Comrades. I need your advice.

  • Thread starter Thread starter Josef Stalin
  • Start date Start date
J

Josef Stalin

At work, I do what my capitalistic employers force me to do. There, they
set up computers with profiles as power users. At home, I have set up my
computers with the sole users are administrators. Now, I am setting another
computer for an out of area relative who is not too computer savvy. I have
set up a software firewall and an anti-virus program but with his artistic
personality, I'm concerned that somehow some program might get past all of
these controls. I confess that I'm not too terribly knowledgeable when it
comes to security. I have set him up with an admin profile so that he can
install programs but I've cautioned him to use his restricted profile. This
is a W2K machine.

My question is this, does using a restricted profile protect the system that
much than a power user and that much more than an administrator? Forgive an
old man's mutterings.

Uncle Josef,
 
He won't be able to install (most) software or hardware with his regular
user account...but he still needs to understand the basics - no e-mail
attachments unless he is *expecting* them. No Kazaa. No clicking on
interesting links sent to him in IM.
Make sure his AV software updates itself regularly. And no pogroms if he
mistakenly downloads a trojan. Promise?

--LW
 
Josef said:
My question is this, does using a restricted profile protect the
system that much than a power user and that much more than an
administrator? Forgive an old man's mutterings.

I'm going to say, "no, not really". One of the best things you can do is
make sure the machine you are setting up never gets a valid routeable IP
address and is behind a port-blocking router. If we're talking dial-up
Internet access, it's not that critical.

Now, if your relative is the kind of user that has the inexplicable tendency
to double-click email attachments from strangers, then I could see
restricted user permissions increasing security.

Of course, many applications want to be installed by an Administrator
account. It's a trade-off I suppose.

- carl
 
also change the admin account name, use passwords of 7 or better yet 8 char, use upper, lower case, #'s & special charicters ie: @#$%^&*(....
 
Josef said:
At work, I do what my capitalistic employers force me to do. There, they
set up computers with profiles as power users. At home, I have set up my
computers with the sole users are administrators. Now, I am setting another
computer for an out of area relative who is not too computer savvy. I have
set up a software firewall and an anti-virus program but with his artistic
personality, I'm concerned that somehow some program might get past all of
these controls. I confess that I'm not too terribly knowledgeable when it
comes to security. I have set him up with an admin profile so that he can
install programs but I've cautioned him to use his restricted profile. This
is a W2K machine.

My question is this, does using a restricted profile protect the system that
much than a power user and that much more than an administrator? Forgive an
old man's mutterings.

Uncle Josef,

The best way might be for him to learn and survive. Just
remind him what is the purpose of the gulags and the hard
labor that will be his sentence at reinstalling the system
and recovering personal files that just might be lost. One
or two trips in exile should complete the re-education.
 
The best way might be for him to learn and survive. Just
remind him what is the purpose of the gulags and the hard
labor that will be his sentence at reinstalling the system
and recovering personal files that just might be lost. One
or two trips in exile should complete the re-education.

I don't think you Capitalistics understand. Under this new weak regime of
yours, *I* am the one who will be punished and have to do the reinstall,
salvage files and listen to his endless moaning. Oh, how I miss the good
old days where virus writers and other vicious enemies of the state would
have met with swift justice and no mercy. No judges, no appeals, no
lawyers.
 
I'm going to say, "no, not really". One of the best things you can do is
make sure the machine you are setting up never gets a valid routeable IP
address and is behind a port-blocking router. If we're talking dial-up
Internet access, it's not that critical.

I have LinkSys. Which would you recommend?
 
Set him up, image/backup the system before he breaks it, tell him the
law - you break it and it all goes back to square one. It's user
responsibility to back up their data as they create it. It's user
responsibility to practice safe computing.

Steve
 
Josef said:
I have LinkSys. Which would you recommend?

Linksys is fine, as are most other routers. Routers have no services
'listening' on any ports, and worms can't attack a non-routeable IP address,
such as 192.168.1.101 (except from behind the router, like from an email
attachment). So, with a non-routeable IP address and a port-blocking
router, it doesn't matter if your friend turns on an Anonymous FTP Service,
an unpatched and unsecure Internet Information Service, or has wide-open
shares available on his PC. No one outside his house can get to them.

Between the router and the Fear of God over email attachments, even a novice
with Administrator privledges should be secure.

- carl
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top