Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Is there a good way to "Baby Gate" my grandmother's PC?


ShardtheFox
 Share

Recommended Posts

So every couple months, my Grandmother comes to me with a disgustingly infected PC. Generally, i can handle it, although sometimes I have to get help here. Is there a good way to set a whitelist of allowed actions, and block everything else? I don't just mean a firewall, but actually block system functions that normal users would have access to. I've already set up an admin account, and made her account a normal user, and she doesn't have access to the admin account. I've got a subscription of Kaspersky running, and I'm using comodo firewall, in addition to the windows firewall. 

I was hoping there is either some user setting I'm missing, or a piece of software that someone could suggest. She's running window's 7, and the machine is fairly new, built just last year.

Link to post
Share on other sites

have you installed items such as "trafficlight" and "WOT" in a firefox browser (which has it's own "filters/protection) ?

this will afford three levels of "do you really want to do this ?" from within the browser .

this would be in addition to any similar items provided by your current AV/AM .

also ... what version of kaspersky are you running ? if it is the full-blow version that has it's own firewall , using other firewalls is redundant and serves to slow the machine .

make sure that the windows versions of an AV/AM (MSE along with defender) is turned off ... many times this gets turned on *somehow* .

 

i hope your grandmother does not do any banking or other *sensitive* operations on that comp .

 

as far as settings go ...

if you have locked down the machine so she cannot download and install programs plus have taken reasonable efforts to ensure that all of her email is scanned (incoming and outgoing) and automatically deleted , then educating her is the best investment of time .

 

however ... one cannot save people from themselves .

i have seen machines in a corporate environment that were "locked down" and the user still managed to infect the machine .

Link to post
Share on other sites

You can further restrict the standard account(s) by using Windows Parental Controls.

 

Parental Controls is simpler. Set up as shown here, it simply creates a "whitelist" of the .EXE files already installed on the system in the normal locations. You can add more programs to the whitelist as the need arises. You can also choose which software can be run on a per-user basis.

 

 

http://www.mechbgon.com/srp/

Link to post
Share on other sites

  • 3 weeks later...

Thanks for all the advice. She already has MalwareBytes Anti-Malware Premium, and the full suite of Kaspersky. Since my first post I learned that multiple software firewall is a big nono, so i disabled comodo and windows defender, now using just the Kaspersky firewall. User account controls have been set as suggested. Unfortunately, I can't convince her to use any browser that is not Internet Explorer. I guess only time will tell if these actions will be suffcient protection. Thanks all for your help.

Link to post
Share on other sites

sometimes the best form of education comes from making a hole in one's pocketbook .

you might point out to her the cost of taking her machine to a (ahem) *professional* .

and the possibilities of the eventuality of not being able to retrieve/recover files (and such) .

 

uninstalling comodo and other unneeded programs is the best way to help keep a machine "cleaned out" .

think of it like walking in the door and placing a few of the items you have on the kitchen counter ...

eventually , there is going to be a mess that avalanches onto the floor .

there are a couple of good programs for helping to keep a machine cleaned out (not endorsing/hawking these) :

ccleaner (using the cleaner side only ... leave the registry side alone)

revo uninstaller (the old version is free and works well)

 

remember ... an uninstaller program doesn't know or care if the program is needed or not ... that is up to the user to find out .

 

do not fall prey to those "let-us-fix-yer-comp" programs and advertisements ...

99.9% of these are bogus and hype .

Link to post
Share on other sites

  • Root Admin

This is pretty good software for doing what you want to do and is used in many Schools and Business

https://www.fortresgrand.com/

New Clean Slate® 7

Non-Restrictive Hard Drive Protection

End Computer Help Desk Calls

Restores your computer to its original configuration discarding unwanted computer changes. Just log off or reboot. Clean Slate is easy yet powerful.

New Fortres 101 7

Restrictive Hard Drive Protection

Reduce Support Calls

Powerful, restrictive hard drive protection eliminates computer mischief. Restrict unwanted computer use with this easy, time saving, powerful software.

Link to post
Share on other sites

Unfortunately, I can't convince her to use any browser that is not Internet Explorer.

IE is far more secure these days than it used to be thanks to Microsoft's efforts to plug security holes much more quickly than in the past with frequent Windows Updates. Lately I've noticed far more outstanding (unpatched) exploits being reported in Chrome and Firefox than I have in Internet Explorer, though of course such trends can change quickly because we don't know what we don't know and any day some hacker could discover a new previously undiscovered vulnerability (I've seen patches recently released by MS that fixed vulnerabilities in Windows which have existed since at least Windows 95, and some in Internet Explorer that go back to version 6).

I too would recommend Malwarebytes Anti-Exploit, even if only the Free version. It at least guards against exploits/vulnerabilities (known as well as unknown) in all major web browsers, including Internet Explorer, as well as any plugins/add-ons which are run within the browsers such as Flash and Java. The use of exploits by the bad guys has been extremely common lately and most modern malware bypasses User Account Control by running/functioning perfectly with limited privileges meaning running in a limited user account (LUA) isn't nearly as effective as it had been in years past for preventing malware infection, even with User Account Control enabled and turned up to the max. That said, it is of course better than running with UAC turned off, it's just not as significant and effective against malware as it once was.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.