Extremely user friendly setup for a noob?

It sounds to me like the user of this machine is not going to profit from any security tool that needs user input at all. In fact, it sounds like the user is apt to do all sorts of things that do not promote his security.

With this in mind, great tools like DW or SBIE are likely not going to work. Niether are geswall or prevx, or any other tools that require the user to have some wits about them. I agree they are great tools, and one doesn't need to know a lot to use them, but, one must at least try. This user sounds like they just want to click and click and not take any actions to learn.

I suggest a simplistic approach of Shadow Defender, or one of those types of tools. Set the password so the user cannot change it. Give the user some exclusion directories where thier items will be saved. If there are problems with that, then the user should be left on thier own, as no amount of support is going to keep them problem free.

Using LUA/SRP would make it more secure, but just how much hand holding can be done here? If the user does not have the wits to stay problem free, and you resrict them tightly, they are going to get the ghostbusters slogan working for them
"Who ya gonna call?" (hint: it is YOU)

Know what I mean?

Sul.

 

OR:

Norton Internet Security 2011 + IE9 or Chome (With Adblock and WOT) + Autorun Disabled!

 

Your exactly right!
I thought that Geswall set on high with no pop-ups or questions would more or less do the same thing as defence wall\sandboxie minus the pop-ups, frustrations of virtualisation as far as isolation\restriction goes. However he can still view and download pictures and movies from the internet without restriction. (which is what I was worried about with sandboxing, he'd lose those if he closed the browser and get annoyed and forget what I taught him)
I'm going to d a few tests and see the pop-ups


I did consider shadow defender... my problem was that He'd have to remember to right click a file to recover it. Hence I chose CTM, Virtualize his system partion weekly and leave data partion free..

Thanks everyone this has been really helpful to me, I forgot about DEP.

 

I set up a new computer for my Daughter's kids. They spent their time playing kid games on the internet accumulating trojans and various malware. After they got a trojan that brought the computer to its knees, I got them all fixed and installed Shadow Defender. They are instructed to enable SD every time they go on the internet, and it is set to clear on shut down. Now no matter what infection they get, it is gone at shutdown. All has been quiet for about a year. I also installed MBAM free, Superantispyware Pro, and Avast! just in case.

 

Thx and I think that ShadowDefender is a great program with lot's of customization. The thing is though that the only ever time he goes on the laptop is to go on pron sites and chat rooms, So he saves pictures and movies every time he is on the pc. Every picture and every video would need to be recovered each time he goes on... Major hassle!

Honestly, I don't think anything he does anything legit.
He basically wants to continue what he's doing and be protected from it... I'm hoping GesWall fits the bill, 0-pop-ups unless it's from an installer which clearly states that it's unsafe. Then CTM to back it up and an free-av.

Even If Geswall\av fail then hopefully CTM will be able to recover. But I know how comodo can be..Maybe that will be why the pc' crashes next and returns to me

 

Hmm. I have a solution possibly with these facts you have given.

Install Shadow Defender. Make an exclusion for a special directory, perhaps a "my downloads" or something of that sort. Show the user how to "save as", or just set the browser to don't ask questions and download everything to this downloads directory.

If the user is incapable of knowing where to save something, then give up, you are never going to win this one. But, if he can learn to "save as" all those things, it is seamless. ShadowDefender won't need to "recover" anything, as the exclusion tells it to not "shadow" that directory.

End result, the user downloads all his crap to one place, and that one place is not touched be a reboot, but the rest of the system is restored to its safe state. Make an exclusion for his browser/profile if you need to, for bookmarks and updates. Also make an exclusion for real data (like schoolwork etc) if the user actually uses the computer for such things

Bottom line, you can make this very easy with Shadow Defender if you would like. Just don't give him the password if you don't want to be performing surgery whenever the user feels like "playing".

Sul.

 

Agreed.

 

I find these to be very non-invasive:
MVPS host file and/or spybot host file.
MSE. Use the automatic task manager to set it to update often. Also have it run scans weekly.
UAC max (and explain what UAC does and why it's important)
Windows update on automatic.
IE9 or Chrome beta. WOT + Javascript globally disabled.
Cloud DNS or Norton DNS.

Honestly, the biggest issue for people who have no clue what they're doing is keeping them away from threats. That means cloud/norton DNS and a host file are your best friend. UAC is good until the user just starts hitting YES over and over without looking.

AV's are just cleanup tools, even if they're realtime. So that's helpful but prevention is far more important.

HIPS is so advanced in pretty much every case, even if you set it up for them.

 

I wouldn't help him find ways to look at porn. Getting infected is Gods way of saving him from himself. Besides looking at porn will make you go blind.

 

@Hungry Man: AVs can prevent malware before they do anything, and can even prevent connection to the malware download. Therefore they're not just cleanup tools, although only blacklisting is still relatively weak.

@twl845: Not related in any form to security. Staring at your shining avatar is more likely to make people go blind.

 

Hey sully that's a good suggestion. I've thought about excluding his user profile, That way things like bookmarks, wall papers, downloads pretty much anything should stay as he left it apart from the core system which really matters.

Ofcoure, the downfall would be windows updates...
Should I just turn them off? They're gonna be wiped at each boot and I doubt I can teach him how to disable shadow defender for updates

 

Here is another option.

Shadow Defender is installed and in shadow mode 24/7. Allow user to do as they please.

Create directory where important data is kept, make it an exclusion in SD. Teach user to save all personal stuff here (documents/photos etc).

Create downloads directory. Make exclusion to it in SD. Teach user to download everything here.

Install Sandboxie (paid), and force the downloads directory into sandbox. User browses outside of sandbox, so no recovery needed. But if user follows protocol and downloads everything to downloads directory, then user can still execute at whim, because it all starts in a sandbox. Nothing to recover.

Optional, exclude the sandbox directory in SD, then when user installs a program, it is kept across SD reboots, but confined to within the sandbox. This means teaching user how to use sandboxie start menu or create shortcut for applications etc that are within the sandbox.

Sul.

 

Regarding updates.

This may not be a popular suggestion, but I don't know what good they are to someone who clicks on anything and most likely surfs to websites that are statistically the most likely to be malicious. If it were me setting it up, I would trust SD or SBIE over OS updates in this case.

Sul.

 

agree sully