Help set-up pc restrictions or simple LUA for a family pc.

Hi;

Can I ask help on how to set-up restriction or a simple LUA maybe for a family(common) pc?

A friend needs it but I am not very keen on it in fact have not attempted to use LUA yet (..I hate UAC in Vista/I restrict myself and I am the only one that uses my pc, use layer security as recommended here!). His teenager uses the family pc and often times after surfing the web or she using it the pc gets infected or something paving the way for my friend to bug me to find out what happened and do some kind of repairs. Lately the repairs where going towards reformatting the whole drive. It has been 2x like that. When you ask the damn kid what she did...she says, "..didn't do anything stupid here..etc..:-( Really...teenagers these days...

My friend is not a "techy" on pc's but a damn genius with car engines!

I plan to introduce GesWall to them but have just started using it. Maybe the freeware can help them out....but I do know it's not enough. Returnil 2010 maybe okay but since they have not experienced using it or any sandboxing virtualization software yet, I fear it will be more than an additional chore on my shoulders.

What do you guys think of this? Virtualization or simple sandboxing? or LUA? Confused here...

Have really not set-up anything except mine and with my preferences but when I started helping him out...wow.

His current set-up is Avast free ver5, Windows firewall(default) --have set-up OA free but the pop-ups made them think otherwise, Mbam/SASpy free. Planning to let them use a spare license of Avira Premium so they will have Webguard and GesWall...They have XP SP3, 160gb hdd, 2gb ram, an AMD something dual-core.

But again I think this is not enough for that pesky kid. Can you help me on a set-up so there will be less work for me?

Virtualization? or LUA? Kindly show me the details on how the set-up will go please....I would like that very kindly...very much.

I have ATI-WD/DiscWizard software and I've encouraged them to use it but their hdd is an Hitachi. Full image backup beats reformatting a drive and loading all the programs anytime/any day. Doesn't want to buy an additional Seagate/WD hdd for back-up also...jeez. His back-ups come in the form of flash drives and DVD's. Only on files. Not a system backup.

I want to help my friend out. He's good and he helps me with my car But I'd like to help him out so there would be no hassle/annoyance on my part. It's getting to me...lately I stayed up late reformatting/loading programs with beer can in tow only to find out the next week that the pc is broken again..wow! Must have done 4-5x already.

This has been a long one and I hope you gurus can help me on this. Approaches/tips, how-to-setups will help greatly.

Thank you very much!

 

I dont get the hate against LUA by windows users...

You are not restricting yourself, you are just placing a policy in place that if some software wants admin privileges, it needs to ask you first. That is all..

PS: Also check out SuRun utility for giving admin privileges to software in an LUA account.

 

I don't think they hate LUA so much as hate the hassle of LUA because they are so used to executing anything and everything they desire. There are a lot of download junkies in the world you know.

To the OP, you might as well follow a KISS plan.

To choose between GesWall and Sandboxie, from my experience, SBIE is the hands down winner for people who don't know what is going on. I feel it has a much more shallow learning curve.

Between LUA and Admin, obviously LUA would be the wise choise. Used in conjunction with something like SBIE, the user would probably not even know they were a LUA if most of it were kept in the sandbox. Some extra time spent explaining where the files are actually kept and how to retrieve them is useful.

You might consider as well using Shadow Defender or ReturNil. For example, you could make exceptions for many areas that this user might need, and leave it on 24/7. Or just use it when that user is logged in.

If the user is allowed to elevate via UAC or SuRun or whatever, and there is no sort of other protection like SBIE etc, then the game is over, the process is given full rights and does what it wants.

Sul.

 

Would be helpfull to tell what OS they are on.


Simple setup for people who do not want to run Admin and want freeware:

Run Admin
1. Comodo Time Machine (free)
2. Hitman Pro free with daily startup scan.
3. PrevX Safe Online Full - Facebook freeby

For CTM to work best, you should have a programs partition and a data partition. Also CTM sometimes ruins the MBR. Cloud based AV's mean less updates of the C:\Program Files = more efficient CTM (less updates = less bytes to replicate). Off course any AV of choice would do. When any of the two find something (PrevX heuristics: high, heuristics AFTER age, Age set to MAX, popularity LOW), just revert with CTM to snapshot. Set CTM to make periodic saves of snapshots. Set passwords on CTM (admin and user, make your friend admin, users are only allowed to take snapshots and revert).

Alternatively just run Returnil free Home version (it has AV included). Have the disk virtualisation allways on (only works when programs and data parition are seperated, otherwise they loose data files). DIsable automatic Windows update. On wednesday set Retunil virtualisation OFF, update windows, set it R on again.

 

This harmonious combination of simple yet sound security gets my vote.

 

Hi guys:

Sorry for late reply. Thank you for the replies/tips/approaches.

@wearetheborg;

While I do not hate LUA, my friend may not like it that is why I was asking some tips on maybe making LUA more likeable for him. He's not a pc "techy" but he's one hll of a car techy! Engine mods everything you name it(..kind of a technician for The FAst and the Furious cars..lol)


@Sully;

Yes...hassle of LUA but this will try foe myself before I recommend it to my friend. I also agree that Sandboxie is the hands down choice but my friend will not purchase a paid license...I know the guy...and as I know the free version of Sandboxie only allows you to create "one" sandbox/use 1 sandbox at a time. With GesWall wether you have FF, Google Chrome, Opera, IE it will place it under GesWall protection. But the learning curve is not so smooth also the forum out there needs a bit of help. In my experience that is only what I prefer in GesWall --freeware can isolate FF, Google Chrome, Opera, IE etc (with the exception of Iron --had issues with it) all at the same time. But in Sandboxie paid yeah anything especially the setup guide here at Wilders is superb.

Am leaning on Returnil free AV disabled. I'm gonna post at the Returnil forums on this topic.

@Kees1958;

As mentioned I am leaning on Returnil free. Nice approach. I am using the same set-up minus the AV. I use Avira Premium and APSS on the other pc. What may I ask is the difference of the HomeLux edition from the Returnil freeware? Also, do you know how to password protect GesWall free? I dont remember it having that feature...hmmm.

@wat0114;

Yes, seems interesting to try in one of my set-ups plus Returnil Home Lux.

----

Thanks all!