Windows 7 64 bit PC Setup for Novice

Discussion in 'other anti-malware software' started by TheKid7, Apr 1, 2011.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I plan to replace the Windows VISTA Home Premium 64 bit Operating System on a HP Laptop which currently has Windows 7 Home Premium 64 bit (4 GB of “existing” Memory). The Laptop owner has a PC literacy that is quite low.

    He currently has Norton 360 which expires in about 10 days. I feel that Norton 360 is bloated even though I have never used Norton 360.

    I currently plan to install the following before giving the Laptop back to him.

    Questions:

    1. Is Panda USB Vaccine necessary on Windows 7 64 bit?
    2. Does a Norton DNS option come built into Norton Internet Security 2011?
    3. Do you think that installing Macrium Reflect Free is a waste of time and disk space? I say this because he will probably never use it even after I show him how to use it.

    Planned Setup:

    Windows 7 Home Premium 64 bit
    Windows 7 Service Pack 1
    Windows 7 Critical Updates

    Microsoft NetFrameworks (All)

    Sun Java
    Adobe Flash

    Security Active:

    Norton Internet Security 2011
    Sandboxie Free (Automatically delete sandbox contents)
    AVG Linkscanner Free
    Norton DNS
    Panda USB Vaccine

    Security On-Demand:

    Malwarebytes AntiMalware
    SuperAntiSpyware Free

    Web Browser:

    Firefox 4 (Adblock Plus with EasyList & Malware Domains Subscriptions)

    Imaging:

    Macrium Reflect Free

    Miscellaneous Software:

    Printer Drivers
    OpenOffice
    Foxit Reader
    7-Zip
    Ashampoo Burning Studio 2010 Advanced
    VLC Media Player
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    1) Nope, just disable it using AutoPlay in Control Panel.

    2) Norton DNS use the same database as Norton Safe Web, so it's better to use ClearCloud instead. I also like how you can easily fix false positives with it. You can change the DNS settings on the router to protect all computers on it.

    3) Teach him how important imaging is, and he'll definitely use it. For example, show how it can restore Windows far faster than re-installing after ruining the installation.
     
  3. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    If the person is trully novice
    I bet he/she will run toward you again if something happen
    Then
    Macrium reflect is a must, so u can undo his/her bad moves easily :)
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    As you have never used it I suggest you use a few of those 10 days to acquaint yourself with 360. You should endeavor to know from first hand experience what your talking about before you advise a novice to change their setup. Norton 360 was designed for them.
     
  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,122
    Location:
    Pennsylvania.
    Replace AVG Linkscanner with WOT and set that on block.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Way to complex for a novice, why are you adding Firefox, it has not protected mode (it runs with medium rights), so you NEED something like Sandboxie with it(and Noscript and Addblock and other geek's security improvements)


    KEEP IT SIMPLE!

    As suggested earlier: make an image backup after you installed everything

    1. EMET2 all internet facing software
    2. Install Avast free 6 with sandbox (install all file shields)
    3. Use IE9, the smartscreen filter is one of the best, to stay away from risky sites, also IE9 checks downloaded software as well
    4. Add PrevXfacebook safeonline freebie for additonal browsing protection while banking and shopping

    Standard, simple, effective

    . . . or better create a standard user account (but that is problably a to simple solution)
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Kees, would you consider Chrome a better option over IE9? We both know the privacy arguments that can be made, but from a security point of view, Chrome sandboxes itself, isolates plugins, and, better yet, updates itself and Flash (PDF too, but not quite as important as Flash, imho). As far as Prevx, my experience has been that it never remembers its own settings, and, they are slow to support newer versions of browsers. I haven't really tested the smartscreen filter in IE9 yet, so I can't really make a judgement on its effectiveness. It just seems to me (if of course it works for you and is fast enough for you), that Chrome might be a better option.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    @ dw426

    Chrome would be a better option, indeed. Especially considering the command switch --safe-plugins. I'm thinking of Java, which the person is question seems to need, according to what user TheKid7 posted.

    With IE, Java's plugin would run with the same rights as IE's parent process (medium level).
     
  9. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,516
    Location:
    USA - Back in a real State in time for a real Pres
    I'd use Sumatra PDF reader instead of Foxit. And add Opera browser.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Moon, doesn't the safe-plugins switch require the ongoing "Safe-Admin" project Sully is working on, though? I could be wrong on that, but when I've seen that switch mentioned, Safe-Admin was usually being discussed. I was under the impression that the project hasn't quite reached Beta status yet, and I'm not certain configuring the "deeper" parts of the OS is a good move for the true novice. The same could be said for EMET 2.0, but, if needed, there is at least a decent "how-to" on the following website: http://www.rationallyparanoid.com/articles/microsoft-emet-2.html
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No, you must be confusing it with something else. The command switch --safe-plugins is part of Chromium based web browsers. You just change Chrome's shortcut to something like chrome.exe --safe-plugins. In this example, we're only making use of --safe-plugins command switch. They're plenty of them, and some quite useful, specially --host-rules command switch.

    Take a look -http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc

    Regarding EMET, don't blindly trust it to protect against everything. User MrBrian tested it sometime ago against Java exploit and it wasn't able to contain it. I'm not saying it isn't useful, it is... simply don't rely on it to protect against all exploits. As everything else, it's only to be used in a layered security approach.
     
  12. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I use Chrome as my main browser but on some sites (credit card, banking, etc.) it will not open or display them properly and I have to use IE. May be easier to just use IE 9 and avoid having to provide tech support for the user when he has issues with sites opening or displaying properly.
     
  13. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    IMO Macrium is the best free imaging tool available at the moment and iirc there's a 64-bit build of it too. Just help the laptop owner make a backup images now and then, and if s/he ever needs to do a restore, then maybe s/he'll be motivated to learn to use backup software more actively in the future. Disable macriums 'start automatically' service/s so it's not in the way. The disk space it takes is negligible, except for the backup images which should preferably reside on an external hard drive anyway.

    Maybe install Minefield browser too - it's the pre-release version of 64-bit Firefox and may be faster on a 64-bit systems. Keep the regular firefox too (minefile installs into '\program files\minefield' instead of '\program files (x86)\mozilla firefox' so you can have both browsers installed at the same time). As a pre-release, you might think minefield is not suitable for a novice, but it's basically just a 64-bit version of firefox and very stable, so it may be better for 64-bit systems.

    I'd add doPDF or similar for a free PDF printer. Personally I also install imdisk (free, tiny ramdisk software for mounting iso, img and certain other image files), pismo file mount (another free and small file mounting software that's super convenient e.g. let's you 'quick mount' iso to essentially explore their contents on the spot), filemenu tools (adds useful context menu entries), and fastcopy (copies fast), but they may be for more useful for advanced users. I'm not familiar with Ashampoo Burning Studio 2010 Advanced, but for basic burning needs on 64-bit systems I like InfraRecorder because it's small, free and comes in a 64-bit version. For ease of use, I like CDBurnerXP and BurnAware.

    I also prefer to replace the default windows' notepad with the 64-bit version of notepad2, and a great free alternative to command prompt is console2 (64-bit version) because it lets you paste commands directly into the console, but again, those are probably not necessary for novices.
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I think I understand now, Moon. What I did was, after installing Chrome Beta, was hunt down the shortcut, add --safe-plugins to the end (I needed to put a space between .exe and the beginning of that command, or else it wouldn't let me), and pinned it to my taskbar. Was that correct? Is there anyway to test whether the plugins are sandboxed now?

    I have to say, Chrome Beta is a far better experience than the stable version. Granted I'm not using any addons (I decided to use a HOST file for ad/tracker blocking..works pretty good), but it is much faster, and so far, no stalling waiting for pages to load up. As far as EMET, I decided against using it. I have ASLR and DEP enabled already, Chrome has its own sandbox (testing it out without Sandboxie even..brave I am), and I have Avast 6 and MalwareBytes real-time running as well. Honestly it's kind of nice being without NoScript, lol. I feel slightly naked (I need time to get over being without NoScript and Sandboxie), but I feel pretty safe.
     
  15. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    id go with MSE or Avast and with appguard
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The best strategy would be to use Google Chrome for the daily browsing and IE9 for the sensitive tasks, such as accessing bank account, etc., due to any possible compatibility issues.

    No one has ever been able to break out of Chrome's sandbox, while for more than once it was possible with IE's Protected Mode. IE9 introduces better security, but... not without the cost of sacrificing a bit of usability. With Google Chrome, I'd dare to say it's set and forget. The great thing is that it also updates by itself, so no burden is given to the user.

    Anyway, it's just how I'd do it. :D
     
Loading...
Thread Status:
Not open for further replies.