Set up his PC to dual boot Linux? I require my son to access the web from Ubuntu. He uses Windows for gaming, Ubuntu for anything online. It seems to be working out well as the occasional malware infections that he could never explain are no longer an issue.
posted by COD at 10:13 AM on August 3, 2010

For a more seamless VM experience, you can try using VMWare Unity which is a function of VMWare workstation that allows you to integrate the guest OS windows (instead of having to browse in a virtualized desktop).
posted by wongcorgi at 10:38 AM on August 3, 2010

Flash video is really a tough one to allow without getting some malware coming in; I'm not an expert on it, but I've never been able to find a way. The only thing I can do on Windows with such sites is use Firefox and turn NoScript all the way up – but that of course means no Flash.

Ubuntu is really the answer; COD is correct. A dual boot is a pretty easy thing for the user to handle if you've set it up right; they just restart and pick the right option, and it boots into that operating system for them. Once he's on Ubuntu, he'll find it's extremely user-friendly and simple to use, particularly if what he want's to do is browse the web. And having an install (you can do this in as little as 5 gigabytes on the hard drive) is really going to be the easiest way for a user to deal with it, since that way they don't even need to put in a disk, they just have to reboot and pick the right option.

But you seem focussed on doing a Live CD - I don't know if maybe this is because your friend needs something portable, or because you'd rather just hand him a solution. Either way, if you want a Live CD of Gnu/Linux that will do this (allow full surfing of the internet, including a Flash player for 'tube sites, without having a malware-susceptible Windows install) then you could just use the Linux Mint Live CD. It is a live CD of Linux that includes Flash by default, so he'll be able to pop it in and surf away.

But anecdotally – I have, er, 'observed' such malware as can be found on the sorts of sites your friend mentions. And my observation is that it has no effect whatsoever on Ubuntu; it's generally targeting Windows, so he should be fine. The only malware he may find himself exposed to is the sort of refined stuff that people seem to be writing nowadays to hack Facebook and Gmail accounts; but even that generally just relies on phishing attacks (convincing him to click on a link sent by a 'friend') and won't have anything to do with visiting those 'entertainment' sites.
posted by koeselitz at 10:51 AM on August 3, 2010

For every friend or coworked that comes to me to 'fix' his or her computer they leave with these addons for their future browsing, both have Chrome variants, but these are for Firefox:

• Adblock Plus
• Flash Block

Adblock Plus strips ads from most websites. This includes misdirect ads... if they don't see it they won't click it being the logic there. Flashblock does just that, blocks flash, making you click on any flash element before it is loaded, basically giving it permission to assault your senses. This doesn't sound like much, but running it you will be impressed by the amount of flash that loads clandestinely in the background of some sites. With these two addons and Firefox's built-in security I usually eliminate the vast majority of ignorance-click issues with the people I help out.

I know you are looking for fancy OS answers and whatnot, but those to pieces of kit working together create at least a basic level of security for less experienced users.
posted by Gainesvillain at 11:15 AM on August 3, 2010

I have seen friends in similar situations. Ads and other content from 'adult' websites always seems to be the problem although I haven't gotten anyone to admit that yet...

What I would do is install Adblock Plus and No Script. If you know what to block/teach the person how to use these addons correctly then you can really stop many problems. I also like CCleaner!

On preview, I agree with Gainesvillain and also say download FlashBlock.
posted by Funky Claude at 11:24 AM on August 3, 2010

These recommendations to block Flash entirely are really the only way to largely eliminate the threat of malware on a Windows machine. (NoScript is still probably the best of the options, because it blocks not only Flash but a number of levels of potentially invasive Javascript and other scripting.) But your friend will find that surfing the web with Flash and other scripting turned off is an entirely different experience; Youtube won't work by default, and neither will any other 'tube site (that is, sites that offer internet video) – in fact, you can't log in to Metafilter with NoScript turned on unless you make an exception for it. 'Tube sites seem to be an increasingly popular way to get porn; they're easy, you just search for what you want and click through without having to download, and there are at least a hundred out there. But they're also hotbeds for malware. You can add an exception so that Youtube still works under NoScript; but it would be impractical and furthermore pointless to add such an exception for the dozens of porn 'tube sites your friend may be wishing to access. It's simply a given: if you watch video at those sites on a Windows machine, it's inevitable that at some point you're going to be getting malware.

So: your friend basically has two options; which one is easier depends on circumstantial stuff, and how he really wants to do what it is he does. The first is to do a fresh install of Firefox with NoScript turned up to block everything; you can then surf to Metafilter, Youtube, and a few other trusted sites and make exceptions to allow all scripts to run from them. If he chooses this option, then he might have to completely change his porn surfing habits; if he's used to using 'tube sites, he'll find that he can't really do that at all any more. His best bet will be to find ways to download things directly. The second option is to use either a live CD or a dual boot installation of Linux; this option may seem slightly more involved (and will require him to reboot the machine to do his thing) but he'll be able to visit any 'tube site that way.

And really, if he's getting lots of malware, it's almost certainly because he's looking at 'tube sites, which are just covered head to toe in scripts that are often malicious. The point is that there's really no way to look at those sites on a Windows machine that won't give you malware; killing Flash and other scripts is hardly a solution, because it makes looking at those sites impossible.
posted by koeselitz at 12:36 PM on August 3, 2010

adipocere: “The Facebook stuff is a good point. I have no Facebook experience, but I know he uses it a lot. Is Facebook more of a "get phished, suddenly your friends get requests to send you money as you are stranded in London deal," or is there actual malware getting served via, say, Facebook applications?”

Ah - no, sorry. Didn't mean to scare you. For most users, Facebook malware (like Gmail malware) is generally harmless. I've come in contact with both in the last few months. The Facebook malware I've seen is just a sneaky link that manages to post itself to a person's feed, making it look like they posted it there. Yesterday in my feed this one [link to Yahoo! Answers question about it] was gaining popularity swiftly (they do that, since they're literally passed from person to person). The sneaky bit is that, if you're on Facebook and see that your friend has posted that link, and you click the link, it automatically posts it to your feed. The 'payload' in the one from yesterday was that they tried to get you to do this little quiz and then give them your phone number at the end. Largely, this has been similarly innocuous stuff; I remember reading a Reddit thread a few weeks ago about one, and they couldn't even find a payload there - it was apparently just malware written to see if it could be done. Gmail malware is similar - they send you a link that, when you click it, it gives them a login so they can pull your entire address list, and then they spam that list with the same link, et cetera. Gmail has pretty good account-recovery measures in place (I didn't even have a registered phone number with them, and it still only took five minutes to get it back) and there wasn't much at risk, so I wouldn't worry.

It's just phishing stuff, so all he needs to know is: don't click links on your Facebook or Gmail if they seem sleazy. Even if he does click, it won't be the worst thing in the world. It probably won't do damage to his computer, anyway. Just, er... don't fill out those quizes, and try to log out of Facebook when you're not using it, is all.

As far as the other stuff – my tendency is to feel as though the VMWare hope of faster startup might be a red herring; startup time is really fast at this point (the Ubuntu people like to boast that they're around fifteen seconds now) and the average user isn't going to be able to jump into VMWare that quickly anyhow. Also, the Ubuntu install process is so easy now that you shouldn't worry about it being a hassle, if that's a concern. One worry I would have with a Live CD is downloading – I don't know how your friend likes to do it, but it's sometimes hard to download a lot of stuff on a live CD (I haven't done much of it with Mint Linux.) You could probably test this without trouble, though; and I know that nowadays, you can usually download a lot of stuff, even up to around a gigabyte, using just the RAM on the machine.
posted by koeselitz at 6:20 PM on August 3, 2010

this is a lot of good advice. i'll add this, if you don't take the ubuntu advice:

disable java
disable javascript in adobe acrobat reader

also, chrome on windows 7 won the browser hacking challenge this year, in that it didn't get hacked.
posted by overbo at 10:48 PM on August 5, 2010

This thread is closed to new comments.