Comrades. I need your advice.

[Josef Stalin]

At work, I do what my capitalistic employers force me to do. There, they
set up computers with profiles as power users. At home, I have set up my
computers with the sole users are administrators. Now, I am setting another
computer for an out of area relative who is not too computer savvy. I have
set up a software firewall and an anti-virus program but with his artistic
personality, I'm concerned that somehow some program might get past all of
these controls. I confess that I'm not too terribly knowledgeable when it
comes to security. I have set him up with an admin profile so that he can
install programs but I've cautioned him to use his restricted profile. This
is a W2K machine.

My question is this, does using a restricted profile protect the system that
much than a power user and that much more than an administrator? Forgive an
old man's mutterings.

Uncle Josef,

 

[Lanwench [MVP - Exchange]]

He won't be able to install (most) software or hardware with his regular
user account...but he still needs to understand the basics - no e-mail
attachments unless he is *expecting* them. No Kazaa. No clicking on
interesting links sent to him in IM.
Make sure his AV software updates itself regularly. And no pogroms if he
mistakenly downloads a trojan. Promise?

--LW

 

[Carl Fenley]

My question is this, does using a restricted profile protect the
system that much than a power user and that much more than an
administrator? Forgive an old man's mutterings.

I'm going to say, "no, not really". One of the best things you can do is
make sure the machine you are setting up never gets a valid routeable IP
address and is behind a port-blocking router. If we're talking dial-up
Internet access, it's not that critical.

Now, if your relative is the kind of user that has the inexplicable tendency
to double-click email attachments from strangers, then I could see
restricted user permissions increasing security.

Of course, many applications want to be installed by an Administrator
account. It's a trade-off I suppose.

- carl

 

[Guest]

also change the admin account name, use passwords of 7 or better yet 8 char, use upper, lower case, #'s & special charicters ie: @#$%^&*(....

 

[Mistoffolees]

At work, I do what my capitalistic employers force me to do. There, they
set up computers with profiles as power users. At home, I have set up my
computers with the sole users are administrators. Now, I am setting another
computer for an out of area relative who is not too computer savvy. I have
set up a software firewall and an anti-virus program but with his artistic
personality, I'm concerned that somehow some program might get past all of
these controls. I confess that I'm not too terribly knowledgeable when it
comes to security. I have set him up with an admin profile so that he can
install programs but I've cautioned him to use his restricted profile. This
is a W2K machine.

My question is this, does using a restricted profile protect the system that
much than a power user and that much more than an administrator? Forgive an
old man's mutterings.

Uncle Josef,

The best way might be for him to learn and survive. Just
remind him what is the purpose of the gulags and the hard
labor that will be his sentence at reinstalling the system
and recovering personal files that just might be lost. One
or two trips in exile should complete the re-education.

 

[Josef Stalin]

The best way might be for him to learn and survive. Just
remind him what is the purpose of the gulags and the hard
labor that will be his sentence at reinstalling the system
and recovering personal files that just might be lost. One
or two trips in exile should complete the re-education.

I don't think you Capitalistics understand. Under this new weak regime of
yours, *I* am the one who will be punished and have to do the reinstall,
salvage files and listen to his endless moaning. Oh, how I miss the good
old days where virus writers and other vicious enemies of the state would
have met with swift justice and no mercy. No judges, no appeals, no
lawyers.

 

[Josef Stalin]

I'm going to say, "no, not really". One of the best things you can do is
make sure the machine you are setting up never gets a valid routeable IP
address and is behind a port-blocking router. If we're talking dial-up
Internet access, it's not that critical.

I have LinkSys. Which would you recommend?

 

[Steve N.]

Set him up, image/backup the system before he breaks it, tell him the
law - you break it and it all goes back to square one. It's user
responsibility to back up their data as they create it. It's user
responsibility to practice safe computing.

Steve

 

[Carl Fenley]

I have LinkSys. Which would you recommend?

Linksys is fine, as are most other routers. Routers have no services
'listening' on any ports, and worms can't attack a non-routeable IP address,
such as 192.168.1.101 (except from behind the router, like from an email
attachment). So, with a non-routeable IP address and a port-blocking
router, it doesn't matter if your friend turns on an Anonymous FTP Service,
an unpatched and unsecure Internet Information Service, or has wide-open
shares available on his PC. No one outside his house can get to them.

Between the router and the Fear of God over email attachments, even a novice
with Administrator privledges should be secure.

- carl