Porn Site Blocking

Discussion in 'privacy technology' started by LOTL, Apr 28, 2006.

Thread Status:
Not open for further replies.
  1. LOTL

    LOTL Registered Member

    Joined:
    May 12, 2004
    Posts:
    23
    Working on a friends PC that was infested with Trojans and Spyware.
    He has a few teenagers around that love to go where they shouldnt.
    Machine is running XP Pro w/SP2
    My short list for security includes the following.
    AVG AV
    Windows firewall (family is computer illiterate and the popups from a 3rd party firewall will drive them crazy, that and they are behind a router)
    Spyware Blaster
    IE-Spyad
    Windows Defender
    Hostsman with all hosts files checked.
    Anyone care to add a few other hands off free security apps to this mix?
    Also is there an updated hosts file that focuses on porn sites?
    Its unfortunate that you cant add a host list to the update list in Hostsman.
    He was using Bsafe online and wanted me to reinstall that but it looks kinda cheesy to me and im sure there is something better and free that will do the job. http://www.bsafehome.com/
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Install Firefox 1.5.0.2 from http://www.mozilla.com/ and set it to block all popups (if not already installed).

    Install limited user accounts for the youngsters, and also change the Admin password (with your friends knowledge) so the teens can't go around changing system permissions.

    Use GroupEdit, gpedit.exe from the Run command to set executable and installation permissions.

    If your friend paid for Bsafe, you should probably install it.

    Better and free doesn't always mean BETTER! Free doesn't always mean there isn't a price to pay!

    -- Tom
     
  3. LOTL

    LOTL Registered Member

    Joined:
    May 12, 2004
    Posts:
    23
    Thanks for the info Tom i forgot to mention they use AOL and are against trying anything new.
    I may try to convince them to give Firefox another try. Any thoughts on the Host file questions i had or about implementing one if they want to stick with Bsafe?
    I was thinking on doing the limited account set up, but the teenagers know and do more with the PC than my friend does and i suspect he will cave in to pressure to give them admin rights.
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    The reason for all of the trojans and spyware is the use of Admin account priviledges allows them to install. The single best thing to protect the system is to implement the limited user accounts - period. Make your friend take a stand, and make sure you charge him for the service if he even thinks about caving. Just inform him how much your fees are going to be for re-visiting his computer to clean it off and fix it for him. Make it worth his while from a monetary incentive and he will see the light!

    You could also install DropMyRights and SetSafer from Microsoft:
    * Running a Web Browser from an Admin account with reduced permissions
    DropMyRights.msi: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp
    SetSafer.msi: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/safer.asp

    If so, then you'll need to install Process Exporer (freeware) from sysinternals to set the limited user rights for both IE and Firefox on the executable, and also use the Local Security Policy to add two extra rules for those executables.
    http://www.sysinternals.com/ProcessesAndThreadsUtilities.html

    Read up on it before doing it. All Internet facing applications should all be included in the extra rules to limit the apps to Basic User rights - email client, web browsers, IM messaging software, etc.

    The limted accounts are about the only way to reign in the teens - make sure he won't budge on this!

    As for Hosts files, here's a few websites you can explore. I used to use the 1.4MB one from the .nu website which also requires the DNS Client service to be turned off from starting (either manual or disable) to prevent startup and login times from exceeding 3 minutes or more.

    Hosts file: http://remember.mine.nu/ [WinXP: disable DNS Client service]
    Ref: http://www.neowin.net/forum/index.php?showtopic=326491, i.e. discussion about DNS Tweaks and Client Service

    Hosts file: http://www.mvps.org/winhelp2002/hosts.htm or hosts.zip
    MVPS Hosts file: http://forum.aumha.org/viewtopic.php?t=15921&sid=c3c390156c8dda6afdfa641612ec9d3e
    Hosts file: http://www.dozleng.com/hpguru/
    Hosts file: http://accs-net.com/hosts/get_hosts.html
    Hosts file: http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hosts
    Hosts file: http://www.bluetack.co.uk/forums/index.php?showtopic=8406
    Hosts file: http://www.richardthelionhearted.com/Hosts/index.htm

    Whatever Hosts file is installed, make sure either the AS or firewall can protect it - Spybot Search & Destroy lets you make it read only, ZoneAlarm Firewall has a box to check to protect it.

    As for Porn blocking - I'm not sure that any tool can prevent it all - not a Hosts file or Bsafe, or any other tool mentioned.

    -- Tom
     
  5. LOTL

    LOTL Registered Member

    Joined:
    May 12, 2004
    Posts:
    23
    Wow some great info Tom. Do you have a host file manager that you use or recommend? The Hostsman one i started using recently works well, automatically disables the DNS client service , has an update feature but only for selected site lists, allows editing of the host file, quick disable of hosts file, and locks the hosts file. I had used bluetacks list along with a host manager one of their forum regulars made but it was specific to bluetacks list i believe.
    Id like to make it relatively easy for my friend to update, edit etc.
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    MVPS Hosts is a good one. Updated about monthly.

    Just make sure the consequences of not using limited accounts for the teens is well-understood by your friend as it is the first and best line of defense against the nasties to keep them from getting a foothold into your friend's computer. Also, teens will be teens - waddaya gonna do? Sigh...I remember sneaking Playboys in my youth.

    -- Tom
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,124
    Location:
    Pennsylvania.
    LOTL my mom is like that with AOL also after using it for SO many years shes scared of using another browser when everyone else uses firefox
     
  8. peewee

    peewee Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    30
    jah unt cheater loves to look at lots of porn ;)
     
  9. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,124
    Location:
    Pennsylvania.
    porn sites install spyware i don't go to them
     
  10. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, cheater87

    You not from Birmingham in the UK then. :D

    Take Care,
    TheQuest :cool:
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,
    Porn sites do not install spyware - people install spyware.
    Just use non-IE when you browse porn sites and you're cool.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.