Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security suggestions, Post 3 of 7


  • Please log in to reply
4 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 20 July 2014 - 09:22 AM

Please read post 1 of 7 first. http://www.bleepingcomputer.com/forums/t/541637/security-suggestions-post-1-of-7/#entry3426328
Please read post 2 of 7 second. http://www.bleepingcomputer.com/forums/t/541638/security-suggestions-post-2-of-7/#entry3426331

============
This post - DeepFreeze (about $40)
============

This post although it can be implemented for anyone, it is intended for people with children, or that let people use their computer, for any reason.  This presumes that you know for a fact that your system is clean.  For instance, you've ran a complete deep scan with your antivirus program (I suggest AVAST), Malwarebytes, and SuperAntiSpyware AT THE MINIMUM.  Before I go any farther, let me set the situation up:

1.  My wife and I, have had separate computers, since we got back together in 2000 (we've known each other for 50+ years).
2.  I maintain all the computers in our home.
3.  She doesn't use mine, and I only get on hers, when she has an issue, which is very rare, and very minor.  For instance, she may have get a cryptic message from a program.
4.  When I work on her computer, I insist that she is there, so she can see what I'm doing.
5.  Our computers are secured down tighter than Fort Knox.  No none has ever broken into Fort Knox.

When I say "OTHER FAMILY MEMBERS", I mean all family members except the husband, wife or partner.  For example, a child, a brother, a nephew, etc.

A few suggestions to start:

1.  IF POSSIBLE, have separate computers for all the adults in the home (e.g. husband/wife, partner).  If you're going to let others have access to your computer ("OTHER FAMILY MEMBERS"), IF POSSIBLE, let it be a completely separate PC.  For instance the home has a husband, wife, and a visiting family member.  In this case there would be three computers.

2.  IF POSSIBLE, if there is a member of the family that is very knowledgeable on computers, they should maintain them all.  In all cases I suggest it is one of the main adults of the home (e.g. husband, wife, partner, etc).

3.  IF POSSIBLE, all computers should be the same make, model, etc.  See next item.

4.  IF POSSIBLE, and as close as possible, build the all the computers up with the exact same configuration.  This will make things easier to maintain.  In the case of my wife and I, disregarding that she's on Win7, and I'm on Win8, the differences are:
4.1.  I have a development environment on my computer, she doesn't.
4.2.  She has some homeopathic and knitting stuff on her computer, I don't.
4.3.  That's it.  Of course our individual files are different (word documents, programming projects, etc), but the basic core programs and configuration are identical.

5.  All the computers for children are kept in a "family room", etc (a central location) where adult supervision is always possible.  There are too many predators on the Internet to allow children to surf unsupervised.

6.  All computers used by "OTHER FAMILY MEMBERS" are also kept in the "family room", etc (a central location) so monitoring is possible.  After all, the "OTHER FAMILY MEMBERS", e.g. guests are using the main adults (husband, wife, partner, etc) computers, and the owner, not the guest sets the rules.

7.  I will make one more suggestion, which I have no doubt will be controversial in post 6 of 7.

Ok, some of the really core suggestions:

1.  Use a program called "DEEPFREEZE", explained in a moment.

2.  Use a program like Net-Nanny, etc, to restrict where children can go (see post 6 of 7 for another suggestion), including "OTHER FAMILY MEMBERS".

3.  Make the child's or "OTHER FAMILY MEMBERS" account restricted, so they can't install anything.

4.  Make it so the child or "OTHER FAMILY MEMBERS" has to save all their files (e.g. homework) to a flash drive or external hard drive.  This depends on the version of windows (home, pro, etc).

What DEEPFREEZE does:

1.  Upon install, it establishes a baseline of the computer, as of say 2014_06_01, 0826 hours, for example.

2.  The child (or even "OTHER FAMILY MEMBERS") does a "gazillion" things on the computer like homework, writing letters, etc; oh yea, and picking up malware and viruses (unknowningly).

3.  Then the computer is shut down, and the next time it is started, it will reset back to what it looked like at 2014_06_01, 0826 hours, in this example.  Any and all viruses are gone, the letters are gone, malware is gone, etc.

Now, the gotchas are:

1.  All documents, etc will need to be saved to an external drive (e.g. external HDD, flash drive, etc).  This is because on reboot the hard drive is reverted to it's base line image, in this case, 2014_06_01, 0826 hours.

2.  Automatic updates aren't possible (see next item), because on reboot, it will revert back to, in this case, 2014_06_01, 0826 hours.

3.  To get around #2, the administrator tells DEEPFREEZE to reboot, "unlocked" the next time.  The Admin then runs updates manually, and when done completely, tells DEEPFREEZE to reboot the next time in a "locked" state.  New baseline!

4.  Regrettably, this means that each time the computer boots, it will need to rerun, for example antivirus updates, and as time goes along, it will take longer, unless the administrator periodically does #3.  Specifically, boot unlocked, allow the updates to occur, then tell it to boot locked again.  I suggest that it is done on a monthly basis, a few days after "patch Tuesday".

 

SITE: http://www.faronics.com/products/deep-freeze/

Have a Great Day!

:bananas: :bounce:
 



BC AdBot (Login to Remove)

 


m

#2 Aberrant

Aberrant

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 07 August 2014 - 08:08 PM

 

 

3.  To get around #2, the administrator tells DEEPFREEZE to reboot, "unlocked" the next time.  The Admin then runs updates manually, and when done completely, tells DEEPFREEZE to reboot the next time in a "locked" state.  New baseline!

I am familiar with this type of software. But I haven't used it for personal basis and I'm wondering if Is there a way of excluding specific locations by means of setting it as not to include the cycle on certain drives and folders? Like for example, documents folder will not be affected by the DeepFreeze software,

Thanks.



#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 07 August 2014 - 08:21 PM

As far as I know, it's an all or none situation.  Plus based on your post in the other thread, I personally see no reason the exception should be made.  If it's a library, or a research lab, then the individuals can save their work to a USB drive, or buy their own laptop. etc.  Remember it is the library and/or university's property, and the users have no say on whether they can save things to the hard drives... that is the owner's call, not the user.

Have a Great Day!
:bananas: :bounce:



#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:31 PM

Posted 12 September 2014 - 02:04 AM

 

2.  Automatic updates aren't possible (see next item), because on reboot, it will revert back to, in this case, 2014_06_01, 0826 hours.

3.  To get around #2, the administrator tells DEEPFREEZE to reboot, "unlocked" the next time.  The Admin then runs updates manually, and when done completely, tells DEEPFREEZE to reboot the next time in a "locked" state.  New baseline!

 

With the release of v7.5, Deep Freeze also provides the ability to cache Windows updates during a Frozen session. In other words, Deep Freeze will download the updates on a Frozen workstation and retain them for installation during a Thawed session. If a Windows Update Workstation Task is scheduled, Deep Freeze will install the updates. Additionally, you can configure the settings to detect the completion of the installation so the machine can automatically reboot Frozen (or shutdown) once complete.

http://support.faronics.com/Knowledgebase/Article/View/297/8/how-are-windows-updates-handled-on-deep-freeze-protected-computers



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:31 PM

Posted 12 September 2014 - 05:59 AM

OK -

 

Waiting for next one .....


Edited by noknojon, 12 September 2014 - 04:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users