery scam emails cheat people for millions of dollars every year and that is just one type of spam-email.

 

The problem with the simple advise of deleting mail from "unknown sources" is that it's trival to forge the from header, so that they appear to come from known sources. So you can't avoid opening and reading such mail anyway.


Also, even if it is truly from a "known source", doesn't mean it's trustworthy. We all know about cases where a friend's or a friend's friend computer is infected ......

Also , who makes the determination what is spam? In most cases, you need to train the spam filter , by telling it what is spam and what isn't. That means you need to read the mail first. A strict whitelist only feature might work, but it also means losing out on the occasional , useful first contact scenarios.

I believe reading spam isn't usually a problem (in particular if you read only in txt mode ) , believing the spam and acting on them is the problem.

Users are not as stupid as you think they are, they just need to learn to be skeptical. Telling people to delete immediately all email (not attachments!) that looks suspicious without reading it, leads to an irrational fear of email and spam, as if they were some magical disease, that you can't even risk opening and reading.

Wow, i opened an read an email on viagra.. I'm doomed... lol.

The solution is more user education, so that they are not fooled by cons. It's kind of like building up resistance. And you can't learn, if you delete all emails.

Telling people to delete all emails without looking , is like ostriches burying their heads in the sand in the face of danger.

Someone who hasn't seen a con about "appeal for donations" is more likely to fall for it than one who has seen such tricks.






For those who are truly too dumb to learn, there is no way to protect them anyway.

 

Hi,
Opening mails on viagra, eh?
Is there something you ain't tellin' us?
Mrk

P.S. Best solution - don't have friends - you won't get any emails you won't mind deleting.

 

good little thread, given me an idea to do similar (could be dangerous!, blind leading the blind Heh.)

Just a few thoughts....

I arrived here some time ago after a run with CWS and steep learning curve

Had never heard of nor knew about spy/mal ware had foggy idea about virus and e-mails. Not a techie.

Thought out of box Symantec was enough

All good little teasers and suggestions so far

From recent experience, and the things that have helped me;

People love free stuff!!

People will want to be secure and will love "playing" with their free/donation stuff and feeling in control.

Firewalls, SpywareBlaster, Lavsoft, Spybot, Firefox (push that a bit )

Windows updates, patches

AVG, Bitdefender, UnhackMe, KAV onlinescans, Ewido, A2 etc

Give your listeners a sense of some control over their boxes

E-mail: TEXT ONLY, anybody who sends anything else is generally NOT your friend

The dangers of Outlook and O.Express

so many great paid for stuffs with great support;
spy sweeper, Ewido, A2, boclean, NOD/Eset, OnLine Armor

Privacy control, Browser setups, clean your tracks, Passwords, Credit Cards

Eraser etc

Internet is the ultimate "caveat emptor"

Resources: HERE, Castlecops etc

Microsoft is not the be all and does not always have consumer interests at heart ??!!

?Get a MAC?

More RAM

USB drives for back-up

A little knowledge can be dangerous but if I can stay clean for over 2 years, (AFAIK LOL) i'm sure almost anybody else can and can actually have fun!!

Obviously this is not meant to be a comprehensive list, just some personal observations and experiences.

Anticipate sudden surge of new registrants here

This might be a good starter www.securitypipeline.com/177100475

Regards.

 

I have a black/white attitude towards emails. If I don't know the sender, it's crap.
If I answer them, I get even more spam-emails.
If I unsubscribe, I get even more spam-emails.
Name me ONE good reason why I should read these emails, except curiosity, which I don't have.
I don't want anything from the sender, but the sender always wants something from me, usually my money.
I'm not interested in their obscure products/services and even when I would miss a good opportunity, I wouldn't care. I can live without these emails. If it's spam, it's scam.

That's my way of fighting against SCAMMERS/spammers : IGNORE and DELETE.
Everybody who doesn't, keeps them alive on the internet.