security for a reckless internet kid

Discussion in 'sandboxing & virtualization' started by amiti, May 15, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Most of what I've seen listed here would not work for a kid.

    1) If I were a kid and someone put software on my computer that was annoying I'd just uninstall it. Password or not it's not like it's hard to remove this stuff - at most you'd have to boot to safe mode and do it through there.

    2) The basis of a lot of what I'm seeing is that changes won't be permanent... uhhhhh the kid will just make them permanent. He trusts that pirated game crack more than security software.

    Focus on security that stays away from the kid. Nothing they'll have to interact with. EMET and Chrome or IE9 to deal with exploits without being a pain to deal with and pretty much any AV will cover the rest, I'd go with MSE because of its consistently low false positives.

    Anything more than that and they're just going to ignore the security.
     
  2. Yanick

    Yanick Registered Member

    Joined:
    May 3, 2011
    Posts:
    269
    Actually, Returnil has Password Protection ;) It will lock all settings etc.
     
  3. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    install two os (both can be windows 7) on different drive/partition.
    One for dad -> password protected log in, truecript the whole drive
    One for son -> MSE (auto delete threat), set UAC so only signed app can be installed, + other security of your choice.
    Image both drive for last resort measure

    Downside :
    Malware can still infect father drive/partition
    But the son could have "freedom"

    Ps: Until the "real malware" is terminated, I dont think you'll ever find the final solution.
    Hints: wise and patience education can erase that kind of malware
     
    Last edited: May 18, 2012
  4. Tsast42

    Tsast42 Registered Member

    Joined:
    May 7, 2012
    Posts:
    137
    Location:
    United Kingdom
    Perfect combo then :)
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,388
    Location:
    Nicaragua
    I am not a big fan of BZ but I know someone else in another forum that had pretty much the same situation with his own kid. The kid was getting infected every month, that stopped when he installed BZ in the kids computer. Now the boy installs games and everything else in the buffer zone, keeping the system clean.

    How stable it is? I don't know and I have doubts about the program but in some cases, like your nephew, I guess, it can help.

    Bo
     
  6. amiti

    amiti Registered Member

    Joined:
    Jul 14, 2010
    Posts:
    10
    OK. I think I will go with Avast! free with Bufferzone and as a last line of defense an image backup of the system.

    Do you think the general approach of bufferzone to see signed applications as trusted and unsigned applications as suspicious is safe enough?
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,388
    Location:
    Nicaragua
    For the reckless kid, I would uncheck trusting digitally signed applications. I would also enable application control to insure that any executable downloaded via a Buffer Zone program, runs in the buffer zone if executed.

    Bo
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    How do you setup EMET?
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    That was fast, thanks!:D

    Will EMET and CIS and most security programs work well together?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They should, yes.
     
  12. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    Ok i'm just testing it out in vmware and my question is why is SEHOP and ASLR unavailable?
     
  13. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    If you are using XP, SEHOP and ASLR are not supported.
     
  14. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    Ahhhh ok so just turn on DEP to always on and that's it?
     
  15. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    Nope, also add internet facing programs such as your browser(s), pdf reader & media player(s) in the configure apps part of EMET.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.