Monday, August 01, 2005

Weeping update...

Although the title sounds like something you'd take to the doctor, I thought I'd offer something of an update to the last post I wrote about cleaning out my dad's computer.

As one kind commenter wrote, "it is far more productive to think of possible solutions"

Now I'm not proposing that I'm going to put a stop to all the various different flavours of intrusive marketing out there (blog comment spam, IM spam and the great granddaddy of them all, email spam), but I can at least make a note of what I did to try an alleviate the problem somewhat for my dad.

First, let me set the scene.

I have a teenage stepsister, and my teenage stepsister is a great one for IM, file sharing (although, as far as I know, it's all legal now) and generally caning the net for all its socially worth. She is also, at the end of the day, a teenager. Bit impetuous, bit naive, and a little too quick to believe popups that claim that her computer could be running quicker if she installed widget x.

I also have a father. He, like a lot of fathers, just wants his computer for invoicing, perhaps the odd bit of emailing, banking, and that's about it. He also once uttered the immortal line "Why couldn't they just leave it at Windows 3.01? Didn't it already do everything everyone wanted?". Hmmm. Although the gist of it was more about how computers have been getting more complicated than he wants.

So, to summarize:

1 teenage daughter who wants to use her computer to keep up with her mates, but isn't too aware that there are bad people out there who want to user her computer for slightly more nefarious deeds.

1 mature guy who needs his computer for work, but really doesn't want to have to deal with any more stuff to learn just to get his books done, which he's been doing in the same way since Office 97. Oh yes, and he hasn't really got time (who has, really, in the real world) to supervise her every online move.

I see a problem. How to secure his machine without adding the need for any more management. In fact, how to secure his machine network-wise without any apparent change in behaviour (of the machine, not him).

Well, the most thorough (and my preferred method) would be to start from scratch, stash all the documents and data away somewhere and spend a good few hours installing and configuring the machine to be nice and safe from (at least some of the nastier) nasties. Lock everything down, disable all the non-essential services, do some admin-type bits like shift his data onto a different partition from his system bits, stuff like that, and have everyone running on a non-admin account. However, although most of that would cause no noticeable change in the machine's behaviour, bits and pieces would require management, or to put it another way 'More bloody work'.

I would (and did), however, rightly or wrongly, hold short of installing a second firewall. My thinking is that with all the ports and services disabled that aren't needed, Windows firewall will be sufficient. It sits nicely in the background and slots in nicely with the rest of Windows Security Center. It doesn't have the learning overhead of a separate application.

I also whacked on MS Anti-Spyware for exactly the same reason. Although it's just a lightly re-branded version of Giant's Anti Spyware, it does at least integrate nicely with Windows and doesn't seem like too disparate of an app to learn. It's still quite consistent with (particularly the newer parts) the rest of Windows XP. I think I said before, it's perhaps not the swankiest, but it does at least do a reasonable job.

Those were the easy parts. Now came the hard part.

I started with turning the computer off.

I heard someone say once that the biggest security hole in any system lies between the keyboard and the chair. Any system (yes, ANY) can be compromised when you've got a real person pushing buttons at the business end.

So the most difficult part was getting my stepsister to take a bit of responsibility for what runs on her computer. I told her about checking for mysterious processes running in the background, what to do if she found one, how to check if something malicious was running and how to get rid of it. I told her about the perils of hitting 'yes' when asked "Do you want to enhance your browsing experience?". I went explained at great length (you ever tried to talk to a 13 year old girl about 'nerd stuff' for more than 10 minutes?) about how firewalls work, and what they do, and generally tried to make her a bit more aware of what's out there trying to get in.

The last part is the make-or-break factor. Everything before it is almost incidental. I can have an iron-clad OS, be running behind a rock solid firewall and have every scanner known to man running checking everything's OK. However, just like vampires, if I invite nasty things onto my machine, they (potentially) get a free rein over my computer. And that's the bit I really need to work on.

Oh to have longer than a short and hectic weekend to do it all in!

Just wanted to share.

No comments: