Bulletproof Windows 7 for Parents

[lessthanjakejohn]

Hello,

My father blew up his Pentium 4 finally with a nasty Trojan.

This weekend I'll be putting together a new computer for him.

I was wondering if anyone had any recommendations about how to secure and keep a new Windows 7 computer as maintenance free and reliably as possible.

I'm thinking about investing in Deepfreeze. I'm also hoping for some kind of sync to the cloud + encryption for important financial documents.

Has anyone done anything novel that has turned out to be pretty reliable?

 

[vsboxerboy]

Whatever you do, put TeamViewer or something equivalent on there.

 

[munkle]

Do they need windows? Linux might be the best bet if they get lots of virii.

 

[devil22]

I have a link in my sig to a security guide I created, it needs to be better organized but I think you can get some good stuff out there. On top of that I think the importance of education should be stressed, they should be taught to update, avoid scam emails, and fake web virus scanners. Between that and moving my Parents to Windows Vista, I have a lot less headaches these days.

 

[Xeth]

I don't know about novel but I just made my dad use a non-admin account. Of course it breaks any apps that require elevation, and he has to switch to the administrator account to install any software (I told him to call me whenever he wants to install something new, so I can make sure it's not a trojan). He rarely uses anything except Office and Firefox though, so this works pretty well for him.

I use windows remote assistance with him and that works fine, even through firewalls.

 

[lessthanjakejohn]

Do they need windows? Linux might be the best bet if they get lots of virii.

Yeah Windows is a must due to Financial programs and bank websites.

I get the whole Linux is great deal but I'm moderately techincal at linux and the one thing I don't get with these suggestions is that my parents would definitely screw up a linux install by clicking on the wrong things and I definitely would not know how to fix it without a lot of research. Even just basic settings are sometimes in weird places.

 

[bigdogchris]

Windows 7 SP1 x64 is the most secure version of Windows ever released. Also make sure you keep UAC on and put a AV program on it like MSE, which is easy to use for non-computer literate people. Also, set the static DNS to Comodo or OpenDNS, to help better filter out malware sites. Do not install Java as this is often the target of exploits. Also update to IE9, which is pretty secure, and very fast.

 

[lessthanjakejohn]

There is no issue with $$ for programs. so don't hold back stuff that's non free.

 

[MrCrispy]

- Make sure their pc is behind a router and not connected directly.
- Take 2 system images - one after a clean install of Win 7 + all updates, other after installing all software that's needed. Save them to an external drive and show your dad how to restore using Windows Backup or from the Windows 7 recovery mode.
- Move data folders (music/documents/pictures) to a 2nd partition
- Setup online sync with multiple services - Live Mesh, Dropbox, Sugarsync etc. All free for a few GB which is enough for critical stuff. Pay for more if you really need it. It's the best and safest backup for imp data.
- Install MSE 2, Firefox with Adblock, WOT
- update the hosts file to block known malware sites, use Comodo/Norton/Open Dns

This is the baseline. Once all this is done, show him how he can restore his pc from the saved image, and get back all his data and programs. Let him do this so he's comfortable with it, and also to verify that the restore works.

At this point, you can now try out some other security programs etc and see what you like. There are too many (Norton, Kaspersky, MBAM etc) to know which one will work best, its also user preference.


For backup one of the easiest programs is Oops Backup, its very simple to use. Also download a few rescue cd's (each AV maker has a free one) and show him how he can boot from the cd and scan the pc.

It's better to have proper backup/restore procedures in place rather than depend on bulletproof security (no such thing). The more hardened you make the OS, the more limitations he will have.

 

[Hazakins]

I used a program Deep freeze at work. One of those programs that makes it boot from the image file every time so no chance of viri or spyware. If you need to update a prog you just type a password during boot and it allows changes until you reboot again.