Dumb Kid Proofing windows

T

tybert7

2[H]4U
Joined
Aug 23, 2007
Messages
2,763
I was called in by a friend of the family and tasked to fix their internet connection and computer.

The primary users are three young girls. It was a disaster. Imagine a rats nest squirming atop maggots circled by carrion. You could almost see brimstone and ash waft from the casing and screen.


It is a Vista machine, but there the similarities with windows end. The browser is hijacked and the ever present mywebsearch has infested all corners of the system, fake virus scanners abound, there was an image of Richard Pryor in the place of the typical mouse pointer animation.

navigating anything is nigh impossible. The system is bogged down so the tiniest click requires minutes to execute.


There is no hope or salvation for the machine in its current state, the taint runs too deep, I, or GOD, would never know if it was ever truly clean if cleaned save any option but scorched earth.

So I am picking up a copy of Windows 7 tomorrow. I'll get the retail version of premium as I need to replace my release candidate eventually anyway. At least I will still have one more install for my next desktop system.


But I need to inoculate the new system as best I can from the meanderings of those kids. I need to know all the main bases to go over that will not cost extra money.

I know to create user accounts that are separate from the administrator. I also hear there is a sort of sandbox feature from some software out there that can revert a system and contain and isolate bad infections.

I do not want to cripple their usage, but the only other alternative would seem to team them to be less foolish on the web. Not sure I have that much time.
 
tybert7 said:
I do not want to cripple their usage, but the only other alternative would seem to team them to be less foolish on the web. Not sure I have that much time.
Click to expand...

I think you do want to cripple their usage...mainly NOT allow them to install programs. Get a list of games or programs they've installed now (that aren't spyware peices of crap obviously) and install them under the admin account. Then setup limited accounts for the 3 girls. They shouldn't really have a need to install new programs if you set up the computer ahead of time.
 
Check out SteadyState:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
It only works with XP and Vista currently.

That, and/or lock the machine down with group policy settings. Give the kids limited user accounts. Teach the kids/parents how UAC works and that they should only click continue if they told the computer to do something requiring admin privileges. If you install 7 you'll want to turn UAC up to the highest security setting.

Vista/7 is very safe if they can follow some basic security guidelines. If they're little kids you have to lock it down. Personally I wouldn't bother with 7, its not any more secure than Vista.
 
DeathFromBelow said:
Check out SteadyState:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
It only works with XP and Vista currently.

That, and/or lock the machine down with group policy settings. Give the kids limited user accounts. Teach the kids/parents how UAC works and that they should only click continue if they told the computer to do something requiring admin privileges. If you install 7 you'll want to turn UAC up to the highest security setting.

Vista/7 is very safe if they can follow some basic security guidelines. If they're little kids you have to lock it down. Personally I wouldn't bother with 7, its not any more secure than Vista.
Click to expand...

There is one thing that you can do in 7 Ultimate/Enterprise that does make a machine damn near bullet proof, AppLock. If it ain't in the list of allow apps, it doesn't run, period. It may sound a little draconian but if you basically only allow a web browser and things like Office or what stuff you need for school this stuff doesn't happen.

Unfortunately it is only in Ultimate/Enterprise and I know it sounds like a pain but I bet when setup right it saves a lot of time and grief for everyone. This really needs to be in ALL versions of Windows.
 
Last edited:
heatlesssun said:
There is one thing that you can do in 7 Ultimate/Enterprise that does make a machine damn near bullet proof, AppLock. If it ain't in the list of allow apps, it doesn't run, period. It may sound a little draconian but if you basically only allow a web browser and things like Office or what stuff you need for school this stuff doesn't happen.

Unfortunately it is only in Ultimate/Enterprise and I know it sounds like a pain but I bet when setup right it saves a lot of time and grief for everyone. This really needs to be in ALL versions of Windows.
Click to expand...

I thought AppLocker is only in Enterprise and Ultimate edition?
 
Last edited:
limited user account, then don't give them the password ?
 
I'm going to get flamed for this, but just install Linux. It's free, will solve all your problems, and for young kids, perfectly fine.
 
tybert7 said:
there was an image of Richard Pryor in the place of the typical mouse pointer animation.
Click to expand...

This shit cracked me up. I'm off to find custom mouse pointers....


Seriously, though... Wouldn't simply making a Limited User account be the way to go? Make an Admin account, give it a good password, tell the parents. If they choose to tell their daughters, it's their business. You can always charge them next time you have to clean up the comp.
 
heatlesssun said:
There is one thing that you can do in 7 Ultimate/Enterprise that does make a machine damn near bullet proof, AppLock.
Click to expand...
-PK- said:
I thought AppLocker is only in Enterprise and Ultimate edition?
Click to expand...

He may be able to do it with the group policy editor:



You can access the group policy editor by going to run and typing in gpedit.msc. I have the option to restrict the user to specific applications in Vista Ultimate. I assume the same function is in 7, I don't know if its limited to certain versions though.

keenan said:
I'm going to get flamed for this, but just install Linux. It's free, will solve all your problems, and for young kids, perfectly fine.
Click to expand...

We're trying to fix the computer, not turn it into a paperweight. :D
 
Guest Mode would have been your solution, but they took that out during the beta/RC process.
 
Because the machine is infected... That turns into upgrading to a new operating system... NICE!
 
Limited accounts for the kids, password protect parents account. (free and easy)
Set OpenDNS as their routers DNS instead of the ISPs DNS servers (free and still quite easy)
Microsoft Windows Live Family Safety (free and just a few minutes to setup)
Microsoft Steady State is another option..also free.
 
I had similar situation with Windows XP and 3 girls users. When they asked me to fix it it looked very similar to your situation except that computer wassinging some strange song every 5 minutes :)

What I did is:

1. Reinstalled XP
2. Installed antivirus NOD32 and later replaced with Avira (machine was not protected) and all SW girls wanted on the computer
3. Explained to the girls that they should not download and install stuff on the computer except what they alreayd have. Although I have not prevented them to do this.
4. Told them that next time I might not find time to fix they shit again

2 years has passed since then and computer is still working fine without any problems :)
 
Last edited:
I tried SteadyState on my son's PC a while back. While fairly effective, it turned into a nightmare when adobe, java, and games like DDO and WoW wanted to auto patch. I wound up removing SteadyState, but then I could never quite get the OS back to the pre-SteadyState condition. It still nagged me and caused a few other headaches.

I recommend Deepfreeze over SteadyState.

I also agree with the previous poster about using Linux. there are many custom versions out there that will give them the usage they want w/o the headaches.
 
Limited Guest account + Virtual Machine :p

Run the limited account, then open the virtual machine and have them run amok there with appropriate protections. Should inoculate the host OS......
 
almalino said:
I had similar situation with Windows XP and 3 girls users. When they asked me to fix it it looked very similar to your situation except that computer wassinging some strange song every 5 minutes :)

What I did is:

1. Reinstalled XP
2. Installed antivirus NOD32 and later replaced with Avira (machine was not protected) and all SW girls wanted on the computer
3. Explained to the girls that they should not download and install stuff on the computer except what they alreayd have. Although I have not prevented them to do this.
4. Told them that next time I might not find time to fix they shit again

2 years has passed since then and computer is still working fine without any problems :)
Click to expand...


Or they got someone else to fix it in the following months after all the toolbars and other junk was reinstalled :D.
 
You must log in or register to reply here.
Back
Top