Help me make a PC safe
May 7, 2008 10:36 AM   Subscribe

Install both AdAware AND Spybot Search & Destroy for spyware scanning, keep them updated, and scan regularly.
posted by briank at 10:49 AM on May 7, 2008

I'm a huge fan of SpywareBlaster, a java app that actively blocks some known malware from installing.

I'd instruct her on some basic safe browsing habits (stay far away from free screensavers, icons, backgrounds, music, etc. Open only known attachments) as well.
posted by Psionic_Tim at 10:50 AM on May 7, 2008

Make sure automatic updates are on, then block the common attack vectors. This means AdBlock Plus+NoScript on Firefox, no Quicktime plugin, no WMP plugin, no outdated PDF plugin, Java off (check about:plugins and delete/rename them). Make sure Flash Player is updated to latest.

Have Windows explorer always show file extensions (Tools->Folder Options->View), uncheck Hide Extensions and also select Show hidden files.

Disable all AutoRun and AutoPlay options with TweakUI (a Microsoft PowerToy).

It's been my experience that any time there's more than one person using one computer, all hope for effective/paranoid security is lost. At least make sure everyone reflexively presses Win+L.
posted by aye at 11:03 AM on May 7, 2008

Not only SpyBot, but how savvy is she? SpyBot S&D comes with a runtime element called TeaTimer that keeps stealth stuff from tampering with your registry files. I find that to be a HUGE help in keeping malware shit off my system. Either way, make sure that both AA and SpyBot are run regularly and auto updated.

Do NOT put Anti-Virus (especially Norton!) on the computer. It provides little to no protection, gobbles up processing, and is actually harder to fully get rid of than whatever virus it's protecting you from.

Also: Even though the husband is using it periodically, do NOT set up multiple user accounts - that actually REDUCES the security of the system. (It's complicated, but true. Even Microsoft says as much)

Otherwise, your best course of action isn't just to set up preventative measures but also to give her a couple tips on safe browsing.
posted by absalom at 11:18 AM on May 7, 2008

AVG is fine, Microsoft Defender is ok as well to run along side it.

The root of your question however can also be addressed by educating the user on her browsing habits. Don't install screensavers, don't download or install activeX components unless the site they are coming from is reputable....basically don't install anything before googling it first to see if it contains spyware.

You could also try a download manager with community feedback built-in...like Free Download Manager. Even so, never run an executable you are unsure of.

My preferred protection is Mcafee Antivirus + Mcafee Antispyware + Spybot immunizations. If I'm dispatched to fix someone elses PC, the toolkit is CCleaner, HijackThis, Spybot, APM, FileMon, LSPFix, and TCPView.
posted by samsara at 11:20 AM on May 7, 2008

I like to use ZoneAlarm as a firewall. It makes me feel good to tell Microsoft Office that no, it can't phone home, or make sure my shareware that doesn't need internet access is reporting on me.

Theoretically, if some software is infected and wants to use the internet for the first time, it will help against this too. But you have to be willing to press those Block or Allow balloons all the time, and not everyone's up to that.
posted by gensubuser at 11:25 AM on May 7, 2008

Oh and I forgot to add, there are common places for spyware to reside...they include but are not limited to:

-Startup/Service Items (startup folder under the start menu, as well as Run/RunOnce/Services registry keys, and in some really odd cases, the backwards compatible win.ini....CCleaner, Spybot, and HijackThis can help address these)

-BHOs (Browser Helper Objects...these are your IE toolbars/spyware programs...often you'll find that they simply are there to re-infect a PC if the startup items are cleaned, CCleaner and HijackThis can address these)

-Explorer Shell Hooks (these are the real bane of computing...spyware that cannot be deleted because it is part of the dll chain of explorer.exe....usually the cleanup has to be done while explorer is not running, HiJackThis, Spybot, and APM can address these)

-Winsock LSP Hooks (these are also a pain, similar to explorer hooks, and often cause the pc's interenet connection to break due to bad coding. These spyware programs reside directly within the winsock stack, so they can essentially intercept every piece of internet traffic your PC performs. A well known one that claims to not do this is NewDotNet, which simply adds new top level domains....still breaks your PC however, LSPFix can address these)

-Rootkits (these can be the the most painstaking to remove. There are very few spyware rootkits out there....most rootkits instead are of the more malicious virus/trojan variety...they reside on a level that can fool your OS into thinking they don't exist...eg. no files to delete, no processes to kill, but they're still there and can act as a backdoor...luckily there are a few rootkit detectors that can help if one is suspected).

-There are a few other tricks spyware companies employ to infect a PC. Just be wary of stuff that asks to install while you're browsing, even if it looks legit (like video codecs, fake "antispyware" notices, etc).

Good luck!
posted by samsara at 11:42 AM on May 7, 2008

Set her up an admin account and two limited user accounts, and tell her not to use the admin account except when installing software. Make sure all user accounts have passwords.

Other than that, nthing what everyone has said about education being the key here -- the primary lesson is "when in doubt, do not click". Adblock may help significantly here to prevent her from getting confused about what is a legitimate message; installing Firefox and hiding IE (effective for most new users) will at least shut her off from the activeX exploits. You can install the spyware, etc, scanners, but I've never seen these things *prevent* an infection, just *alert* you to it, and then nine times out of ten, tell you that they can't remove it automatically.
posted by fishfucker at 11:43 AM on May 7, 2008

Wow, look at all these downloads of snake oil.

All you have to do is set it so their account is not a local admin. Then tell them that if they need to install software they can do it via logging in as administrator. Toss in AVG on there for good measure and call it a day. They can even use IE7. No need for spywarenuker9000, annoying_subscription_pop_up09, nag_manager07, and diskslowdown08.
posted by damn dirty ape at 11:54 AM on May 7, 2008 [1 favorite has favorites]

Also if youre feeling extra paranoid you can put in windows defender, but its really not needed for limited users. Perhaps set it to scan monthly in case she installs garbage as administrator.
posted by damn dirty ape at 11:56 AM on May 7, 2008

dirty ape has it nailed - 99.5% of spyware will be avoided completely if you set her up with a non-admin account. Couple that with AVG antivirus + windows defender and even the most foolhardy user will be pretty safe.
posted by xla76 at 12:21 PM on May 7, 2008

Yes, she needs a service account. Users who install viruses aren't downloading warez or iPhone jail breakers, well at least 99% of the time. People like your friend are doing so inadvertently, because they don't understand what is happening.

Set her up on her own account, UserA, as a Power User. Set up UserB with an easy to remember password (say, password). UserB has Admin rights. Install everything you can think of on UserB, including printers. Explain to her that she should only go to UserB if she needs to install something (from a legit source!).

I've been setting up moms / aunts / neighbors like this for years. These are smart people who are stupid on computers, but they can understand the idea of user sandboxes. I haven't had any problems since I've gone this route. It is a lot easier than installing a bunch of antivirus/spyware/etc. programs on her computer. "Don't Install" is great advice, but have you seen a lot of sites that propagate viruses and spyware? It is very hard for some people to distinguish what exactly is going on. If they have to physically get on another account to install it, well most likely it is a legit program and not trying to be sneaky.
posted by geoff. at 12:51 PM on May 7, 2008

"And the machine is used by her son, her, and her husband so there is a lot of room for error."

Porn sites are notorious for being laden with malware. Just sayin'.
posted by stuboo at 1:15 PM on May 7, 2008

fishfucker, damn dirty ape, and xla76 have it right. Don't login using an administrator account except to explicitly install software. Don't even use Power User accounts. Just use regular User accounts. If you can't install something, you can't install something accidentally.

Here's a useful site describing how to do this effectively.
posted by me & my monkey at 6:40 PM on May 7, 2008