need a bit of help for a kids only PC

ok i have installed the javacool, adware, spybot software. and what i really need is a firewall/content filtering/ and AV. i want something w/ low resources. my thought was to go w/ something called ContentProtect for the filtering and some AV software (NOD or siimilar). but if i could find a firewall that content filters as well as ContentProtect then i'd just get that. otherwise i'll use the firewall on the Buffalo wifi router. i ruled out using hosts files for the content filtering...this is afterall an impressionable little kid...trying to make it as foolproof as possible. and the PC is in a visible area.

 

If you want to go a little more advanced (and expensive, not too bad though), you could try WinProxy Set it up on a dedicated PC and it won't take up any resources on the client PCs, and will filter any/all of them. It also automatically updates.

Here's something that looks a lot like ContentProtect, without remote administration, for free: http://www.snapfiles.com/get/iprotectyou.html
(Paid version available. I haven't used this, so I can't really comment, but I thought I'd throw it out there.)

 

One important question - do you want to be able to lock the settings so that only you can change them? If so, you need a firewall with a password-protection option. Kerio (full) and Outpost Pro both offer content filtering and the option to password protect their configurations (Outpost does currently have a special offer of lifetime upgrades if you purchase before January 10th which you may find worthwhile).

More powerful content filtering can be done using standalone applications like Proxomitron or WebWasher Classic but these do not offer password protection. Even if you do decide to use these, a software firewall is still important to control what applications on your system are allowed Internet access (router or proxy firewalls cannot provide this level of control).

 

well the thing is that the 10 year old and the 20 year old share the same computer or maybe on the same computer. so i want to restrict the content filtering on the 12 year olds windows profile as she is only allowed on one PC. so the older one can have his own freedom...hey he's old enough to do what he wants and i don't want to regulate him. so something for that scenario would be good as well. i run the XP Pro firewall so that should be good enough for a firewall.

 

You could discreetly point him in the direction of Wilders anyway?.....For a bit of security know-how?

 

Maybe what you really want, then, is a filtering browser..
http://www.snapfiles.com/get/atkids.html

Getting the older one to be security conscious would probably be the best idea, too. Even if you don't want to restrict the type of content he views, you still want to keep the system secure.

I also wouldn't discount a good firewall, either. If something unknown wants to connect out of your computer (XP firewall really only protects against incomming), you are going to want to know about it.

 

Another option would be Norton Internet Security which has parental control and would allow you to set up separate user accounts with the appropriate settings.

Regards,

CrazyM

 

Or you could use two separate Windows accounts... one for the young gun that has proxomitron enforced and has processguard free set to protect proxomitron from exiting

 

Are they likely to be using Fast User Switching? If so, then this may complicate issues.

It beats using nothing, but has serious shortcomings on the security front - see the SP2's new firewall: Not good enough article for more.

If Norton can be set up to use different configurations with different Windows user accounts then that would be a definite plus for this situation - Outpost cannot do this, nor can I find any reference in Kerio's documentation. Would it be able to work with Fast User Switching though?

While an interesting approach in theory, this setup has two problems in practice. Proxomitron can only be "enforced" if browser proxy settings can be locked (though using a firewall to block browser network access to anything other than Proxomitron would do a similar job) - even then Proxomitron's configuration can be changed by any user since it offers no password protection. Secondly while Process Guard can protect programs from being terminated by malware, it does not stop users from closing them as long as they respond to Process Guard's confirmation prompt.

 

Unfortunately I am not that familiar with the parental controls in NIS. It can be linked to user accounts already configured in the OS or as separate user accounts within NIS. It does add to the install size and the updates can be substantial as well, but is to be expected with the amount of content to be covered. The NIS proxy also filters the common instant messaging ports.

Regards,

CrazyM

 

to be honest, i built their PC recently. i actually haven't bothered installing much protection on it as i've been real busy. but it has a few anti spyware programs and that's it. so i guess i could use the whole nine yards...AV, firewall, filtering. i was looking at zone alarm protection suite(?). it has everything included, but i don't know if i'd trust the AV. but it seems it would do everything (IM security, AV, filtering, firewall). i just don't know how good the parts are. maybe separate components is the best.

i don't understand. how does Proxomitron actually work?

Norton...haven't used them in 6 years. to bloated now.

i researched ContentProtect. they apparently are being used in the Disney DreamPCs. can't be too bad. and they have user profiles that can be set up. one product i found interesting was the Cerberian filtering...maybe overkill. maybe a better router than the buffalo 54G router w/ better firewall and filtering?

ok. read the article regarding the XP firewall...i guess i really need one. i admit i've been lucky up to now w/ no protection...time to stop being lucky.

 

Noooo! We only want good luck for you Not RELYING on luck might be a good idea, though..

Ok, back to being serious..
Having multiple programs is generally better. If something tries to subvert your security software, it will have a harder time bypassing several programs than just one. You also generally get more focused and effective programs when you get each separately.

ContentProtect does look like a great program. The kids browser seems like the least potentially problematic to me, however only you can decide what the most appropriate program for your situation is. If you're undecided, just use the trials for each and get feedback from the kids before making a decision!

 

ok.

i will look at a kids safe browser vs contentprotect. my dilemna is to leave as much as the safe internet open. especially for HW and research. i guess there's a fine medium there.

i guess i need some AV, a firewall, and something to protect against IM problems...but maybe that's included in the firewall. the pc is a barton 2500 w/ 512RAM. pretty speedy for what they do. but i don't want Norton like system slow down.


btw, i appreciate your help. you guys are a pretty well informed bunch.

 

Just one other thought....

Position it at the router level. The ZyXel HS-100W has Cyberian content filtering as a subscription option. DSLReports has a ZyXel forum that covers most issues you are likely to encounter. Subscription cost is $30-40/yr - something in that region. There are other options available with router based filtering. All of the home level approaches have a separate user based logon at the router for the start of a session.

Blue

 

let me pose another question. let's say i have a hardware(router) firewall and if another computer on my lan gets hacked somehow, then that would mean other PCs on the lan would be at risk since the perimeter had been breached...so you have a fence, but no locks on the doors. am i getting this right? so you would also want the firewall on each pc? boy this is a lot...and i'm a DBA. i feel sorry for people w/ zero IT apptitude.

 

Depends on the nature of the breach and the attack vector. In simple terms - you're correct for some instances.

Blue

 

hmm...
protecting Proxomitron's configuration is easy... save the configuration file as "default.cfg" in the proxo folder and set it to read only. That should do it.

BUT... if our friend techiecool sets up Process Guard for his child, and then locks the settings using a password... boinga!!!!
Anyway... the more likely reason why this would NOT work is that Proxo is a bit ard to configure at first...
@Techiecool
go to www.proxomitron.info for starting info, then join up at www.kye-u.com/proxo/forums/ for help in the forums.... Beware! PROXO has its own programming language, so to speak.

 

I'm not sure Proxo would provide the kind of content filtering he's looking for. ContentProtect is mainly a kid filter (filtering out adult material)... I assume that's what techiecool is looking for?

 

It can edit out ANY sort of TEXT... which basically means that even if particular words appear in HTML/JS code, say the names of pictures [hotgirl.jpg] or as popups [www.**assume**.com/p0rn/pr0n/**assume**] or URLs or anything... it can and will be blocked... however, if the pictures are not named according to the usual strings [w1.gif, japan.jpg] Proxo can be evaded.
It is HARD to configure, and it's not a 100% guarantee (because WE have to program it... It works beautifully if the programmer knew what he was doing)

If you like set and forget control, NET NANNY used to be a top choice.

 

Have you actually tried this? You can prevent Proxomitron from saving its settings if you make the configuration file read-only - but you can't stop changes from being made, or being saved subsequently to another file.

Again, have you tried this? You can stop new or changed executable files from being run with Process Guard - but there is no way to stop a human from closing programs.

This I would agree with - Proxomitron is very powerful but requires understanding of its filtering language (and the HTML used for webpages) to make the most of it. However the default web and header filters do provide significant control and require no skill to use.

 

well....
Proxo won't save the changes, which means that every session you have to redo, or remove the read only attribute...
About the changes being saved to another file, Proxo will ALWAYS load the default file whenever you start up.

As for the rest... well... our good friend P2K is almost completely right... I hate it, but he is right, and further comments from me are impossible... I'm at the limits of my knowledge... I can now only read the thread now.
PS: you could try software like netnanny and cyber sitter [uptil 2 years back, when I tried these, they were pretty famous, can't say about now]

 

I am wrong sometimes - but to date I've been able to bury all the bodies...

 

Notok, yes i am looking for a kids filter...filter out adult/offensive content. in reality, i'm sure there's got to be multiple solutions. and it's not a money is no object thing, but in this case i'd spend what i have to to keep the squirt from seeing something devestatingly wrong...the effects could be not good on a kid.

you can actually trial contentprotect. i think i'll give it a try. the fact that disney put it into their dreamPC is kind of leaning me their way...probably financially motivated for disney, but hey i'm human here.

but maybe a layered solution is the way to go. i'm still not sure of proxo. went to the site and still not sure if it'll do what i'm looking for...maybe i'm not getting it.

let's assume the world's smiling down on me and this is a good solution. my next step is to add some AV. and maybe something to protect against IM virii/problems. as she's starting to IM friends a bit more. heck everyone in the house is so that is a solution everyone needs. and a simple firewall while were souping the baby up.

 

I WOULD recommend Proxo for yourself and the other adults in the house, especially with Kye-Us filters, but I think it would be overly complicated to set up for the youngin.

As for the IMing, I would disable file downloads (file transfers can be difficult at best with a router for some programs anyway), but a good firewall will probably go a long way with that. ZoneAlarm does make a small free version just for use with IM as well. I haven't used it, so I can't really attest to it, but it might be worth checking out. If you want to get fancy, you could use DropMyRights to start the browser, email, IM, etc, in a lowered security context so that any files downloaded cannot automatically make changes to the computer. It tends to set things even tighter than just running in a limited account.

 

You might want to look at one of the programs that are used to keep computers in public places from getting completely messed up, like Freeze

Every computer that I haave ever seen in the custody of a young person had tons of spyware on it voluntarily installed with p2p programs.