How to stop my crazy family from downloading destructive software?
August 26, 2005 9:45 PM Subscribe
My computer illiterate family has an HP box running Windows XP Home SP 2.
They are constantly installing random programs from suspicious websites and allowing nefarious Active X controls to run – often leaving a trail of destruction for me to deal with.
Is there an easy way to restrict their ability to install software?
(Also - was I dreaming or did Microsoft just release some kind of policy editing tool that deals with this kind of problem?)
Create an account without administrative privileges. Install Firefox, Flash and Thunderbird, and that's it. Set up the computer to auto-login to that account, password protect the administrator account, and don't let them near the administrator account.
posted by ldenneau at 10:15 PM on August 26, 2005
posted by ldenneau at 10:15 PM on August 26, 2005
What ldenneau said. Also, go into the Internet options for the non-administrative account and disable ActiveX controls.
posted by Zed_Lopez at 11:15 PM on August 26, 2005
posted by Zed_Lopez at 11:15 PM on August 26, 2005
Microsoft released an antispyware program (that they bought from another company). I've been using it for a few months and it works fairly well... real-time protection and scheduled scans seem to take care of most problems (once you get viruses and the like out the way). It has to be a legit copy of XP to download it, though, and it still asks you if you want to install some things--nothing other than a restricted account is going to stop them from saying yes.
I'd install Firefox and put extensions like NoScript on it. You can hide IE from the desktop by going into Windows components in Add/Remove Programs.
I know it's difficult to get the point across, but keep explaining why they shouldn't install stuff.
posted by strikhedonia at 11:30 PM on August 26, 2005
I'd install Firefox and put extensions like NoScript on it. You can hide IE from the desktop by going into Windows components in Add/Remove Programs.
I know it's difficult to get the point across, but keep explaining why they shouldn't install stuff.
posted by strikhedonia at 11:30 PM on August 26, 2005
Ditto to all the other advice. I would also set up Ad-Aware, AVG Antivirus (free and self updating), and definately hide the admin account.... now!
Teach them how to use Ad-Aware. If they still don't do it, charge them $25 an hour (friend prices) to be there. They will learn to use it quickly.
posted by Dean Keaton at 11:38 PM on August 26, 2005
Teach them how to use Ad-Aware. If they still don't do it, charge them $25 an hour (friend prices) to be there. They will learn to use it quickly.
posted by Dean Keaton at 11:38 PM on August 26, 2005
Ad-aware and Spybot make a good team.
And I thought there was a similar thread awhile back about family computers, but my yahoo/google-fu is failing me.
posted by strikhedonia at 11:42 PM on August 26, 2005
And I thought there was a similar thread awhile back about family computers, but my yahoo/google-fu is failing me.
posted by strikhedonia at 11:42 PM on August 26, 2005
and if you create a non-administrator account for them to log in, i'd like to reiterate what Idenneau said: PUT A PASSWORD ON THE ADMIN LOGIN.
I have had much fun at various workplaces over the years taking advantage of the fact that, in windows, the default admin password is NO PASSWORD AT ALL...
posted by dersins at 12:08 AM on August 27, 2005
I have had much fun at various workplaces over the years taking advantage of the fact that, in windows, the default admin password is NO PASSWORD AT ALL...
posted by dersins at 12:08 AM on August 27, 2005
There was a group policy management console (that's what it's called, I think) that's part of the Windows Server 2003 resource kit - if you wanted to you could set up a GPO with a list of approved software and apply it to the computer, but you'd have to figure out how to apply a GPO without having AD (which is possible, I just don't know how) and it'd be a lot more of a pain than just giving them a non-admin account. IE can also be set to not allow you to install or run ActiveX controls, and you can put a whitelist in if they absolutely must run IE.
posted by mrg at 9:11 AM on August 27, 2005
posted by mrg at 9:11 AM on August 27, 2005
What everyone else has said about admin accounts.
I'd recommend Hitman Pro as a way for you/them to keep the computer clean. The site is in Dutch only, but the download is easy to find and the program itself has an English version. It's basically a shell for running a bunch of anti-spyware apps all at once, and they update automatically.
posted by gemmy at 9:36 AM on August 27, 2005
I'd recommend Hitman Pro as a way for you/them to keep the computer clean. The site is in Dutch only, but the download is easy to find and the program itself has an English version. It's basically a shell for running a bunch of anti-spyware apps all at once, and they update automatically.
posted by gemmy at 9:36 AM on August 27, 2005
This thread is closed to new comments.
posted by trondant at 10:06 PM on August 26, 2005