Porn Site Blocking

Working on a friends PC that was infested with Trojans and Spyware.
He has a few teenagers around that love to go where they shouldnt.
Machine is running XP Pro w/SP2
My short list for security includes the following.
AVG AV
Windows firewall (family is computer illiterate and the popups from a 3rd party firewall will drive them crazy, that and they are behind a router)
Spyware Blaster
IE-Spyad
Windows Defender
Hostsman with all hosts files checked.
Anyone care to add a few other hands off free security apps to this mix?
Also is there an updated hosts file that focuses on porn sites?
Its unfortunate that you cant add a host list to the update list in Hostsman.
He was using Bsafe online and wanted me to reinstall that but it looks kinda cheesy to me and im sure there is something better and free that will do the job. http://www.bsafehome.com/

 

Install Firefox 1.5.0.2 from http://www.mozilla.com/ and set it to block all popups (if not already installed).

Install limited user accounts for the youngsters, and also change the Admin password (with your friends knowledge) so the teens can't go around changing system permissions.

Use GroupEdit, gpedit.exe from the Run command to set executable and installation permissions.

If your friend paid for Bsafe, you should probably install it.

Better and free doesn't always mean BETTER! Free doesn't always mean there isn't a price to pay!

-- Tom

 

Thanks for the info Tom i forgot to mention they use AOL and are against trying anything new.
I may try to convince them to give Firefox another try. Any thoughts on the Host file questions i had or about implementing one if they want to stick with Bsafe?
I was thinking on doing the limited account set up, but the teenagers know and do more with the PC than my friend does and i suspect he will cave in to pressure to give them admin rights.

 

The reason for all of the trojans and spyware is the use of Admin account priviledges allows them to install. The single best thing to protect the system is to implement the limited user accounts - period. Make your friend take a stand, and make sure you charge him for the service if he even thinks about caving. Just inform him how much your fees are going to be for re-visiting his computer to clean it off and fix it for him. Make it worth his while from a monetary incentive and he will see the light!

You could also install DropMyRights and SetSafer from Microsoft:
* Running a Web Browser from an Admin account with reduced permissions
DropMyRights.msi: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp
SetSafer.msi: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/safer.asp

If so, then you'll need to install Process Exporer (freeware) from sysinternals to set the limited user rights for both IE and Firefox on the executable, and also use the Local Security Policy to add two extra rules for those executables.
http://www.sysinternals.com/ProcessesAndThreadsUtilities.html

Read up on it before doing it. All Internet facing applications should all be included in the extra rules to limit the apps to Basic User rights - email client, web browsers, IM messaging software, etc.

The limted accounts are about the only way to reign in the teens - make sure he won't budge on this!

As for Hosts files, here's a few websites you can explore. I used to use the 1.4MB one from the .nu website which also requires the DNS Client service to be turned off from starting (either manual or disable) to prevent startup and login times from exceeding 3 minutes or more.

Hosts file: http://remember.mine.nu/ [WinXP: disable DNS Client service]
Ref: http://www.neowin.net/forum/index.php?showtopic=326491, i.e. discussion about DNS Tweaks and Client Service

Hosts file: http://www.mvps.org/winhelp2002/hosts.htm or hosts.zip
MVPS Hosts file: http://forum.aumha.org/viewtopic.php?t=15921&sid=c3c390156c8dda6afdfa641612ec9d3e
Hosts file: http://www.dozleng.com/hpguru/
Hosts file: http://accs-net.com/hosts/get_hosts.html
Hosts file: http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hosts
Hosts file: http://www.bluetack.co.uk/forums/index.php?showtopic=8406
Hosts file: http://www.richardthelionhearted.com/Hosts/index.htm

Whatever Hosts file is installed, make sure either the AS or firewall can protect it - Spybot Search & Destroy lets you make it read only, ZoneAlarm Firewall has a box to check to protect it.

As for Porn blocking - I'm not sure that any tool can prevent it all - not a Hosts file or Bsafe, or any other tool mentioned.

-- Tom

 

Wow some great info Tom. Do you have a host file manager that you use or recommend? The Hostsman one i started using recently works well, automatically disables the DNS client service , has an update feature but only for selected site lists, allows editing of the host file, quick disable of hosts file, and locks the hosts file. I had used bluetacks list along with a host manager one of their forum regulars made but it was specific to bluetacks list i believe.
Id like to make it relatively easy for my friend to update, edit etc.

 

MVPS Hosts is a good one. Updated about monthly.

Just make sure the consequences of not using limited accounts for the teens is well-understood by your friend as it is the first and best line of defense against the nasties to keep them from getting a foothold into your friend's computer. Also, teens will be teens - waddaya gonna do? Sigh...I remember sneaking Playboys in my youth.

-- Tom

 

LOTL my mom is like that with AOL also after using it for SO many years shes scared of using another browser when everyone else uses firefox

 

jah unt cheater loves to look at lots of porn

 

porn sites install spyware i don't go to them

 

Hi, cheater87

You not from Birmingham in the UK then.

Take Care,
TheQuest

 

Hello,
Porn sites do not install spyware - people install spyware.
Just use non-IE when you browse porn sites and you're cool.
Mrk