Windows 7 64 bit PC Setup for Novice

I plan to replace the Windows VISTA Home Premium 64 bit Operating System on a HP Laptop which currently has Windows 7 Home Premium 64 bit (4 GB of “existing” Memory). The Laptop owner has a PC literacy that is quite low.

He currently has Norton 360 which expires in about 10 days. I feel that Norton 360 is bloated even though I have never used Norton 360.

I currently plan to install the following before giving the Laptop back to him.

Questions:

1. Is Panda USB Vaccine necessary on Windows 7 64 bit?
2. Does a Norton DNS option come built into Norton Internet Security 2011?
3. Do you think that installing Macrium Reflect Free is a waste of time and disk space? I say this because he will probably never use it even after I show him how to use it.

Planned Setup:

Windows 7 Home Premium 64 bit
Windows 7 Service Pack 1
Windows 7 Critical Updates

Microsoft NetFrameworks (All)

Sun Java
Adobe Flash

Security Active:

Norton Internet Security 2011
Sandboxie Free (Automatically delete sandbox contents)
AVG Linkscanner Free
Norton DNS
Panda USB Vaccine

Security On-Demand:

Malwarebytes AntiMalware
SuperAntiSpyware Free

Web Browser:

Firefox 4 (Adblock Plus with EasyList & Malware Domains Subscriptions)

Imaging:

Macrium Reflect Free

Miscellaneous Software:

Printer Drivers
OpenOffice
Foxit Reader
7-Zip
Ashampoo Burning Studio 2010 Advanced
VLC Media Player

 

1) Nope, just disable it using AutoPlay in Control Panel.

2) Norton DNS use the same database as Norton Safe Web, so it's better to use ClearCloud instead. I also like how you can easily fix false positives with it. You can change the DNS settings on the router to protect all computers on it.

3) Teach him how important imaging is, and he'll definitely use it. For example, show how it can restore Windows far faster than re-installing after ruining the installation.

 

If the person is trully novice
I bet he/she will run toward you again if something happen
Then
Macrium reflect is a must, so u can undo his/her bad moves easily

 

As you have never used it I suggest you use a few of those 10 days to acquaint yourself with 360. You should endeavor to know from first hand experience what your talking about before you advise a novice to change their setup. Norton 360 was designed for them.

 

Replace AVG Linkscanner with WOT and set that on block.

 

Way to complex for a novice, why are you adding Firefox, it has not protected mode (it runs with medium rights), so you NEED something like Sandboxie with it(and Noscript and Addblock and other geek's security improvements)


KEEP IT SIMPLE!

As suggested earlier: make an image backup after you installed everything

1. EMET2 all internet facing software
2. Install Avast free 6 with sandbox (install all file shields)
3. Use IE9, the smartscreen filter is one of the best, to stay away from risky sites, also IE9 checks downloaded software as well
4. Add PrevXfacebook safeonline freebie for additonal browsing protection while banking and shopping

Standard, simple, effective

. . . or better create a standard user account (but that is problably a to simple solution)

 

Kees, would you consider Chrome a better option over IE9? We both know the privacy arguments that can be made, but from a security point of view, Chrome sandboxes itself, isolates plugins, and, better yet, updates itself and Flash (PDF too, but not quite as important as Flash, imho). As far as Prevx, my experience has been that it never remembers its own settings, and, they are slow to support newer versions of browsers. I haven't really tested the smartscreen filter in IE9 yet, so I can't really make a judgement on its effectiveness. It just seems to me (if of course it works for you and is fast enough for you), that Chrome might be a better option.

 

@ dw426

Chrome would be a better option, indeed. Especially considering the command switch --safe-plugins. I'm thinking of Java, which the person is question seems to need, according to what user TheKid7 posted.

With IE, Java's plugin would run with the same rights as IE's parent process (medium level).

 

I'd use Sumatra PDF reader instead of Foxit. And add Opera browser.

 

Moon, doesn't the safe-plugins switch require the ongoing "Safe-Admin" project Sully is working on, though? I could be wrong on that, but when I've seen that switch mentioned, Safe-Admin was usually being discussed. I was under the impression that the project hasn't quite reached Beta status yet, and I'm not certain configuring the "deeper" parts of the OS is a good move for the true novice. The same could be said for EMET 2.0, but, if needed, there is at least a decent "how-to" on the following website: http://www.rationallyparanoid.com/articles/microsoft-emet-2.html

 

No, you must be confusing it with something else. The command switch --safe-plugins is part of Chromium based web browsers. You just change Chrome's shortcut to something like chrome.exe --safe-plugins. In this example, we're only making use of --safe-plugins command switch. They're plenty of them, and some quite useful, specially --host-rules command switch.

Take a look -http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc

Regarding EMET, don't blindly trust it to protect against everything. User MrBrian tested it sometime ago against Java exploit and it wasn't able to contain it. I'm not saying it isn't useful, it is... simply don't rely on it to protect against all exploits. As everything else, it's only to be used in a layered security approach.

 

I use Chrome as my main browser but on some sites (credit card, banking, etc.) it will not open or display them properly and I have to use IE. May be easier to just use IE 9 and avoid having to provide tech support for the user when he has issues with sites opening or displaying properly.

 

IMO Macrium is the best free imaging tool available at the moment and iirc there's a 64-bit build of it too. Just help the laptop owner make a backup images now and then, and if s/he ever needs to do a restore, then maybe s/he'll be motivated to learn to use backup software more actively in the future. Disable macriums 'start automatically' service/s so it's not in the way. The disk space it takes is negligible, except for the backup images which should preferably reside on an external hard drive anyway.

Maybe install Minefield browser too - it's the pre-release version of 64-bit Firefox and may be faster on a 64-bit systems. Keep the regular firefox too (minefile installs into '\program files\minefield' instead of '\program files (x86)\mozilla firefox' so you can have both browsers installed at the same time). As a pre-release, you might think minefield is not suitable for a novice, but it's basically just a 64-bit version of firefox and very stable, so it may be better for 64-bit systems.

I'd add doPDF or similar for a free PDF printer. Personally I also install imdisk (free, tiny ramdisk software for mounting iso, img and certain other image files), pismo file mount (another free and small file mounting software that's super convenient e.g. let's you 'quick mount' iso to essentially explore their contents on the spot), filemenu tools (adds useful context menu entries), and fastcopy (copies fast), but they may be for more useful for advanced users. I'm not familiar with Ashampoo Burning Studio 2010 Advanced, but for basic burning needs on 64-bit systems I like InfraRecorder because it's small, free and comes in a 64-bit version. For ease of use, I like CDBurnerXP and BurnAware.

I also prefer to replace the default windows' notepad with the 64-bit version of notepad2, and a great free alternative to command prompt is console2 (64-bit version) because it lets you paste commands directly into the console, but again, those are probably not necessary for novices.

 

I think I understand now, Moon. What I did was, after installing Chrome Beta, was hunt down the shortcut, add --safe-plugins to the end (I needed to put a space between .exe and the beginning of that command, or else it wouldn't let me), and pinned it to my taskbar. Was that correct? Is there anyway to test whether the plugins are sandboxed now?

I have to say, Chrome Beta is a far better experience than the stable version. Granted I'm not using any addons (I decided to use a HOST file for ad/tracker blocking..works pretty good), but it is much faster, and so far, no stalling waiting for pages to load up. As far as EMET, I decided against using it. I have ASLR and DEP enabled already, Chrome has its own sandbox (testing it out without Sandboxie even..brave I am), and I have Avast 6 and MalwareBytes real-time running as well. Honestly it's kind of nice being without NoScript, lol. I feel slightly naked (I need time to get over being without NoScript and Sandboxie), but I feel pretty safe.

 

id go with MSE or Avast and with appguard

 

To dw426

Moonblood sort of answered your questions, here is background info

https://www.wilderssecurity.com/showthread.php?t=296391

 

The best strategy would be to use Google Chrome for the daily browsing and IE9 for the sensitive tasks, such as accessing bank account, etc., due to any possible compatibility issues.

No one has ever been able to break out of Chrome's sandbox, while for more than once it was possible with IE's Protected Mode. IE9 introduces better security, but... not without the cost of sacrificing a bit of usability. With Google Chrome, I'd dare to say it's set and forget. The great thing is that it also updates by itself, so no burden is given to the user.

Anyway, it's just how I'd do it.