|Hazard's of the 24/7 Home PC|
Whatever happened to "Not My Machine" etiquette?
When I'm borrowing someone else's box to work or access the web, I have a couple of simple rules. I don't install ANYTHING without clearing it with the machine's owner first, and when I'm surfing, I stick to "old regulars" type sites that I know are safe and aren't going to cause any grief.
My machine is pretty heavily firewalled (hardware and software firewalls, which some people call the "suspenders and a belt" approach, but I call the "I can't afford to lose my data" approach), but for, well, pretty much forever, I've run low on they keyboard level security. I basically hate having to type in a password every time the screen saver kicks in while I was staring off into space thinking about something.
But I have to change that approach, aparently, because other people don't get the whole etiquette of using other people's machines. I took on a roomy a while back, basically as a favor to my landlord, because I knew I was going to be moving in a couple of months (end of this month, thank gawd). My machine runs 24/7 because, well, for a lot of reasons actually. Just because I'm not around doesn't mean it stops working. I told the roomy he could come in and kick start the cable modem if the need ever presents itself, which it does a couple times a week. (His machine is hubbed off mine, in a way that allows absolutely no cross access between the computers. Not because I think he'll peek at my files, but because he's a twit when it come to security, and I don't want his trojans and virus problems causing me grief).
For the most part, it works fine. Unless I'm gone for a few days or a week, in which case, I invariably come back to a screen full of pop-ups and obvious spyware and adware generating crap sitting on my desktop. I ream the wanker out, but he always plays innocent. "I didn't do it, I just had to reboot the cable modem."
And its not just him. For various reasons, to do a friend a favor or whatever, I've let other people use the machine from time to time. And invariably, unless I'm sitting there staring over their shoulder the whole time, whenever I get back to it, it's mysteriously "acquired" rafts of spyware and adware and general scumbagware. You can firewall a machine all you want, if there's a moron at the keyboard, then your box is gonna take a beating.
And I'VE HAD IT. I'm not longer going to be mr. nice guy. I'm gonna become Scrooge McGeek from now on. No one touches this thing but me anymore. There's passwords on top of passwords now. Think you can bypass by entering safe-mode or CD booting with Knoppix? Aux contraire, mon frere, you ain't gettining in there. When I started playing with these things 20odd years ago, everyone knew the rules, (and if you happened to "bend" the rules, you'd at least have the guts to tell whoever's machine you'd just crashed what you'd been doing when it happened), and I've been stuck in that mindset. But nomore.
I'm sick of getting home to have to spend 8-10 hours cleaning up the mess someone else left on my machine.
Is it just me? Am I the only one here with dimwitted friends? Or did everyone else get scroogy with their machines years ago?
For the similar reasons i have a Boot password on my machine :)
ditto - my sanity was saved by a password on boot.
I've had a boot password from the begining, the main problem was that the machine runs 24/7, and usually gets booted once every few weeks, if that.
And XP got ornery when I first tried to put it a Screen Saver PW. On the plus side, in the process of doing a SS PW, I discovered the asp.net "hidden" account that MS had buried on my PC (I hadn't seen it anywhere else, no even going into safe mode).
But after killing the asp.net account, now M$ update isn't working right. I'm really getting sick to death of M$'s assumption that I don't know what I'm doing, shouldn't have full control over my own computer, and their habit of burying all kinds of weird access points for them to check in on what I'm doing (read: not just a way for M$ to spy on me, but big gaping holes in my PC's security for malware writers to exploit).
I'm "inheritting" a pIII 800 in a few weeks for doing some work for a friend. Its going to get Lin and nothing but Lin, and when I feel confident enought that I can operate using that and have the necessary apps that I use most often, I'm gonna take Win off this machine too.
A big security feature there is that 99% of the people I know won't touch a Linbox, their eyes glaze over in confusion as soon as they see a penguin.
Couldn't you just set up a "guest" login for it, without any permissions for installing anything?
Wrap your keyboard with an electrified wire connected also to a battery-powered alarm circuit.
I've done that some years ago, it worked.
[but it was a laptop..]
I could set up a "guest" account, but I'm not going to bother. At the end of the month, I'll have a three-PC home, one will be my main work machine, one will be a server, the last (weakest) with be the POS I let other people use and mangle at will.
I just find it frustrating because I grew up in a PC environment where everyone let each other play with their machines, just to test and hack, and do whatever, but there were some basic rules about how you went about it. No-one nowadays seems to play by those rules anymore.
The twit seems to not know/or about safe surfing and general computer good practices. I can't imagine a malicious twit. I think about it, and I was afraid of computers before about 1990. Then I didn't know anything, then I thought I knew everything, now I just try to be careful, observant and productive.
Your twit may well be on a path to becoming a sensible user.
I have been a fan of screen saver passwords. They always seem to kick in just when am about to use the machine.
Given a couple of teenagers and an office cat (walks on keyboards) I have starting looking my business machine when I leave the office. In Win2K and WinXP <ctrl><alt><del> and <enter> (default of Lock Computer). Sort of a screen saver password with a manual turn on.
Thanks for the shortcut, I'll use that.
As for the "twit", he's been using computers for almost 10 years, and still hasn't clued into security. I don't have much hope for him anymore. He's a good guy otherwise though. I have a feeling he's gonna become rich with his ability to manipulate certain parts of the anatomy in a 3-d renderer.
Another "trick" (though not much of one) you can do with XP, and I think most other windows type OSes. You can set the Energy Star to kick in well before the screen saver. Which blanks out the screen and reminds you you've had a minor brainfart staring at the screen again, but the password doesn't kick in until after the screen-saver starts.