new computer, want to keep it pristine

I'm getting a new computer for my daughter. She's a spyware/malware writers dream. She'll open any attachment, sends and receives IMs all day, surfs dangerously...

I'm in the process of attempting to isolate this machine from the rest of the network, but that's another thread. Here I'd like to hear suggestions for keeping her box in the condition I give it to her in. I know about freeze apps, but at the same time, she does research and needs to save documents. I know that if she learns to turn off freeze, she'll never tun it on again.

...screamer

 

Well....

 

Give her a password-protected ISR-software, not with her password, but YOUR password and keep it FROZEN.

 

Erik,

The vendors who currently sell FD-ISR no longer include the Freeze option.

 

I wasn't talking about FDISR, DeepFreeze has a password.

 

But will DF allow her to save documents. i.e. not discard them upon re-boot?
While its in Freeze mode? Also needs to be able to get AV updates w/o my intervention.

 

I dunno for sure, but I'm sure that DeepFreeze has options to exclude folders and you can also create two partitions : system and data.

 

Returnil in continious session,before and after reboot,should educate her to use VP or another parttition.

 

@All,

I need a simple, no intervention solution. I don't want to have to educate her or involve her in any of this software. I've got personal reasons for this.
Even installing a pristine FD-ISR Primary SnapShot and allowing her to work in Secondary SnapShot, is too much trouble, since I will be the one who has to revert to Primary.

Essentially, I want an app that will Freeze configuration, but allow updates and saving documents, w/o my intervention. Perhaps I'm asking for too much.

What do schools & libraries use to freeze their public boxes?

...screamer

 

Probably something along the lines of Deep Freeze and Anti-Executable (to handle portable/etc. application installs and launches), both from Faronics, with save locations on a thawed partition dedicated to transient data only. Or something along those lines configured using OS groups and policies since they'll typically exist on a centrally administered domain. Updates could be an issue.

Blue

 

If you use DeepFreeze disable the automatic update of each software including Windows.
Once a month you do this :
1. Blindfold your daughter.
2. Boot in thawed mode with YOUR password.
3. Perform all updates of Windows and Applications.
4. Boot in frozen mode.
5. Unblindfold your daughter.

 

Hi, screamer; If your daughter is able to turn on and off light switch, then she has the IQ sufficient to use DeepFreeze standard version. It has only three options with password protection option. She may receive AV auto updates in frozen mode, but do not worry, that update will reappear in next thawed mode. DF has x days trial, what not give a spin ?

 

hahaha @ Erik. Tried it, she peeks

I just sent an e-mail to Faronics w/ my situation, we'll see if they have a solution. I did a search and it seems DF has a scheduled thaw mode for up-dates: AV & Windows, now all I need to know is about her being able to save her "legitimate" docs somewhere.

...screamer

 

Since many computers have only one harddisk, DeepFreeze must have an option to exclude the folder "My Documents" for instance, otherwise you can't do anything with your computer, if you can't store files or downloaded files.

If DeepFreeze doesn't have that option, you must create a data partition to store files.

 

Hi Pete,

That's a lot to digest right now. In essence, if she downloads research w/ Sandboxie on, will she be able to save it somewhere.

Reason for AV is not so much D/Ling an infected app as it is a infection from IM. So I really need AV on this box.

...screamer

@Erik,

Good thought about another partition

 

A few things. With Returnil this would work as long as you didn't come across the intermittant problem I have had where it loses its serial number, and no passwords work, last time that happened I had to go into safe mode and uninstall, but in the scenario you describe that may not be an option.

Also a virus program update there is likely to be a reboot which would put her in a loop, although with Avast! you could turn off the program update side of it and just allow update of definitions.

 

@ Perman: it's on my list of apps being considered. Basically it's come down to Returnil & DeepFreeze. Thanks for the feedback

@ Tradetime: I'll install Antivir on this box. I'll need to check if I can only do definition updates.

 

I'd say limited account + Returnil configured as per Peter2150's post or Deep Freeze with a data partition to save documents. Make Firefox her default browser and add Adblock Plus.

 

screamer,
I disabled all my automatic updatings, because I also use Anti-Executable.
Automatic updatings can occur at any moment of the day and Anti-Executable is always ON with HIGH security.
When an automatic downloads starts, AE acts immediately when executable is changed during the downloading and the upgraded software gets corrupted.
I had it two times in practice and that's why I do updatings manually, when AE = OFF.
AE is very good, but very irritating too.

 

Yeah, I'd have to agree. It seems to be the least hands on solution. I'm also going to assign it a Static IP so I can block this box from the rest of the network, but allow Internet access. I think w/ this set-up and K-9 web protection, I should be on my way.

BTW: can I create a partition on C: Drive if there's already data written to it?
The box shes getting is my wifes. I'm keeping the new one

...screamer

 

screamer <-- going into Information Overload