need a bit of help for a kids only PC

Discussion in 'other firewalls' started by techiecool, Dec 26, 2004.

Thread Status:
Not open for further replies.
  1. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    ok i have installed the javacool, adware, spybot software. and what i really need is a firewall/content filtering/ and AV. i want something w/ low resources. my thought was to go w/ something called ContentProtect for the filtering and some AV software (NOD or siimilar). but if i could find a firewall that content filters as well as ContentProtect then i'd just get that. otherwise i'll use the firewall on the Buffalo wifi router. i ruled out using hosts files for the content filtering...this is afterall an impressionable little kid...trying to make it as foolproof as possible. and the PC is in a visible area.
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If you want to go a little more advanced (and expensive, not too bad though), you could try WinProxy Set it up on a dedicated PC and it won't take up any resources on the client PCs, and will filter any/all of them. It also automatically updates.

    Here's something that looks a lot like ContentProtect, without remote administration, for free: http://www.snapfiles.com/get/iprotectyou.html
    (Paid version available. I haven't used this, so I can't really comment, but I thought I'd throw it out there.)
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    One important question - do you want to be able to lock the settings so that only you can change them? If so, you need a firewall with a password-protection option. Kerio (full) and Outpost Pro both offer content filtering and the option to password protect their configurations (Outpost does currently have a special offer of lifetime upgrades if you purchase before January 10th which you may find worthwhile).

    More powerful content filtering can be done using standalone applications like Proxomitron or WebWasher Classic but these do not offer password protection. Even if you do decide to use these, a software firewall is still important to control what applications on your system are allowed Internet access (router or proxy firewalls cannot provide this level of control).
     
  4. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    well the thing is that the 10 year old and the 20 year old share the same computer or maybe on the same computer. so i want to restrict the content filtering on the 12 year olds windows profile as she is only allowed on one PC. so the older one can have his own freedom...hey he's old enough to do what he wants and i don't want to regulate him. so something for that scenario would be good as well. i run the XP Pro firewall so that should be good enough for a firewall.
     
  5. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    You could discreetly point him in the direction of Wilders anyway?.....For a bit of security know-how?
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Maybe what you really want, then, is a filtering browser..
    http://www.snapfiles.com/get/atkids.html

    Getting the older one to be security conscious would probably be the best idea, too. Even if you don't want to restrict the type of content he views, you still want to keep the system secure.

    I also wouldn't discount a good firewall, either. If something unknown wants to connect out of your computer (XP firewall really only protects against incomming), you are going to want to know about it.
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Another option would be Norton Internet Security which has parental control and would allow you to set up separate user accounts with the appropriate settings.

    Regards,

    CrazyM
     
  8. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Or you could use two separate Windows accounts... one for the young gun that has proxomitron enforced and has processguard free set to protect proxomitron from exiting ;)
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Are they likely to be using Fast User Switching? If so, then this may complicate issues.
    It beats using nothing, but has serious shortcomings on the security front - see the SP2's new firewall: Not good enough article for more.
    If Norton can be set up to use different configurations with different Windows user accounts then that would be a definite plus for this situation - Outpost cannot do this, nor can I find any reference in Kerio's documentation. Would it be able to work with Fast User Switching though?
    While an interesting approach in theory, this setup has two problems in practice. Proxomitron can only be "enforced" if browser proxy settings can be locked (though using a firewall to block browser network access to anything other than Proxomitron would do a similar job) - even then Proxomitron's configuration can be changed by any user since it offers no password protection. Secondly while Process Guard can protect programs from being terminated by malware, it does not stop users from closing them as long as they respond to Process Guard's confirmation prompt.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Unfortunately I am not that familiar with the parental controls in NIS. It can be linked to user accounts already configured in the OS or as separate user accounts within NIS. It does add to the install size and the updates can be substantial as well, but is to be expected with the amount of content to be covered. The NIS proxy also filters the common instant messaging ports.

    Regards,

    CrazyM
     
  11. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    to be honest, i built their PC recently. i actually haven't bothered installing much protection on it as i've been real busy. but it has a few anti spyware programs and that's it. so i guess i could use the whole nine yards...AV, firewall, filtering. i was looking at zone alarm protection suite(?). it has everything included, but i don't know if i'd trust the AV. but it seems it would do everything (IM security, AV, filtering, firewall). i just don't know how good the parts are. maybe separate components is the best.

    i don't understand. how does Proxomitron actually work?

    Norton...haven't used them in 6 years. to bloated now.

    i researched ContentProtect. they apparently are being used in the Disney DreamPCs. can't be too bad. and they have user profiles that can be set up. one product i found interesting was the Cerberian filtering...maybe overkill. maybe a better router than the buffalo 54G router w/ better firewall and filtering?

    ok. read the article regarding the XP firewall...i guess i really need one. i admit i've been lucky up to now w/ no protection...time to stop being lucky.
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Noooo! We only want good luck for you ;) Not RELYING on luck might be a good idea, though..

    Ok, back to being serious..
    Having multiple programs is generally better. If something tries to subvert your security software, it will have a harder time bypassing several programs than just one. You also generally get more focused and effective programs when you get each separately.

    ContentProtect does look like a great program. The kids browser seems like the least potentially problematic to me, however only you can decide what the most appropriate program for your situation is. If you're undecided, just use the trials for each and get feedback from the kids before making a decision!
     
  13. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    ok.

    i will look at a kids safe browser vs contentprotect. my dilemna is to leave as much as the safe internet open. especially for HW and research. i guess there's a fine medium there.

    i guess i need some AV, a firewall, and something to protect against IM problems...but maybe that's included in the firewall. the pc is a barton 2500 w/ 512RAM. pretty speedy for what they do. but i don't want Norton like system slow down.


    btw, i appreciate your help. you guys are a pretty well informed bunch.
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just one other thought....

    Position it at the router level. The ZyXel HS-100W has Cyberian content filtering as a subscription option. DSLReports has a ZyXel forum that covers most issues you are likely to encounter. Subscription cost is $30-40/yr - something in that region. There are other options available with router based filtering. All of the home level approaches have a separate user based logon at the router for the start of a session.

    Blue
     
  15. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    let me pose another question. let's say i have a hardware(router) firewall and if another computer on my lan gets hacked somehow, then that would mean other PCs on the lan would be at risk since the perimeter had been breached...so you have a fence, but no locks on the doors. am i getting this right? so you would also want the firewall on each pc? boy this is a lot...and i'm a DBA. i feel sorry for people w/ zero IT apptitude.
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Depends on the nature of the breach and the attack vector. In simple terms - you're correct for some instances.

    Blue
     
  17. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    hmm...
    protecting Proxomitron's configuration is easy... save the configuration file as "default.cfg" in the proxo folder and set it to read only. That should do it.
    BUT... if our friend techiecool sets up Process Guard for his child, and then locks the settings using a password... boinga!!!!
    Anyway... the more likely reason why this would NOT work is that Proxo is a bit ard to configure at first...
    @Techiecool
    go to www.proxomitron.info for starting info, then join up at www.kye-u.com/proxo/forums/ for help in the forums.... Beware! PROXO has its own programming language, so to speak.
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm not sure Proxo would provide the kind of content filtering he's looking for. ContentProtect is mainly a kid filter (filtering out adult material)... I assume that's what techiecool is looking for?
     
  19. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    It can edit out ANY sort of TEXT... which basically means that even if particular words appear in HTML/JS code, say the names of pictures [hotgirl.jpg] or as popups [www.**assume**.com/p0rn/pr0n/**assume**] or URLs or anything... it can and will be blocked... however, if the pictures are not named according to the usual strings [w1.gif, japan.jpg] Proxo can be evaded.
    It is HARD to configure, and it's not a 100% guarantee (because WE have to program it... It works beautifully if the programmer knew what he was doing)

    If you like set and forget control, NET NANNY used to be a top choice.
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Have you actually tried this? You can prevent Proxomitron from saving its settings if you make the configuration file read-only - but you can't stop changes from being made, or being saved subsequently to another file.
    Again, have you tried this? You can stop new or changed executable files from being run with Process Guard - but there is no way to stop a human from closing programs.
    This I would agree with - Proxomitron is very powerful but requires understanding of its filtering language (and the HTML used for webpages) to make the most of it. However the default web and header filters do provide significant control and require no skill to use.
     
  21. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    well....
    Proxo won't save the changes, which means that every session you have to redo, or remove the read only attribute...
    About the changes being saved to another file, Proxo will ALWAYS load the default file whenever you start up.

    As for the rest... well... our good friend P2K is almost completely right... I hate it, but he is right, and further comments from me are impossible... I'm at the limits of my knowledge... I can now only read the thread now.
    PS: you could try software like netnanny and cyber sitter [uptil 2 years back, when I tried these, they were pretty famous, can't say about now]
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I am wrong sometimes - but to date I've been able to bury all the bodies... ;)
     
  23. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    Notok, yes i am looking for a kids filter...filter out adult/offensive content. in reality, i'm sure there's got to be multiple solutions. and it's not a money is no object thing, but in this case i'd spend what i have to to keep the squirt from seeing something devestatingly wrong...the effects could be not good on a kid.

    you can actually trial contentprotect. i think i'll give it a try. the fact that disney put it into their dreamPC is kind of leaning me their way...probably financially motivated for disney, but hey i'm human here.

    but maybe a layered solution is the way to go. i'm still not sure of proxo. went to the site and still not sure if it'll do what i'm looking for...maybe i'm not getting it.

    let's assume the world's smiling down on me and this is a good solution. my next step is to add some AV. and maybe something to protect against IM virii/problems. as she's starting to IM friends a bit more. heck everyone in the house is so that is a solution everyone needs. and a simple firewall while were souping the baby up.
     
  24. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I WOULD recommend Proxo for yourself and the other adults in the house, especially with Kye-Us filters, but I think it would be overly complicated to set up for the youngin.

    As for the IMing, I would disable file downloads (file transfers can be difficult at best with a router for some programs anyway), but a good firewall will probably go a long way with that. ZoneAlarm does make a small free version just for use with IM as well. I haven't used it, so I can't really attest to it, but it might be worth checking out. If you want to get fancy, you could use DropMyRights to start the browser, email, IM, etc, in a lowered security context so that any files downloaded cannot automatically make changes to the computer. It tends to set things even tighter than just running in a limited account.
     
  25. Diver

    Diver Guest

    You might want to look at one of the programs that are used to keep computers in public places from getting completely messed up, like Freeze

    Every computer that I haave ever seen in the custody of a young person had tons of spyware on it voluntarily installed with p2p programs.
     
Loading...
Thread Status:
Not open for further replies.