Please read post 1 of 7 first. http://www.bleepingcomputer.com/forums/t/541637/security-suggestions-post-1-of-7/#entry3426328
Please read post 2 of 7 second. http://www.bleepingcomputer.com/forums/t/541638/security-suggestions-post-2-of-7/#entry3426331
This post - DeepFreeze (about $40)
This post although it can be implemented for anyone, it is intended for people with children, or that let people use their computer, for any reason. This presumes that you know for a fact that your system is clean. For instance, you've ran a complete deep scan with your antivirus program (I suggest AVAST), Malwarebytes, and SuperAntiSpyware AT THE MINIMUM. Before I go any farther, let me set the situation up:
1. My wife and I, have had separate computers, since we got back together in 2000 (we've known each other for 50+ years).
2. I maintain all the computers in our home.
3. She doesn't use mine, and I only get on hers, when she has an issue, which is very rare, and very minor. For instance, she may have get a cryptic message from a program.
4. When I work on her computer, I insist that she is there, so she can see what I'm doing.
5. Our computers are secured down tighter than Fort Knox. No none has ever broken into Fort Knox.
When I say "OTHER FAMILY MEMBERS", I mean all family members except the husband, wife or partner. For example, a child, a brother, a nephew, etc.
A few suggestions to start:
1. IF POSSIBLE, have separate computers for all the adults in the home (e.g. husband/wife, partner). If you're going to let others have access to your computer ("OTHER FAMILY MEMBERS"), IF POSSIBLE, let it be a completely separate PC. For instance the home has a husband, wife, and a visiting family member. In this case there would be three computers.
2. IF POSSIBLE, if there is a member of the family that is very knowledgeable on computers, they should maintain them all. In all cases I suggest it is one of the main adults of the home (e.g. husband, wife, partner, etc).
3. IF POSSIBLE, all computers should be the same make, model, etc. See next item.
4. IF POSSIBLE, and as close as possible, build the all the computers up with the exact same configuration. This will make things easier to maintain. In the case of my wife and I, disregarding that she's on Win7, and I'm on Win8, the differences are:
4.1. I have a development environment on my computer, she doesn't.
4.2. She has some homeopathic and knitting stuff on her computer, I don't.
4.3. That's it. Of course our individual files are different (word documents, programming projects, etc), but the basic core programs and configuration are identical.
5. All the computers for children are kept in a "family room", etc (a central location) where adult supervision is always possible. There are too many predators on the Internet to allow children to surf unsupervised.
6. All computers used by "OTHER FAMILY MEMBERS" are also kept in the "family room", etc (a central location) so monitoring is possible. After all, the "OTHER FAMILY MEMBERS", e.g. guests are using the main adults (husband, wife, partner, etc) computers, and the owner, not the guest sets the rules.
7. I will make one more suggestion, which I have no doubt will be controversial in post 6 of 7.
Ok, some of the really core suggestions:
1. Use a program called "DEEPFREEZE", explained in a moment.
2. Use a program like Net-Nanny, etc, to restrict where children can go (see post 6 of 7 for another suggestion), including "OTHER FAMILY MEMBERS".
3. Make the child's or "OTHER FAMILY MEMBERS" account restricted, so they can't install anything.
4. Make it so the child or "OTHER FAMILY MEMBERS" has to save all their files (e.g. homework) to a flash drive or external hard drive. This depends on the version of windows (home, pro, etc).
What DEEPFREEZE does:
1. Upon install, it establishes a baseline of the computer, as of say 2014_06_01, 0826 hours, for example.
2. The child (or even "OTHER FAMILY MEMBERS") does a "gazillion" things on the computer like homework, writing letters, etc; oh yea, and picking up malware and viruses (unknowningly).
3. Then the computer is shut down, and the next time it is started, it will reset back to what it looked like at 2014_06_01, 0826 hours, in this example. Any and all viruses are gone, the letters are gone, malware is gone, etc.
Now, the gotchas are:
1. All documents, etc will need to be saved to an external drive (e.g. external HDD, flash drive, etc). This is because on reboot the hard drive is reverted to it's base line image, in this case, 2014_06_01, 0826 hours.
2. Automatic updates aren't possible (see next item), because on reboot, it will revert back to, in this case, 2014_06_01, 0826 hours.
3. To get around #2, the administrator tells DEEPFREEZE to reboot, "unlocked" the next time. The Admin then runs updates manually, and when done completely, tells DEEPFREEZE to reboot the next time in a "locked" state. New baseline!
4. Regrettably, this means that each time the computer boots, it will need to rerun, for example antivirus updates, and as time goes along, it will take longer, unless the administrator periodically does #3. Specifically, boot unlocked, allow the updates to occur, then tell it to boot locked again. I suggest that it is done on a monthly basis, a few days after "patch Tuesday".
Have a Great Day!