| This 47 message thread spans 2 pages: < < 47 ( 1  ) || |
|Giving guests limited access to my computer|
Im having cousins come over in a few weeks..
Generally I trust them but their from another country & are a little strange so I dont have a 100% confidence.
I only have one login for both my computers. (computer & laptop) And its Admin only. I dont feel like creating other users & dont feel a need to.
But just for security reasons while their over..and while I might be sleeping or whatever, what can I do to feel safe that they dont install anything weird or cause security issues on my PC's ? I've got Windows Vista on both & I have both computers running all the time.
I guess im being a bit paranoid, but most guys worried about security usually are... hehe
any help would be great.
Here is a tricky one:
Instead of running around, worrying on how not to allow them to ruin you perfectly secure machine, plan their vacation for them, make it fun and keep them busy. Show them how good it is where you reside and to do something else instead of being glued to the monitor/keyboard. Simple, NO, can't use this PC; with the password protected login should do the trick.
I think there are some valid points by WebmasterWorld members, but in reality it is a vacation for your relatives make it one that they will remember as one of their best one so far. Unplug the router and spend some time with your family.
instead of using "guest" account, create an account for them, make it standard user.
windows 7 has great parental controls, you can disable file download, allow/dissallow certain sites they can or can not visit, time limits. You can also tell which programs they can use, limit folders access and more.
hope this helps.
If you don't trust them alone on your machines, set a password in your bios and be done with it.
It's sensible to have AV, software firewall, and a router with up to date firmware and firewall activated.
Also prevention, Spyware Blaster and Spybot S/D immunizer are good free tools to download and use. There are many more, I prefer those two.
Have never owned a Norton product so can't comment on that, but the mere mention sure stirred up a bee's nest.
Besides that, I agree with and will not repeat previous Admin account debacle other than create a user account for your guests.
lol. I have the same issues leaving the 17yr in our house when we go out. Just lock away what is really important to you, and prepared for at least one thing to go wrong by the time you return.
Its always best to lock your admin account with a password and have one 'limited' account just for those occasions when someone wants to 'borrow' your machine.
|I've got to confess that I continue to run XP as the administrator rather than as a user, and I do know better. |
Having used computers for 20 years, professionally for most of it, running exclusively as administrator on every system I've owned since that was an option, and during that time NEVER having acquired any malware worse than couple of small adware apps that install just as readily under a user account, I can tell you that it's not as big a deal as this thread makes it appear.
Off topic: the best net security, in my experience, is a good hardware firewall. Once you've got that you're pretty safe unless you install the malware yourself, regardless of how you log in to Windows.
Unplug the router and spend some time with your family..
I second that.
Mike, I understand the quandry, but don't have a great answer. I used to have an old computer for guests to use. If you have one kicking around, that could be a solution.
Alternatively, what about coughing up a couple hundred dollars on a netbook and saying "My computer is vital to my life, my livelihood and my survival. It just worries me too much to let anyone on it. You are welcome to use the netbook all you want."
Then it comes down to whether or not you trust them not to be malicious. No matter what security feature you have on your computer, unless it's locked in a vault and connected to the peripherals through the wall, someone could be gone with your hard drive in about 3 minutes.
So if you're afraid they will be foolish, get a netbook.
If you're afraid they will be malicious or if they have teeanagers who might enjoy the challenge of cracking cousin Mike's passwords just because they're bored, you need a place to hide your computer.
SteadyState is a great piece of software, and there are uses for it on a non shared computer environment. Have you ever noticed how much better Windows runs after a clean install? Well that's the point where you want to set up SteadyState. Have your computer set up just as you want it and have all your software installed. Then activate SteadyState. You can pretty much install, download or run anything you want without needing to worry. The next time you reboot you're back to square one.
The problem with SteadyState is you can't save any files. If you did they would be gone when you next booted. One workaround for this I have used is to install a 2nd hard drive after you have activated SteadyState. Save your files on the new HD. Because SteadyState will recover to its original condition on each boot, it will ignore the 2nd HD. Every time you start the pc you will get a notification balloon saying "Found new hardware Disk drive" It will be available to use as soon as you boot and your saved files from other sessions will be there also.
regarding your cousins, tell them to bring their laptops! seriously I wouldn't let anyone near my PC an I wouldn't expect anyone else to let me use theirs. Its a very personal and private thing.
|lol. I have the same issues leaving the 17yr in our house when we go out. |
hehe.. sounds like me when I was 17.
I didnt move out of my parents house till after 25.. and I noticed their stress levels seemed to increase year after year. Until I moved out of course.. then things got so much better on both sides.
It seems like just after 17 is when we turn to crapola. All our youth & innocents is gone. :-(
Basically an off-topic point..but if you could move out of you're parents house before age 19, you're doing them a big benefit.
First, go into your BIOS setup and turn off booting from devices other than the primary hard drive. Then password protect the BIOS.
As to Norton, in the latest version they've really stepped up their game. Its light years ahead of previous versions. I don't use it, but many of the security reviews look upon it pretty favorably. Not only is it getting the job done, but its firewall, anti-virus and anti-spyware engines are now the fastest in the industry in most benchmarks.
In addition to guest accounts and other advice already given, run one of the freely available security audit programs for your computer. Windows has several default settings which need to be changed to secure it better, too many to go into here in a single post. Remove Internet Explorer access from the guest account, and install Opera or Firefox for the guest account to use. Install Truecrypt and create a container drive... move anything you want to keep private to that drive, then use a utility to securely wipe free space on the drive. Turn off all unused services - not only will this help secure the computer it will also boot faster. Turn off autoplay so files on a USB drive, flash memory card and CD are not run automatically when inserted. There's instructions somewhere on the net for disabling mounting of additional drive letters as well, which will offer further protection against inserted devices.
For the ultimate in protection, use a partition manager to create a bootable 10 gig partition. Use Truecrypt to encrypt your "real" partition. Both will be available on the boot menu, but they'll need the password to access the encrypted drive. Their 10 gig guest partition should have just the basic browser and that's it. Backup the drive before you encrypt it should the worst happen and malware gets on the computer and wipes out your encrypted partition. When your guests leave, unencrypt the "real" partition, delete the 10 gig partition and use the partition manager to reclaim the space.
Lastly, if you don't trust someone enough that you're concerned... don't give them access (or as noted, rent a laptop for a week).
Take out the harddrive, stick a linux live CD in the CD drive (ubuntu live CDs work well these days), and leave a disposable USB stick in the back for file storage. Put back the harddrive when they have gone home.
The only useful way to go further than this is to lock up your modem. There is very little real harm they will be able to do without an internet connection.
Kids are more smart than we may think! SE is full of SW that may help them how to redo the things back. It is a matter of trust that makes it different. Advicing them with good words may keep them away from damaging the pc. Otherwise nothing could stop! 'Allow them for good use or they will be monitored & banned.'
So now that everyone has very adeptly pointed out that there is no 100% solution to this security question, let me suggest another solution that has worked well for me.
You can purchase removable (and lockable) hard drive docks that fit into your case's front 5.25 bays. They cost about $20-30 each. I have three in my PC, including one for my primary HDD. If I were to have to lock down my PC, I would simply remove all drives with sensitive data (click) and install a fresh version of windows onto another drive to use for the duration of the security risk. Once everything is back to normal, or if I had to access something I would simply swap my primary back into the computer (click).
It takes a little time to set up (installing the hardware) but it makes local physical security a breeze as all you have to do is grab your drive and run.
After reading this thread you should put your computer under your bed and tell the cousins you don't have one. ;) But seriously, if they are weird and you think they might even browse to neighborhoods you don't want associated with your IP, that might not be a bad idea
Petrogold, have to agree with you, kids are getting smart.
I had our modem programmed to disconnect the kids late at night. Until one of their friends completely reprogrammed it! It didnt even enter my head they knew how to connect to the modem, let alone also knowing the stupid password I set. Setting a proper password and an earlier cut off fixed that :)
I too use hard drive trays to swap OSs or beta stuff. It might be an option for the desktop to fit a spare drive while the relatives are using it.
I get to review 2-3 brands of AV software most years and was happy to trust my main desktop to Norton 360 and more recently to NIS 2010. There are Norton haters around who last used the brand perhaps ten years ago. I just trust my own assessment. I don't usually encounter malware but daily tasks such as POPping my email and the time taken to process it by the AV software is part of my consideration.
|people who don't know how to use computors |
People in glass houses...
And there are other Norton haters who cleaned out neighbours machines from the crud that Norton 360 let through just last week ..
And then set their machines to dual boot ..linux for the net and mail ..doze for photoshop ( and locked out of the router while it's in doze ) ..
as to snatch trays ..just as easy to run only one machine at a time to the net linux / doze ..the others ( here that means currently 6 others ..each with their own OS and specific software ) dont connect ..ever ..and updates ( if and when needed ..and actually beneficial ) are carefully screened and moved in via USB ..
How much malware one meets depends on where one goes ..hiding oneself behind the shutters doesnt stop the bad guys from breaking in next door ..
As I said earlier ..I do know from first hand conversation and observation what MS security people think of Norton ..and not from 10 years ago :)..But if you think you know how to protect their code better than they do ..
I think that the OP is actually looking for way to use his machine as admin at the same time as his guests are in his house ..
"You'll have to wait a moment before you can get your email ..I just need to swap out the OS on this here HD 'cos I cant trust you"..
Old time welcome ?
like incredibill ( and others said ) ..letting people you dont trust use your IP ..even if they bring their own machine ..
explain you use it for work ..and that not even your mom gets to touch it or connect via the IP in case some horrible error happens ..and then find them a cyber cafe for their emails ..
personally I dont invite people I cant trust to stay ..YMMV
| This 47 message thread spans 2 pages: < < 47 ( 1  ) |