security for a reckless internet kid

Most of what I've seen listed here would not work for a kid.

1) If I were a kid and someone put software on my computer that was annoying I'd just uninstall it. Password or not it's not like it's hard to remove this stuff - at most you'd have to boot to safe mode and do it through there.

2) The basis of a lot of what I'm seeing is that changes won't be permanent... uhhhhh the kid will just make them permanent. He trusts that pirated game crack more than security software.

Focus on security that stays away from the kid. Nothing they'll have to interact with. EMET and Chrome or IE9 to deal with exploits without being a pain to deal with and pretty much any AV will cover the rest, I'd go with MSE because of its consistently low false positives.

Anything more than that and they're just going to ignore the security.

 

Actually, Returnil has Password Protection It will lock all settings etc.

 

install two os (both can be windows 7) on different drive/partition.
One for dad -> password protected log in, truecript the whole drive
One for son -> MSE (auto delete threat), set UAC so only signed app can be installed, + other security of your choice.
Image both drive for last resort measure

Downside :
Malware can still infect father drive/partition
But the son could have "freedom"

Ps: Until the "real malware" is terminated, I dont think you'll ever find the final solution.
Hints: wise and patience education can erase that kind of malware

 

Perfect combo then

 

I am not a big fan of BZ but I know someone else in another forum that had pretty much the same situation with his own kid. The kid was getting infected every month, that stopped when he installed BZ in the kids computer. Now the boy installs games and everything else in the buffer zone, keeping the system clean.

How stable it is? I don't know and I have doubts about the program but in some cases, like your nephew, I guess, it can help.

Bo

 

OK. I think I will go with Avast! free with Bufferzone and as a last line of defense an image backup of the system.

Do you think the general approach of bufferzone to see signed applications as trusted and unsigned applications as suspicious is safe enough?

 

For the reckless kid, I would uncheck trusting digitally signed applications. I would also enable application control to insure that any executable downloaded via a Buffer Zone program, runs in the buffer zone if executed.

Bo

 

How do you setup EMET?

 

Here's a guide.

 

That was fast, thanks!

Will EMET and CIS and most security programs work well together?

 

They should, yes.

 

Ok i'm just testing it out in vmware and my question is why is SEHOP and ASLR unavailable?

 

If you are using XP, SEHOP and ASLR are not supported.

 

Ahhhh ok so just turn on DEP to always on and that's it?

 

Nope, also add internet facing programs such as your browser(s), pdf reader & media player(s) in the configure apps part of EMET.