Dealing with people who bypass security measures

I could use some advice.

I administer a couple small networks around town. I have them locked down nice and tight but not to the point that I probably should. One computer in particular is run by someone who defeats my countermeasures at every turn.

My standard loadout is NOD32 and MS Antispyware (hardware firewalls in place), with weekly runs of Ewido. For the non-profit budgets of these groups, that's fine and there are rarely if ever any problems. But, as I said, there's one user who turns off the protection or clicks "Allow" any time they see a cute screensaver or a rotating wallpaper program.

I'm tired of going in and cleaning this computer out every week, especially since I'm maintaining that network gratis. What can I do to deter this one person from making my life a living hell? If I have to remove one more toolbar or get rid of another trojan, I'm going to push the keyboard somewhere it doesn't belong.

Your help and advice is appreciated.

 

Just tell this person that if they persist in doing what they are doing they will have to find another IT person.

 

Definitely. This wouldn't be one of those problems that I'd try to solve with software. If someone is deliberately being obtuse, then deal with that person or have someone above him deal with it.

 

Believe me, I wish it were that simple.

The affected computer is at my church. It's a rural community without much in the way of tech support. If it weren't for the fact that dropping that job has major repercussions that could result in nastiness and me possibly having to leave the church, then I would have dropped it a while ago.

The secretary has basicly said that since she's the only person who uses her workstation, she can install on it whatever she wants. She's been around a lot longer than I have, and it's made setting up a Acceptable Use Policy beyond difficult.

Ergh, the things I get myself into.

 

Indeed. Or charge them at $80 per hour for rectifying anything that could have been avoided had your security measures been left fully operative and unabused. Otherwise thay are just taking the p*** and getting away with it.

 

The secretary needs to feel the repercussions of her actions. When her computer is no longer functional and she needs it, and you, you can negotiate from a position of strength. Also you might want to discuss it with the minister/pastor/priest. Do you physically go to the site? There is remote administration software you can use.

 

Her attitude reflects a prideful and rebellous attitude. Very different from the way of a true Christian.
You are doing her a favor by keeping the system operational. If it were me, and I belong to a church, I would tell her and the pastor that if she persist in the way she is operating, then the church is on its own as far as its computer is concerned.

When she has a problem that is likely a result of her way of operating in contradiction to what you have told her, then tell her to find someone else to fix it.

Now if you do not desire to take such a course of action, just fix it when it breaks and don't complain.

Jerry

 

How about running something like

https://www.wilderssecurity.com/showthread.php?t=105416
or
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp

or
Defensewall or PG guard (with user account - no gui cannot run new installers)

Or

maybe one of the freeze apps like first defense - shadow user

 

Don't drop the job because you're frustrated (even though you are). Drop it because it's become too much work for you to do (which is also true). Don't turn it into an issue. If the secretary wants to turn it into an issue, that will reflect on her, not you.

 

I am missing something because it is too simple of an answer . Actually , a couple of options . One , of course , is to charge her $$$$ for having to clean up her crap . The other is , you have already cleaned it up and now , when it gets screwed again , tell her you are sorry but , you cannot work on her part of the network anymore . Besides , you say you do it for free . I DO NOT EVEN THINK SO !!!!!! She has an attitude . Soooo , charge the B%$#@ !! Simple . Any questions , explain the deal .

 

My friend is head of IT at a small firm, the way he has gotten around such issues is telling them that if they do such things then they are on their own, that he will not help. So far it has worked quite well for a number of years.

I would write it out how much she is putting at risk by doing this (such as the CWS identity theft ring).. that the primary motivation for malware is money, and they will not have any problem using any information they get from that computer. I would make a write-up of all the risks and all the acceptable use policy.

I think the most important part of this would be yoru presentation. When presenting the idea that you won't be there to clean it up, I would put it in terms that you simply do not have the resources to continually clean up a compromised machine, that malware is extremely difficult and time-consuming to deal with, and that the guidelines put forth are in the best interests of everyone involved. It will take everyone to make the systems work smoothly.. and that means not treating it as a personal machine, however does not exclude some personalization (maybe bring in some disks with screensavers and such, or offer some safe download sites). I think if you present it that way, a call to "pull together" so that no one person is put upon too heavily, that you should be able to make some headway while gently pointing out the selfishness of her actions without having to address them directly.

If all else fails, you could put together some gateway content filtering. This can be done cheaply with an old machine and a free or low-cost proxy. If you don't already have this, it may be something to consider anyway. Unfortunately I don't know of any off hand, but if you really need it I could try to help you hunt some down. I would also definitely password protect NOD32.. if you need a reason, say that it's to protect it against malware.

 

Set her up with a limited user account on WinXP and/or configure NOD32 with password protection. Configure her email such that it restricts the execution/opening of attachments, if possible (some allow this such as Outlook and Outlook Express). There are definitely some technical steps that you can take. Most aren't necessarily 100% foolproof, but many would at least force her to be as knowledgeable as you... and she doesn't sound too bright if she continues to neglect your advice and get socked with malware on a weekly basis.

If technical solutions aren't of any use for whatever reason, and dumping her as a client is out, and charging her fees for your time is also out... then at least document every minute you work on her machine and clean it out. You may also want to save results of your malware scans and result logs. Also, and this is VERY important, make her sit there with you for the entire time that you work on her machine. Don't let her go drink coffee, go out to lunch, or go shopping. Make it her time she is wasting as well, not just yours. Invent some excuse if you have to. Tell her you are just trying to educate her or something. But, do not let her leave. In fact, make it as painful as possible, tell her boring stories about computer viruses and lecture her on the various forms of spyware.

 

I forgot about that, you could set up software restriction policies with XP SP2 so that those things won't even run.

 

how notok?

 

There are tools especially for this.

Tools that are used in schools and InternetCafe's.

Take a look at tools like:

Deepfreeze
Shadowuser
Illusion
Watch-IT

They all are made for students.

They work all like this.
You install the computer the way it should be.
Then you 'freeze' the current situation and let the student work
(he may even remove windows files)

After the usage, you switch back to the original state.
Data can be stored in one directory or more that is excluded.
But is no Windows System Directory.

If you need more info, pm me.

 

Using Software Restriction Policies to Protect Against Unauthorized Software

 

Good suggestions. Now that you mention these utilities, I might also add the Microsoft Shared Computer Toolkit to the list. I haven't really used it, and I suspect it's not as thorough as some of the programs and utilities you mentioned; but it's an option for those that might prefer to stick with a Microsoft sanctioned utility.