Protecting users against themselves

[Transition]

I've got a few users here on XP Home that continually find new ways to introduce spyware and viruses on their machines. Some of this spyware is such a pain in the arse to deal with it's faster to restore the machine then trying to remove it all.

What i'm trying to figure out is the best way to setup an XP Home machine granting the user as little privleges as possible to minimize occurances like this. Anyone have suggestions?

 

[spherrod]

Make sure the users are not administrators would be a start. Are you running any anti-spyware/anti-virus/firewall software on the machines?

 

[Transition]

Originally posted by: spherrod
Make sure the users are not administrators would be a start. Are you running any anti-spyware/anti-virus/firewall software on the machines?

Yea their not running as admin already. Running Norton Corporate A/V and Adaware on all machines.

 

[spherrod]

may be worth adding another anti-spyware level? Spyware Blaster is good for Browser problems and Microsoft's Anti-Spyware tool is pretty good too

 

[mechBgon]

Transition, what spyware/adware are they managing to install from a Limited account, exactly? I'd be interested to hear specifics. You can basically ignore AdAware (besides which business usage requires purchasing it anyway).

Also, Start > Run > cmd and net localgroup administrators for a list of Admin-class accounts. On my system they're root and superuser (see, the *nix guys are rubbing off on me 😕 ), so now you would type net user root OMGHI2U!! and net user superuser WHATYOUSAY!! to set the passwords for those accounts to something strong. This isn't just to secure the system against the user, but also against worms and stuff.

Also, obviously you want to keep Automatic Updates turned on. Check the machines with Microsoft Baseline Security Analyzer too.

Lastly, check your antivirus configuration to ensure that you have all the goodies maxed out, both for real-time protection and for scheduled backscans: heuristics maxed, compressed-file scanning enabled, spyware/adware detection turned on, no exemptions, no asking the user what action should be taken. Ensure that the updater checks daily for updates.

 

[spherrod]

I knew mechBgon would be here with some wise words :beer:

 

[mechBgon]

Originally posted by: spherrod
I knew mechBgon would be here with some wise words :beer:

Hehe :beer:

I guess I left out the importantest suggestion: train the users to avoid that stuff 😛

 

[spherrod]

Originally posted by: mechBgon

Originally posted by: spherrod
I knew mechBgon would be here with some wise words :beer:

Hehe :beer:

I guess I left out the importantest suggestion: train the users to avoid that stuff 😛

shoot the users? 😛

 

[Transition]

Originally posted by: mechBgon

Originally posted by: spherrod
I knew mechBgon would be here with some wise words :beer:

Hehe :beer:

I guess I left out the importantest suggestion: train the users to avoid that stuff 😛

Thanks for the great suggestions. Sometimes, certain people are beyond the point of training and will continue to do whatever they want. Especially older folks that i work with - you just can't teach them anything no matter how many times i hold their hands.

 

[mechBgon]

Originally posted by: spherrod

Originally posted by: mechBgon

Originally posted by: spherrod
I knew mechBgon would be here with some wise words :beer:

Hehe :beer:

I guess I left out the importantest suggestion: train the users to avoid that stuff 😛

shoot the users? 😛

Naw, mind-control implants 😉

If the users are using Internet Explorer, going to Tools > Internet Options > Privacy tab and raising the cookie slider to Medium-High will dramatically reduce the number of tracking cookies you'll see reported by AdAware, if you even care about tracking cookies. And/or SpywareBlaster, like spherrod said.

edit: the cookie setting is a per-user setting, so you would make that change while logged on as each of the user accounts, or else build a custom IE installer using IEAK6 that pre-sets the default settings to what you desire.

 

[gsellis]

Just a footnote as I spent a few hours removing Aurora recently (those basturds are being sued and the plantiff is seeking class action; judge has already allowed the suit - hurrah).. Even AOL with teen filter on does not prevent - it was passed in an IM (don't open anything, even if you DO KNOW THEM has been reenforced). For the record, Aurora can disable MS Anti-Spy, Symantec 9 (and 10), and requires a recover method (disc or safe mode) to remove. What I missed the first attempt, they install a Print Monitor... whodda thunk (and was wishing I had a copy of PView, but Bart's/MS PE to the rescue.)

Want to know the real root cause? The Sims. When will those idiots learn to write code that will work in User? Come to think of it, have not tried the Sims 2 in regular user mode...

 

[mechBgon]

For the record, there is an update to The Sims2 that will allow it to run under a Limited/Restricted-User account, although that may not be what you meant by User mode. Go to the Start > Programs > whatever > and there's an Update feature in there.

 

[gsellis]

Originally posted by: mechBgon
For the record, there is an update to The Sims2 that will allow it to run under a Limited/Restricted-User account, although that may not be what you meant by User mode. Go to the Start > Programs > whatever > and there's an Update feature in there.

Thanks, I will check into that. I had tried every stinking trick I know including changing ACLs in both the Reg and the file system (no access to regmon or filemon at home) to get the thing to work.