foolproof computer from malware?

One of my neighbor has managed to acquire all sorts of spywares and maybe
even a rootkit.

I'm going to reformat and re-install windows on his computer.

If I make his account a limited user account, would that stop all malware
from entering his computer? How else can I make his computer more foolproof?

Is there any browser proxy that would *automatically* block all the bad
popups, activeX, and other bad downloads? It has to be automatic. If the
user has to answer a question "do you want to install a virus or a rootkit",
my neighbor may click yes by accident.

peter wrote:
One of my neighbor has managed to acquire all sorts of spywares and maybe
even a rootkit.

I'm going to reformat and re-install windows on his computer.

If I make his account a limited user account, would that stop all malware
from entering his computer? How else can I make his computer more foolproof?

Is there any browser proxy that would *automatically* block all the bad
popups, activeX, and other bad downloads? It has to be automatic. If the
user has to answer a question "do you want to install a virus or a rootkit",
my neighbor may click yes by accident.



No, sorry. Nothing is foolproof. I'll give you links to sites that help
you (and your neighbor) stay safe, but the bottom line is that the end
user is in control of their computer's safety.

You could install Linux on your neighbor's computer, but I rather doubt
that's going to work for him. Even so, no operating system is foolproof
against fools. ;-)

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://wiki.castlecops.com/Malware_R...:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron.../05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on
Rogue Antispyware Programs


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

peter wrote:
One of my neighbor has managed to acquire all sorts of spywares and
maybe even a rootkit.

I'm going to reformat and re-install windows on his computer.

If I make his account a limited user account, would that stop all
malware from entering his computer? How else can I make his
computer more foolproof?

It helps. Nothing can make it completely safe permanently. Things change
quickly. The best defense is educating your neighbor.

Is there any browser proxy that would *automatically* block all the
bad popups, activeX, and other bad downloads? It has to be
automatic. If the user has to answer a question "do you want to
install a virus or a rootkit", my neighbor may click yes by
accident.

No. There is no cure-all.

Clean it up, give the neighbor a limited account for daily use and an
administrative account for installing stuff. Install a good AV software and
perhaps some antispyware software that runs resident as well. Teach the
neighbor that they should not just open things without thinking about it -
that they should not just install stuff from everywhere and that they should
investigate anything they see 'pop-up' on their screen before acting on it
beyond clicking on the X in the topmost right-corner of the pop-up.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

peter wrote:
One of my neighbor has managed to acquire all sorts of spywares and maybe
even a rootkit.

I'm going to reformat and re-install windows on his computer.

If I make his account a limited user account, would that stop all malware
from entering his computer?


Routinely using a computer with administrative privileges is not
without some risk. You will be much more susceptible to some types of
malware, particularly adware and spyware. While using a computer with
limited privileges isn't the cure-all, silver bullet that some claim it
to be, any experienced IT professional will verify that doing so
definitely reduces that amount of damage and depth of penetration by the
malware. If you get infected/infested while running as an
administrator, the odds are much greater that any malware will be
extremely difficult, if not impossible, to remove with formating the
hard drive and starting anew. The intruding malware will have the same
privileges to all of the files on your hard drive that you do.

A technically competent user who is aware of the risks and knows
how to take proper precautions can usually safely operate with
administrative privileges; I do so myself. But I certainly don't
recommend it for the average computer user.


How else can I make his computer more foolproof?


"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools." ~Douglas Adams


Is there any browser proxy that would *automatically* block all the bad
popups, activeX, and other bad downloads? It has to be automatic. If the
user has to answer a question "do you want to install a virus or a rootkit",
my neighbor may click yes by accident.




There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default...kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/


--

Bruce Chambers

Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

If you are reinstalling this would be a good point to make an 'image' of he
hard-disk with suitable disk-cloning software. If he does mess it up, then
it's a simple matter to reinstate it.

Other thing, lock down Internet Explorer and install Firefox. That single
step will eliminate a high percentage of the risk.

Rather then a Limited User, you could look at BeyondLogic's TrustNoEXE. This
actively prevents programs from being run from download-folders, and for a
user with moderate savvy, is a very effective precaution against accidental
launching of malware.