How to give Internet access to my grandparents but not the world
December 28, 2005 11:05 PM Subscribe
How can I safeguard a Linux laptop with dial-up Internet access?
I just gave my grandparents my old laptop, along with some pre-paid Internet access. Within moments of them attempting to send their first email, they got a virus. We got rid of the virus, installed a firewall, some anti-spyware stuff and several Windows patches...and promptly got several viruses.
After a few days of frustration, my husband converted the O/S to Linux running Firefox. He feels the chance of getting a virus is much lower. He set it so that the laptop loads Firefox on start-up and there isn't other software (e.g. wordprocessors) to give us tech support nightmares. We have set the email to go through Hotmail so that there is virus scanning and what-not. I imagine my husband has taken some other precautions, being a software engineer. But I worry.
Is there anything else we can do? My grandparents likely don't want to go with cable/DSL. They won't have the computer permanently plugged into the phone jack. But I worry about porn dialers and other 1-900 scams that will leave them with $1200 phone bills. (Happened to a friend.)
My grandparents are:
- in their 80s
- not tech savvy
- somewhat Luddite (they unplug the microwave between uses)
- not well-heeled
- not going to be using the Internet for purchases, banking or the like.
- just looking to send email and look at pics of the great-grandkids and maybe surf the web
Any other tips? I favour free/cheap ideas. :) Thanks.
I just gave my grandparents my old laptop, along with some pre-paid Internet access. Within moments of them attempting to send their first email, they got a virus. We got rid of the virus, installed a firewall, some anti-spyware stuff and several Windows patches...and promptly got several viruses.
After a few days of frustration, my husband converted the O/S to Linux running Firefox. He feels the chance of getting a virus is much lower. He set it so that the laptop loads Firefox on start-up and there isn't other software (e.g. wordprocessors) to give us tech support nightmares. We have set the email to go through Hotmail so that there is virus scanning and what-not. I imagine my husband has taken some other precautions, being a software engineer. But I worry.
Is there anything else we can do? My grandparents likely don't want to go with cable/DSL. They won't have the computer permanently plugged into the phone jack. But I worry about porn dialers and other 1-900 scams that will leave them with $1200 phone bills. (Happened to a friend.)
My grandparents are:
- in their 80s
- not tech savvy
- somewhat Luddite (they unplug the microwave between uses)
- not well-heeled
- not going to be using the Internet for purchases, banking or the like.
- just looking to send email and look at pics of the great-grandkids and maybe surf the web
Any other tips? I favour free/cheap ideas. :) Thanks.
Oh, it is possible they could get a virus through email if they're running as root, so set them up with a non-superuser account.
posted by delmoi at 11:38 PM on December 28, 2005
posted by delmoi at 11:38 PM on December 28, 2005
And when I say "possible" they could get an email virus I mean "it's theoretically possible, but almost certainly never happened in the real world"
posted by delmoi at 11:43 PM on December 28, 2005
posted by delmoi at 11:43 PM on December 28, 2005
Look at firehol for setting up an iptables (Kernel 2.4+) (ipchains is Kernel <2 .2, which you shouldn't be using now) firewall.br>
In terms of viruses, yeah - they can get them, but the vectors are far fewer and it's much less likely. Still, install something like ClamAV and train your GPs to run it with some degree of regularity.
posted by benzo8 at 2:08 AM on December 29, 2005
In terms of viruses, yeah - they can get them, but the vectors are far fewer and it's much less likely. Still, install something like ClamAV and train your GPs to run it with some degree of regularity.
posted by benzo8 at 2:08 AM on December 29, 2005
"But I worry about porn dialers and other 1-900 scams that will leave them with $1200 phone bills."
These don't exist in any meaningful way on platforms other than Windows, and only then when IE is used. If those really are your worries, you don't have anything to worry about.
Your real concern should be paring the system back to its bare minimum, exposing the fewest possible (or no) services to the network, and keeping the installation properly up to date. This should come naturally to any competent system administrator (though not necessarily to any competent software engineer), and is not terribly difficult for technical people to learn to do properly.
posted by majick at 2:26 AM on December 29, 2005
These don't exist in any meaningful way on platforms other than Windows, and only then when IE is used. If those really are your worries, you don't have anything to worry about.
Your real concern should be paring the system back to its bare minimum, exposing the fewest possible (or no) services to the network, and keeping the installation properly up to date. This should come naturally to any competent system administrator (though not necessarily to any competent software engineer), and is not terribly difficult for technical people to learn to do properly.
posted by majick at 2:26 AM on December 29, 2005
Porn dialers? Ain't going to happen. That is, theoretically it could, but there are no known instances in the wild, and while the pickings are rich and easy in the Windows world, no one is bothering to target Linux.
A little background: viruses, trojan horses, porn dialers, malicious software in general has to be written to target a specific plaftorm - that is, a combination of operating system, hardware and software. Almost all such "malware" targets flawed software running under Windows on Intel machines. There are many reasons why this is so but we'll put them on one side lest the thread derail.
It is true that people successfully attack other machines, notably servers running Linux or Unix, often using pre-coded attack programs called "rootkits". But such bad folk (script kiddies) are not interested in your gramps' little dialup box.
Sounds as though your husband has it covered already. The only trouble I could possibly forsee is the old folk falling for 419 scams over email - but that could happen no matter what kind of computer they have.
A Mac is almost as low-risk and may be a lot easier to support, if you're prepared to pay for it.
posted by i_am_joe's_spleen at 2:35 AM on December 29, 2005
A little background: viruses, trojan horses, porn dialers, malicious software in general has to be written to target a specific plaftorm - that is, a combination of operating system, hardware and software. Almost all such "malware" targets flawed software running under Windows on Intel machines. There are many reasons why this is so but we'll put them on one side lest the thread derail.
It is true that people successfully attack other machines, notably servers running Linux or Unix, often using pre-coded attack programs called "rootkits". But such bad folk (script kiddies) are not interested in your gramps' little dialup box.
Sounds as though your husband has it covered already. The only trouble I could possibly forsee is the old folk falling for 419 scams over email - but that could happen no matter what kind of computer they have.
A Mac is almost as low-risk and may be a lot easier to support, if you're prepared to pay for it.
posted by i_am_joe's_spleen at 2:35 AM on December 29, 2005
You husband sounds very tech savvy...Linux is uber safe (but harder to teach/explain. )
Realize that going with Linux means that they're going to call you for everything.
I'd suggest Gmail over hotmail.
But yeah, you fire up the box, it goes right to firefox...you wait for a connection, and you give them a homepage (possibly local?) that has a link for email, + a dozen basic sites (cnn, some hobbies.) to get them started.
In fact, I'd totally do that. Put up a page internally for FF where it says "hi, we love you...etc."
Let them get comfortable 'surfing' around from there...rather than trying to educate past that. Figure 3-6 months before you give them the idea of bookmarking. The key here is you want them to come to you with interest.
Make sure flash is installed. Be patient with them
Odds of them getting a virus/malaware= zero
posted by filmgeek at 5:05 AM on December 29, 2005
Realize that going with Linux means that they're going to call you for everything.
I'd suggest Gmail over hotmail.
But yeah, you fire up the box, it goes right to firefox...you wait for a connection, and you give them a homepage (possibly local?) that has a link for email, + a dozen basic sites (cnn, some hobbies.) to get them started.
In fact, I'd totally do that. Put up a page internally for FF where it says "hi, we love you...etc."
Let them get comfortable 'surfing' around from there...rather than trying to educate past that. Figure 3-6 months before you give them the idea of bookmarking. The key here is you want them to come to you with interest.
Make sure flash is installed. Be patient with them
Odds of them getting a virus/malaware= zero
posted by filmgeek at 5:05 AM on December 29, 2005
Even better: set Firefox's homepage to a remote page that you have access to and can edit. Then you can periodically update their homepage to send them messages, leave reminders and add other sites of interest. Seconding the idea of pre-installing Flash (it isn't included with many distros) and maybe also a media player in case you need to send them video/audio clips of the kids.
But, yes, you won't have any virii/ worms/ porn dialers with Linux. As others have suggested, strip the OS down to the bare minimum and you'll be fine.
posted by blag at 6:51 AM on December 29, 2005
But, yes, you won't have any virii/ worms/ porn dialers with Linux. As others have suggested, strip the OS down to the bare minimum and you'll be fine.
posted by blag at 6:51 AM on December 29, 2005
Sounds to me like your husband got his geek panties in a twist, and forced Linux on someone who won't understand a problem when it comes up, because Linux doesn't really explain the problems. And there are plenty of trojans out there scanning for insecure Linux machines.
My grandparents got a laptop from me with Windows XP SP2, the MS AntiSpyware (beta), and eTrust antivirus/firewall. I also set up a Windows Messenger account so they can IM me when they're having a problem, and I can use remote assistance to help them.
Linux for technophobes! Gah! If all they want is mail, get them a MailStation. Buy one of those picture frame LCDs that dials in to download the latest pictures that you uploaded to a particular web site, and they'll have the latest pics of their grandkids.
I don't mean to come off sounding like a jerk, but people who continue to think Linux has a place in the everyday desktop world really tick me off. Linux, as a server or a member of a rendering farm, kicks the crap out of Windows or OSX (which has a bloated UI that takes a lot of the speed away from the Unix-based core). But as a desktop? It's not as user-friendly as Windows or OSX, and that's just a fact. It's also not supportable, because every installation can be wildly different from another. Who thought that moving window control buttons around on the window frame from theme to theme was a good idea? "Okay, grandma, click the red X close button in the upper-right side of the window." "What's that now? I have the UberGunk theme installed, I don't have a red X anywhere. I have a purple triangle on the left side of the window, is that it?"
Windows. Protection software. Easily supportable from afar, and numerous books on the subject meant for newbies, if the grandparents are the reading sort (many aren't).
posted by Merdryn at 7:02 AM on December 29, 2005
My grandparents got a laptop from me with Windows XP SP2, the MS AntiSpyware (beta), and eTrust antivirus/firewall. I also set up a Windows Messenger account so they can IM me when they're having a problem, and I can use remote assistance to help them.
Linux for technophobes! Gah! If all they want is mail, get them a MailStation. Buy one of those picture frame LCDs that dials in to download the latest pictures that you uploaded to a particular web site, and they'll have the latest pics of their grandkids.
I don't mean to come off sounding like a jerk, but people who continue to think Linux has a place in the everyday desktop world really tick me off. Linux, as a server or a member of a rendering farm, kicks the crap out of Windows or OSX (which has a bloated UI that takes a lot of the speed away from the Unix-based core). But as a desktop? It's not as user-friendly as Windows or OSX, and that's just a fact. It's also not supportable, because every installation can be wildly different from another. Who thought that moving window control buttons around on the window frame from theme to theme was a good idea? "Okay, grandma, click the red X close button in the upper-right side of the window." "What's that now? I have the UberGunk theme installed, I don't have a red X anywhere. I have a purple triangle on the left side of the window, is that it?"
Windows. Protection software. Easily supportable from afar, and numerous books on the subject meant for newbies, if the grandparents are the reading sort (many aren't).
posted by Merdryn at 7:02 AM on December 29, 2005
Merdryn sayeth: "Sounds to me like your husband got his geek panties in a twist, and forced Linux on someone who won't understand a problem when it comes up, because Linux doesn't really explain the problems."
And when something suddenly crashes and Windows displays an unresizable dialog box that says
"But as a desktop? It's not as user-friendly as Windows or OSX, and that's just a fact. It's also not supportable, because every installation can be wildly different from another."
Simply use KDE >3.2 in a newer version of, say, Mandrake. The UI is at least as clean and approachable as any Windows release; and the fact that it is more configurable does not mean that you have to tweak it beyond recognition. It even has "Redmond"-style window decorations and such so that some casual users might not detect any real difference. I don't see why Linux is a bad choice here.
As for other security suggestions, I might turn off Firefox's automatic password storage and automatic form-completion (even though you say that they probably won't be using the connection for financial transactions). These may be convenient features but users should be acting very deliberately when accessing sites involving personal information. Maybe that sounds a little old-fashioned but it helps users to be mindful of what they're actually doing.
posted by yz at 10:31 AM on December 29, 2005
And when something suddenly crashes and Windows displays an unresizable dialog box that says
A Fatal Exception 0D has occurred at 0028:C0001FCE in VXD VMM(01) +00000FCE.that's helpful? Not to mention the fact that Microsoft Word produces an imposing two-hundred-word warning if you merely ask to save a .doc as plain text.
"But as a desktop? It's not as user-friendly as Windows or OSX, and that's just a fact. It's also not supportable, because every installation can be wildly different from another."
Simply use KDE >3.2 in a newer version of, say, Mandrake. The UI is at least as clean and approachable as any Windows release; and the fact that it is more configurable does not mean that you have to tweak it beyond recognition. It even has "Redmond"-style window decorations and such so that some casual users might not detect any real difference. I don't see why Linux is a bad choice here.
As for other security suggestions, I might turn off Firefox's automatic password storage and automatic form-completion (even though you say that they probably won't be using the connection for financial transactions). These may be convenient features but users should be acting very deliberately when accessing sites involving personal information. Maybe that sounds a little old-fashioned but it helps users to be mindful of what they're actually doing.
posted by yz at 10:31 AM on December 29, 2005
Response by poster: Thanks. I had my husband review the comments and he rolled his eyes at me. He's done all of the above. I guess I just wanted to be extra safe!
We are just going to put a local welcome page, so that they don't have to connect to the Internet to see it.
Even with a firewall, virus scanner and spyware app running, we got viruses. So Windows is out of the question. And my grandparents are on dial-up, so constantly running Windows Update would be a pain.
As for Linux as a desktop, I understand the concerns. But all we're giving them is Firefox. If they want to write docs, they can email text to my mom. If they want to do anything else, they can buy their own computer.
We'll be giving them lots of info about only opening email from family/friends and not downloading things. I think we should be okay. They do unplug the microwave for fear that it might blow up between uses. :)
posted by acoutu at 12:04 PM on December 29, 2005
We are just going to put a local welcome page, so that they don't have to connect to the Internet to see it.
Even with a firewall, virus scanner and spyware app running, we got viruses. So Windows is out of the question. And my grandparents are on dial-up, so constantly running Windows Update would be a pain.
As for Linux as a desktop, I understand the concerns. But all we're giving them is Firefox. If they want to write docs, they can email text to my mom. If they want to do anything else, they can buy their own computer.
We'll be giving them lots of info about only opening email from family/friends and not downloading things. I think we should be okay. They do unplug the microwave for fear that it might blow up between uses. :)
posted by acoutu at 12:04 PM on December 29, 2005
I agree with yz...for computer neophytes a user-friendly Linux distro is at least as easy to use as Windows. (Mandrake perhaps, or something like Ubuntu, which has a nicely polished and well organized Gnome set-up.) From my observations, it's really experienced Windows power users who have the most frustrating time with Linux.
Your grandparents are definitely safer with that than with Windows given the existence of nasty exploits like the newest WMF one out in the wild reported here. And as far as Linux exploits go...really what's out there now is stuff targetting web software like PHP that's running on Linux servers but which is unlikely to have been installed on the laptop by your husband.
posted by Pryde at 1:12 PM on December 29, 2005
Your grandparents are definitely safer with that than with Windows given the existence of nasty exploits like the newest WMF one out in the wild reported here. And as far as Linux exploits go...really what's out there now is stuff targetting web software like PHP that's running on Linux servers but which is unlikely to have been installed on the laptop by your husband.
posted by Pryde at 1:12 PM on December 29, 2005
Sounds to me like your husband got his geek panties in a twist, and forced Linux on someone who won't understand a problem when it comes up, because Linux doesn't really explain the problems. And there are plenty of trojans out there scanning for insecure Linux machines.
Dosn't sound like they would be able to handle Windows either. My mom was upset when they cancled dial-in-terminal (as in, dial directly up to a command line, rather then to the internet) email access because it was easier for her to remember strings of text then bizzare incantations with the mouse.
And getting rid of spyware on a windows machine isn't any easier then using linux? Have you ever even looked at your registry? Do you know what msconfig is and which versions of windows don't have it?
posted by delmoi at 6:26 PM on December 29, 2005
Dosn't sound like they would be able to handle Windows either. My mom was upset when they cancled dial-in-terminal (as in, dial directly up to a command line, rather then to the internet) email access because it was easier for her to remember strings of text then bizzare incantations with the mouse.
And getting rid of spyware on a windows machine isn't any easier then using linux? Have you ever even looked at your registry? Do you know what msconfig is and which versions of windows don't have it?
posted by delmoi at 6:26 PM on December 29, 2005
This thread is closed to new comments.
Um, secured against what, exactly? There are Linux viruses, but there is no way your grandparents could get one through email. It's possible they could get a worm, but very unlikely unless there is a remote kernel exploit, which is extremely unlikely.
In general the only steps you would need to take to secure this box are to
1) make sure it's updated
2) keep any unnecessary services from running, or inaccessible from the outside.
You might want to setup a firewall, and the box should come with everything you need already. In Linux the way to do this is with ipchains. I've never done this.
That said, unless you're running some totally whacked-out distribution full of beta software, you should be fine. I mean you really have nothing at all to worry about at this point.
posted by delmoi at 11:37 PM on December 28, 2005