Just had a friend drop off 2 Desktop PC's and a laptop. All three were badly infected with a variety of Trojans, Malware and Ransomware.
After following some guides here for removal of the NSA Ransomware, i proceeded to clean the system as best i could. Somewhere along the way, the system became slow and would blue screen when logging off any of the users.
They had a copy of Windows 7, so i backed up what files they wanted and did a clean install of Windows 7.
I have done this on 2 of the 3 systems as they were all running Vista and were all badly infected. The 3rd system is still a work in progress and may have hardware issues.
On the one desktop that is going back to her autistic son, i have installed Avira Antivir, Hitman Pro Alert and Sandboxie.
I set him up as a limited user (was admin before) and im considering a Firewall with HIPS. My experience with Firewalls with HIPS, is that most if not all of them require a lot of interaction. I think he will just click whatever button is the easiest to click and be on his way. So i think the firewall would be a waste of time and resources.
The free version of Sandboxie seems a little limited and easily bypassed if he goes into the list of programs and fires up IE or Chrome (i have made chrome his default browser). I have deleted all browser shortcuts from the desktop with the exception of the Sanboxie browser shortcut. I guess i could delete them from the programs list, but i think he should stick with clicking the desktop icon.
What other recommendations would anyone here have to try and make this a more secure system without over complicating things? I will most likely image the system before it goes back, but it would be nice to see him get more than a few months out of this new cleaned up system.
I have considered running off of a live CD or USB flash drive, but thats not 100% effective either. His mom is pretty computer savvy, but doesnt have the time to police him and his 2 brothers all the time. They range in age from 14 - 21, so they are into it all. Maybe some rules or restrictions at the router? Using a hosts file with a frequently updated blacklist of nefarious sites?
It seems things keep getting worse out there in the wild wild net. How is someone like this to protect themselves?
Maybe setup Ubuntu or other user friendly Linux distro instead of Windows 7? May be less nasties with Linux, but that brings its own support and other issues.
Open to ideas here folks.