Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows Security and On-line Training Courses?

timothy posted more than 5 years ago | from the temporary-education-discount dept.

Education 189

eggegick writes "My wife has taken a number of college courses over the last three years and many of the classes used on-line materials rather than books. The problem was these required IE along with Java, Active X and/or various plug-ins (the names of which escapes me), and occasionally I'd have to tweak our firewall to allow these apps to run. I don't think any of these training apps would work with Firefox. All of this made me cringe from a security point of view. Myself, I use Firefox, No-Script, our external firewall and common sense when using the web. I have a very old Windows 2000 machine that I keep up to date. To my knowledge, I've never had a virus or malware problem. Her computer is a relatively new XP machine, and at this point she feels her computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have for running this kind of software? Is there a VMware solution that would work — that is, have a Windows image that is used temporarily for the course work and then discarded at the end of the semester (and how do you create such an image, and what does it cost?)."

cancel ×

189 comments

Sorry! There are no comments related to the filter you selected.

vmware is free (5, Informative)

DragonTHC (208439) | more than 5 years ago | (#27174609)

vmware is free, so is virtualbox and xen.

you would create the image yourself.

install a default XP machine and run IE on it.

Re:vmware is free (3, Insightful)

Tibor the Hun (143056) | more than 5 years ago | (#27174675)

Exactly. make known good snapshots and you're covered.
It's the best way to run windows nowdays.

Re:vmware is free (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27175577)

First, if she hasn't done so already, she needs to shave her pussy. Then, post pictures.

Re:vmware is free (3, Insightful)

isj (453011) | more than 5 years ago | (#27174963)

Vmware Player is free. Vmware Workstation is not. But I doubt that for online courses that the extra funtionality in the workstation edition are needed.

Re:vmware is free (3, Informative)

MartijnL (785261) | more than 5 years ago | (#27174979)

You can always install VMware Server (which is free) to make the image

Re:vmware is free (1)

Knara (9377) | more than 5 years ago | (#27175375)

VMware Server is free. [vmware.com]

It's more than up to the task you are trying to accomplish.

Re:vmware is free (4, Informative)

QuantumRiff (120817) | more than 5 years ago | (#27175271)

VMWare is free, however, you would have to check your licensing to ensure you can install a second copy of windows on it, without having to buy another license. (unless, of course, you put linux on the machine, and run windows inside vmware)

I think virtual machines are going to be the death of Microsoft. Its just too damn hard to keep track of in a VMAppliance world...

Re:vmware is free (3, Informative)

Anonymous Coward | more than 5 years ago | (#27176077)

The OEM Licence is non transferable and bound to the physical hardware.
AKA Intel Chipset/Broadcom Network and Intel Processor for example.

running windows inside vmware is running on Different VM Emulated hardware thus breaches the OEM licencing agreement.

If you bought retail and uninstalled it from your PC and reinstalled into a Linux Host VM then you are ok

Doesn't always work (0)

Anonymous Coward | more than 5 years ago | (#27175559)

I have a Toshiba Satellite A30 Laptop - about 5 years old.
I comes with a Toshibs OEM version of Windows.
You cannot install in on any kind of Virtual HDD I have tried them all.
It is tied to the Hardware or something.

VM (0)

Anonymous Coward | more than 5 years ago | (#27174621)

Run her web browsing in a virtual machine.

Clue Stick (2, Insightful)

Frosty Piss (770223) | more than 5 years ago | (#27174673)

Have her take her courses from a school with a clue.

Yeah, except (2, Informative)

Giant Electronic Bra (1229876) | more than 5 years ago | (#27174873)

The courseware he's talking about is almost certainly Blackboard and up until very recently that was basically the only available product for this kind of stuff. Yep, it is a titanic piece of KAKA, but no matter how clueful a school is, they pretty much don't have a choice. WebCT was somewhat better, but Blackboard bought that a good while back and they don't put new customers on it.

In the last year or two there are some OSS apps that are at the point where they would be a better choice, but switching is also a titanic nightmare and thus the pain goes on...

Re:Yeah, except (2, Interesting)

Patch86 (1465427) | more than 5 years ago | (#27175105)

Strange. My GF, who is at uni, uses Blackboard regularly. She's used Firefox + unmodified Zonealarm for the entirety of her 4 year course, and never encountered a problem.

Etudes is a good Open source alternative (2, Informative)

hguorbray (967940) | more than 5 years ago | (#27175183)

http://etudes.org/ [etudes.org]

They use it at Foothill College Los Altos CA where where I am a somewhat permanent student

I have taken dozens of online classes and it seems to have worked well for a variety of classes and teaching styles

-I'm just sayin'

Re:Yeah, except (1)

Chabo (880571) | more than 5 years ago | (#27175913)

I used Firefox on Blackboard too. Hell, my mom was having issues with her Blackboard courses in IE7, cause for IE they only supported v6, so I told her to install Firefox, and it worked great!

Maybe the school has a really old version of Blackboard?

Re:Yeah, except (1)

houstonbofh (602064) | more than 5 years ago | (#27175165)

My girlfriend uses blackboard for all her courses. She mostly uses the Ubuntu system in the living room with the big screen. Easier to study the rock pictures. (Geology) No problems so far.

Re:Yeah, except (1)

FullMetalJester (887382) | more than 5 years ago | (#27175451)

NU uses Blackboard, I even worked in the IS department supporting faculty and staff with Blackboard. Never had issues with it and I used Firefox.

Re:Yeah, except (1)

Chabo (880571) | more than 5 years ago | (#27175931)

From the Wikipedia disambiguation page for "NU":

In universities:

        * Niagara University, a Roman Catholic university in Niagara County, New York
        * Northeastern University, an American research university in Boston, Massachusetts
        * Northwest University, a private university in Kirkland, Washington
        * Northwestern University, an American research institution in Evanston, Illinois
        * Norwich University, a private American military and traditional university in Northfield, Vermont
        * University of Nebraska-Lincoln
        * Naresuan University, a public university in Phitsanulok, Thailand
        * Nile University, a private research university in Egypt
        * National University (Philippines), a private, non-sectarian university in Manila, Philippines

Four of those came into mind immediately when you said "NU". Which one?

Re:Yeah, except (1)

FullMetalJester (887382) | more than 5 years ago | (#27175947)

Sorry I realized that was confusing. Northeastern University in Boston Ma.

Re:Yeah, except (1)

Arivia (783328) | more than 5 years ago | (#27175461)

My university standardized on Firefox and uses Blackboard with no problems. The only time it's ever complained is when I sign on with a nightly it doesn't recognize the user-agent from, but it still works perfectly fine.

Re:Yeah, except (1)

i.r.id10t (595143) | more than 5 years ago | (#27175639)

Strange - I've never had a browser related problem with WebCT (pre-blackboard days), Blackboard, WebCT Vista, or Angel from my Linux desktops. Always used Netscape 4.x, Mozilla, or Firefox 2+

Re:Yeah, except (1)

tubapro12 (896596) | more than 5 years ago | (#27175837)

Some of my school's classes are done through Cisco's Network Academy, which will only run effectively in Internet Explorer from my experience. I use Blackboard all the time under Firefox, and don't struggle to run it in Linux either.

VMWare (1)

actorclavilis (1336733) | more than 5 years ago | (#27174685)

Download VMWare [slashdot.org] and install the free version, then tell it in the Machine setup that the source is on the Windows install disk. Wait ten hours for install... then it should work.

Make sure that the virtual disk size is big enough (at least a couple of gigs)

Virtualization is your friend (4, Informative)

pwizard2 (920421) | more than 5 years ago | (#27174719)

I review software for a living (in addition to doing other things) so I've been using virtualized Windows XP installations for awhile now. (I prefer Virtualbox, but you can do this with any utility)

A long time ago, I created a virtual hard disk image of a Windows XP installation, got it the way I like it, and then backed it up. (storing a few GB long-term is trivial these days) When the current disk image I'm using gets overly cluttered after a few weeks or months, I just get rid of it and load a fresh copy from my backup and start over.

You could probably benefit from the same system.

Re:Virtualization is your friend (3, Informative)

mrphoton (1349555) | more than 5 years ago | (#27175009)

Don't know if this helps, but I use qemu-kvm under fedora. With qemu you can install XP or whatever base system you want to an image, then I generate an overaly file associated to the disk image. This means that all future changes to the disk image are stored in an external file. So if I think I have a virus or want to reset the system all I do is delete the changes disk image and I am back to a clean install of xp. This page details how to do it. http://wiki.archlinux.org/index.php/Qemu [archlinux.org] Also, I would use kvm part of qemu if you chip can do it (new pentiums can), it means that you are not doing emulation but running the OS as a native OS.

Re:Virtualization is your friend (0)

Anonymous Coward | more than 5 years ago | (#27175037)

Another point for Virtualbox. I told my mom and my wife to use it if they were doing anything but email

Re:Virtualization is your friend (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27175381)

A virtual machine may be overkill for this sort of situation. I'd recommend looking into Sandboxie. It's a bit more lightweight, as rather than mimicking an entire machine and all its resources, it merely traps and re-implements OS calls to be neutered to affecting a disposable area. I haven't used it myself (I live dangerously), but the Security Now guys were raving about it.

Re:Virtualization is your friend, and also ... (0, Flamebait)

omb (759389) | more than 5 years ago | (#27175603)

Anything that lets Active X run, eg a Windows OS is an un-containable security risk. By that I mean that if you have a system that allows that stuff to run you have __NO__ security in that Logical Partition, and you have to be able to sacrifice the Image and start over.

Lots of (a) disk space, (b) care and organization are necessary. As others have said use virtualizarion, preferably over a Linux kernel even if you never use linux per se as it makes the virtual LPARs easier to manage and has an effective firewall, even with iptables off, at startup for most distributions. I use OpenSuSE.

The game-script is choose a virtualization, lots, mostly free, try to avoud things like VmWare unless you really need its features, Install basic Linux eg Ubantu, install VM manager, install Windows (1) on a real HD partition and (2) for its virtual environment. Burn CD/DVD of the Windows setup, install extensions, courseware ... burn another DVD, turn on the 'tun' network to windows.

You are now in roughly the position most large corporate Windows users establish, you have glass 'Ghostlike' images of you setup as it was before you entered the unsafe-sex world of Windows, and you can quickly step back to them.

Corporate speak "re Image your machine".

Dont forget it ifconfig the tun down before you let anything get at your image. The MTTP (Mean Time ti Pawned) is c
3 mins for an un-protected Win box on the internet.

Re:Virtualization is your friend, and also ... (1)

Leiterfluid (876193) | more than 5 years ago | (#27175861)

Anything that lets Active X run, eg a Windows OS is an un-containable security risk. By that I mean that if you have a system that allows that stuff to run you have __NO__ security in that Logical Partition, and you have to be able to sacrifice the Image and start over.

What a load of crap. Can you actually prove what you just stated? Here are some facts for you to digest.

Any operating system / browser environment is just as secure as the users allow it to be. You can run Firefox with NoScript all day long, but how many of us have seen web pages that state "You must have JavaScript enabled to view these pages." A more savvy user would simply decide to either not use that website, or find an alternate way of doing what they need to without lowering the security on their system. However, less informed users might simply decide to create either a permanent or temporary exception for that site without considering the consequences. The same is true with Active X controls. I don't install any I don't trust, and most of the time, even if an application I installed adds an Active X control, I manually go into IE and disable any ActiveX controls I don't trust.

Secondly, anyone who runs their applications, or OS as either root or administrator opens him or herself up to attack regardless of the platform. The fact that there are many more Windows based attacks is because of two reasons. 1) Windows is easy to use, and therefore easier to manipulate, and 2) Windows still owns the lion's share of the desktop market, therefore attacks will have a broader impact. It is foolhardy and ignorant to suggest that any platform is inherently more secure than another. Each has their vulnerabilities, and each will have inexperienced users making bad decisions.

Just use VirtualBox (1)

Stumbles (602007) | more than 5 years ago | (#27174751)

on Linux, install XP or whatever, run all the updates and then make a backup copy of the VM.

Nonick (0)

Anonymous Coward | more than 5 years ago | (#27174767)

If you just want to use her computer for the semester then re-wipe, have you considered partitioning additional space? Use Partition Magic or something, clone the windows partition, relabel it to whatever with an operational space of 10gb or so, forget about firewall, antivirus etc, let the computer crash and burn, when it becomes intolerable, wipe partition and clone yourself a new one. VMWare would have a similar solution, but it won't be that responsive since you'd be actively RDP'ing the whole time.

Security (-1, Flamebait)

DaMattster (977781) | more than 5 years ago | (#27174829)

A security course taught on Windows based platforms is kind of an oxymoron. Why would you teach security on an OS riddled with holes other than to show you how to get around them because you can't plug them? Use a real OS like Linux or BSD to teach security in Information Systems. Both have stellar records and access to source code. Folks, it is almost laughable that you would teach a Windows based security course. Windows is proof positive that security by obscurity just doesn't work.

Re:Security (1)

maxume (22995) | more than 5 years ago | (#27174855)

Do at least try to read the summary.

Re:Security (0)

Anonymous Coward | more than 5 years ago | (#27175141)

surely windows is more proof that security is impossible when the resources of those trying to hack you are virtually infinite?

IE so many windows boxes; all vulnerabilities are likely to be found because any hacker/criminal/hobbyist will target the most common OS?

Last I checked there was no 100% secure OS. There were open source OS's that you can look at the sourcecode for when a vulnerability IS found, but there is no 100% secure OS. period.

if you want to teach security; teach better habits, its the ONLY way to even get close to security, NO OS will save you from being an idiot. So teach on ANY OS security; ESPECIALLY windows, because in windows you need to be aware of all the security risks.

god, I got sucked in by an anti Microsoft troll that wasn't even TRYING to be a troll :/

Why would it make you cringe? (4, Informative)

magamiako1 (1026318) | more than 5 years ago | (#27174867)

all of this made me cringe from a security point of view.

Why would this make you cringe from a security standpoint? Security is only a problem with nefarious things are intended. The act of allowing these specific ActiveX controls to run within the context of the training courses has no bearing on whether or not you are permitting other ActiveX controls to run. If the prompts annoy you, rather than simply completely turning off ActiveX security features, you should add this site to your list of Trusted Sites.

There's nothing inherently wrong with enabling IE, using IE, or using ActiveX. And within the context of this single site there's not likely to be a problem. After all, if they were using their software for malicious deeds you surely have legal rights on your side.

Re:Why would it make you cringe? (1)

houstonbofh (602064) | more than 5 years ago | (#27175241)

Assuming the firewall is at the network edge, you can't just turn it off for one application. And when you enable scripting, you can not enable scripting by site. (NoScript isn't on IE...) You use a condom every time you have sex. You don't take it off for the girls that look clean.

Re:Why would it make you cringe? (4, Insightful)

magamiako1 (1026318) | more than 5 years ago | (#27175343)

Completely terrible analogy to make.

And yes, you can enable scripting per site. Or rather, on IE you have "zones". And you can set different security levels for each zone. You have your "Internet" Zone, "Trusted Sites", and even "Restricted Sites".

You can add sites and change security settings for each one of these. Trusted sites typically have less security requirements because you trust them. And that would be the proper solution to this question.

Re:Why would it make you cringe? (1)

mcmonkey (96054) | more than 5 years ago | (#27175347)

Assuming the firewall is at the network edge, you can't just turn it off for one application. And when you enable scripting, you can not enable scripting by site. (NoScript isn't on IE...) You use a condom every time you have sex. You don't take it off for the girls that look clean.

Wow, you could not be more wrong. Yes, wear a condom every time, but if the girl is so skanky you feel the need to double bag it, how about you just don't have sex with that girl?

Just installing IE does not mean you have to go around to every pr0n and warez site you can find trying to get infected.

Oh, by the way, you CAN enable scripting by site. (Well, I can.) In IE you can set the default security to no script (or whatever you like), and then add trusted sites to a lower security setting.

Oh, and that's built in functionality of IE. NoScript not needed.

So what's the trouble with installing IE, and just using it for the one trusted site when it's needed?

Re:Why would it make you cringe? (1)

maxume (22995) | more than 5 years ago | (#27175757)

No, no, the computer is a mysterious device, subject to moods and whims, and don't dare get it dirty, it might never work again.

Re:Why would it make you cringe? (0)

Anonymous Coward | more than 5 years ago | (#27175841)

And if you are really paranoid, log in with the guest account while using IE. It's pretty hard to infect the system with restricted privs.

Re:Why would it make you cringe? (0)

Anonymous Coward | more than 5 years ago | (#27175313)

I'm going to go out on a limb here and say there is something inherently wrong with enabling IE with ActiveX.

Users simply aren't smart enough to realize when they accept that Flash required dialog, the control some 3rd party now has over their system and what access that component now has to it while doing something considered innocent like browsing the web.

Maybe that component isn't inherently evil but you now added another attack vector. However this is all irrelevant to his question I believe.

Obviously his wife thinks the computer now responds differently in some way other than it originally did. This could be simply a lot of stuff installed on a slow computer (registry, COM objects and BHO's) or something vicious. I don't, You don't know, who the hell knows? Obviously these applications are not going to be installed or used for very long so why even take a chance.

Virtualize and install.

Re:Why would it make you cringe? (1)

magamiako1 (1026318) | more than 5 years ago | (#27175363)

His comments regarding the perception of performance of the computer have no bearing on whether he should or should not allow the site to use IE.

Re:Why would it make you cringe? (0)

Anonymous Coward | more than 5 years ago | (#27175479)

It does when he's asking for a better way to run IE with addins without affecting the core system.

He seems to understand VERY clearly he can't run these in any other browser "I don't think any of these training apps would work with Firefox" and wasn't asking for your uber cool knowledge of IE zones.

BTW when you zone a ActiveX/COM object out and prevent it from running for sites that doesn't keep the code from getting loaded up by the browser, that part is persistent. Learn some COM

Of course nobody here has ever had a computer tank from badly written or evil software installed.

Re:Why would it make you cringe? (0)

Anonymous Coward | more than 5 years ago | (#27175439)

Sigh. If one more developer sprouts this line of tripe, I'm liable to be going to go on a rampage. Are you incompetent, or just full of shit you gobbled down from the MS Camp? Or maybe you're just a competent developer who never has bugs, never makes mistakes, and does everything right all the time. And everyone else on any project you ever touched never makes mistakes either--not even once.

Either way you're wrong--so by your logic you must be malicious...otherwise I'd have nothing to worry about.

Nothing wrong if there's nothing malicious? So I should assume adobe was actively malicious with the 0day PDF exploit that came out recently? Or microsoft with the mess that was early SMB? Or maybe you just think there's nothing wrong with opening a PDF hijacking your system... After all, nobody would get infected by opening a PDF unless that was intended behavior right? "If they were using the software for malicious deeds you surely have legal rights on your side"? What if they were just incompetent? Or not even incompetent, and just had one zero-day discovered? What if they had a developer like you doing their security or applications?

What makes you think that every ActiveX control is written correctly, and has its domain correctly locked down to *just* the original publisher? Heck, I saw early controls that let a website run a raw system call that weren't locked down--in fact it's a tutorial I've seen in two textbooks. Once they installed it, you could call it from ANYWHERE. Oh...sure, the user can restrict the control to a domain with sitelock. If they know to. How many users do? How many developers even expect it? You get schools and companies linking things with third party applications at other domains (blackboard anyone?) that expect to share cookies and a locked down system is the last thing on the programmer's mind.

Within the context of ActiveX, there's likely to be a problem--especially with developers who believe people like you.

Go ahead, call me a ranting AC...I'm still *right*. If the school required him to install ActiveX and didn't make sure the controls were safe (they probably didn't), he's got every right to be worried--malicious or not.

Re:Why would it make you cringe? (2, Insightful)

DigitalCrackPipe (626884) | more than 5 years ago | (#27175495)

Security is only a problem with nefarious things are intended
That's not correct at all. While in this case it might be possible to open up only the features needed for this software to run, it's highly likely it will only work if you open up the gates for other malware to enter as well. Adding the site to the trusted zone may only resolve some of the problems (did you read the firewall bit?). Software that isn't designed with security in mind (read: most software) is often so sloppy that finding all of the inappropriate liberties it wants to take requires several rounds of troubleshooting. It seems that the virtualization suggestions in this discussion are well warranted.

Re:Why would it make you cringe? (1)

magamiako1 (1026318) | more than 5 years ago | (#27175643)

Okay, so I was a little vague in explaining my point with regards to security.

You are correct in the sense that software is sloppy, but what this guy is seemingly trying to prevent (and what he hinted to with his wife's computer performance problems) has to do with the general problems that people find with IE and ActiveX controls period.

That is, it's not the controls that are flawed, but he believes that by even having IE open will somehow open a doorway to insecurity to his system.

And what I was trying to point out is incorrect. The act of having IE open, adding this tutoring site to trusted sites, and then letting his wife use the site that way is in no way inherently bad and it certainly isn't going to invite viruses into his system unless of course someone at the college replaced the ActiveX control with malicious software.

And while the above is possible, I think it's beyond the scope of his "Ask Slashdot" question. The same goes for simple insecure coding practices. We could argue and debate all day long regarding these concepts and while they are all valid, it's definitely far too much for what he's asking.

The simple answer, again is: Does opening IE and allowing a trusted site's ActiveX controls to run cause my computer to be more open to viruses than it otherwise would be? No. It does not.

There is a much more complex answer that we seriously could just spend days on.

Re:Why would it make you cringe? (1)

omb (759389) | more than 5 years ago | (#27175667)

Nonsense

Re:Why would it make you cringe? (1)

girlintraining (1395911) | more than 5 years ago | (#27176353)

Security is only a problem with nefarious things are intended.

Well, actually, security is about being able to trust the system to do what you want it to do. It doesn't really matter whether you lost the customer database because a hacker broke in and wiped out the server or two drives failed and the array went up in smoke from a security standpoint. This is why as security professionals we try to adhere to the principle of granting the minimal amount of access necessary to accomplish a given task; And by default not allowing access. It limits the number of possible failure points, only one of which might be J. Random Hacker.

Re:Why would it make you cringe? (1)

multisync (218450) | more than 5 years ago | (#27176515)

Yeah, he also could have closed those ports on the firewall when his wife wasn't actually working on the course material, and had her use Firefox with no-script etc. for everything *but* the course work.

He would be better off picking up a cheap laptop for his wife to use for these courses than trying to run VMs and whatnot. Even one of those ASUS eepcs might do, or a used notebook if she needs a better display.

What's he gonna do when the setup borks while his wife is in the middle of something important? You're sure not going to get support from whoever is supplying the curriculum for your XP-running-in-a-VM-ware-session-running-in-Fedora setup.

Parallels or vmware fusion (0)

Anonymous Coward | more than 5 years ago | (#27174893)

I have used vmware fusion and parallels. The upside of these two solutions is they work on my intel macs.

i've been reading slashdot everyday for 10 years.. (2, Insightful)

dopeghost (107650) | more than 5 years ago | (#27174899)

...and this is the worst askslashdot ever.

that is all.

Re:i've been reading slashdot everyday for 10 year (2, Insightful)

Maestro485 (1166937) | more than 5 years ago | (#27176539)

I was thinking the exact same thing. It almost reminds me of a Yahoo! Answers post.

Her computer is a relatively new XP machine, and this point she feels here computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have when having to run this kind of software?

What the hell kind of "recommendations" is he looking for? If your school needs ActiveX plugins (I know, I know, the schools needs to get a clue, etc.), you use IE and run them. I guess we could recommend that he doesn't, but that kind of defeats the purpose. ActiveX isn't an automagic virus.

She feels her computer has something wrong? So what? What the hell does that have to do with his question? What the hell does "planning on running a recovery disk" have to do with his question? What the hell is his goddam question, anyway?

Plus, he's asking how to create a virtual machine in VMWare and how much it costs?!? Apparently this genius hasn't discovered www.google.com yet.

Easily the dumbest Ask Slashdot I've seen.

Let's hope (1)

MrEricSir (398214) | more than 5 years ago | (#27174911)

that your wife isn't taking a computer security class.

Windows SteadyState (4, Interesting)

benjymouse (756774) | more than 5 years ago | (#27174913)

is also an option. Can completely lock down a PC. All changes are written to a separate "log" partition which can be reverted. Logs can be kept separate for individual users and the system. For instance you can configure Windows SteadyState to discard all user changes at each boot but allows the system to update itself through Windows Update

It's available for XP and Vista (32 bit) free from Microsoft: http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx [microsoft.com]

Or Faronics Deep Freeze (1)

vawarayer (1035638) | more than 5 years ago | (#27175031)

(...) Windows SteadyState (...) It's available for XP and Vista (32 bit) free from Microsoft(...)

There's also a product that I love: Faronics Deep Freeze [faronics.com] .

It takes an image of a system partition upon install and freeze it. Ie. Reload this partition image after every reboot. So you have a fresh computer every day.

Some tweaking necessary - partitionning your disk into a frozen for system, and a non-frozen partition for documents.

It's worth a try, me thinks.

Re:Or Faronics Deep Freeze (1)

jefu (53450) | more than 5 years ago | (#27175509)

Can't you just use a linux kernel on another partition and use dd to copy the good partition somewhere, then dd it back when needed? I used to do this, but haven't tried (haven't needed) it recently.

Of course, you don't even really need a linux partition, just a live cd and disk space to put the image on.

Win4VDI (1)

transporter_ii (986545) | more than 5 years ago | (#27175933)

Some of the important features and capabilities of Win4VDI for Linux include:

        * Re-hosting of Windows XP/2000 desktop sessions on Linux servers
        * Centralized management and provisioning of users
        * "Renewable" windows - just restart any corrupted session and the original master copy of Windows combines with your individual "Documents and Settings"
        * Automatic local printing from the server to the local attached printer.
        * Consistent user access to personal desktop environment from home, office and other network connected locations.
        * Support for multiple remote display choices - Win4Lin client, NoMachine, LTSP, VNC, and X, for example
        * Increased security and reliability by running on Linux servers
        * Create end-to-end Linux environment with Windows as a guest rather than control point.
        * Lock down Windows read, write and other operations with Linux permissions â" an administrator's dream!
        * Provide standard application environments to users regardless of desktop hardware and operating system - Windows, UNIX, or Linux on the client, but standard application profile served from Linux server.
        * Use as a way to wean your organization from those last few Windows applications by consolidating onto a server for as-needed concurrent use. De-commission Windows from a central location once suitable replacements are in production.
        * Serve Windows apps to Windows users from a Linux server â" cheaper, more secure, and more reliable - with all the advantages of consolidation and central management

The price for Win4VDI for Linux is USD $125.00 per concurrent user. The minimum number of users that can be purchased is ten(10). Win4VDI for Linux is available in a specially priced 10-user package for $1000.

GRUB (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27174915)

You can use the instructions here [faqs.org] to install the same copy of windows into two different partitions on the same machine. I use this on my laptop; one image for everyday use, and one for logging in to my company's VPN (which requires specific software that I don't want to have running all the time).

Re:GRUB (2, Interesting)

Anonymous Coward | more than 5 years ago | (#27175587)

To clarify, this is just a link to the bootloader setup. It is not that relevent, IMO, because that is not the typical way that people setup to use virtualization. I don't recommend it for a newbie. It is better to encapsulate your virtual disc as a file on an already known filesystem. Just follow the normal instructions when learning about VMs.

The way you have proposed setting up often leads to confusion. People think they can use the same exact partition they use with a physical machine that they use with a virtual machine. In rare cases this works, but most often it leads to "blue screen" boots due to HD controller mismatches, etc.

There is also another non-technical problem. That is, XP's license terms do not allow this, as I understand them (IANAL). The reason behind activation requires a license to be linked to the hardware. The "virtual" hardware is different than the "physical" hardware and requires its own license. Again, just my opinion.

Windows security tips... (0, Troll)

girlintraining (1395911) | more than 5 years ago | (#27175003)

First, windows is bad blah blah, viruses blah blah, linux and baby jesus save blah blah. Okay, now that we've eliminated 95% of the discussion ideas for this thread: user training is a freaking awesome idea! Seriously, how many of you have walked into jobs and been handed a strip of paper with your userid and password (set to 'password') and told to change it -- and that was the total extent of your training?

Re:Windows security tips... (1)

Em Emalb (452530) | more than 5 years ago | (#27175101)

A lot of us are the people who setup computers/networks and various other technology.

That's not only the norm, it's expected that you know what you're doing.

In other words, good question, wrong crowd.

Re:Windows security tips... (0)

Anonymous Coward | more than 5 years ago | (#27175119)

I really don't see his problem being his wife not being trained properly, he sounds more than competent even if his wife isn't and he's receiving more than quality advice in this area.

Some of us (me included) daily face having to install things we don't deem worthy or know will affect our computers performance. (Yes i'm looking at you Flash, Java VM, ITunes, a few browser, etc.)

I say go with a VM (VMWare, MS Virtual PC, etc.) or SteadyState. Me personally i don't even want the crap on my computer, if it doesn't run in a VM i'll find another machine i can ruin.

Blah blah blah.

Re:Windows security tips... (1)

Abreu (173023) | more than 5 years ago | (#27176235)

In my current job I was handed a piece of paper with my userid and an 8 character random string of letters and numbers as my password.

...and was told I could not change it at all!

Internet College web sites and virtual machines (4, Informative)

Orion Blastar (457579) | more than 5 years ago | (#27175013)

require you to turn off your firewall and pop-up blocker. Why they cannot write web software to work without needing pop-ups and can work with firewalls is beyond me.

Virtual PC 2007 [microsoft.com] is free. Use Pricewatch's operating system price search [pricewatch.com] to find a version of Windows to run under it. Windows XP [pricewatch.com] can be bought in OEM version for under $100.

Run all college web sites in a virtual machine.

Use Avast Home [avast.com] for Antivirus as it is free for home and non-profit use.

Re:Internet College web sites and virtual machines (1)

Orion Blastar (457579) | more than 5 years ago | (#27175039)

Use student discounts if you can buy a copy of XP for cheaper than pricewatch can offer an OEM copy.

VMWare will work as well, but the VMWare Player while free cannot create install virtual hard drives. You'd have to create it with the Free Server version or buy the Workstation version.

Re:Internet College web sites and virtual machines (0)

Anonymous Coward | more than 5 years ago | (#27175129)

not "non-profit", "non-commercial". Non-profit users must purchase a reduced-price professional license.

Re:Internet College web sites and virtual machines (2, Interesting)

markdavis (642305) | more than 5 years ago | (#27175751)

Technically, MS-Windows XP Home is "not allowed" to be run in a virtual session. Read the license. You have to use the more expensive MS-Windows XP Pro or ultimate, and even then, there are draconian restrictions.

Me? I just use Linux. Free. And no need to have snapshots in a VM to protect my system from typical MS-Windows snafu's. But if you want, you can run MS-Win under Virtualbox under Linux; also free, but in addition, it is open source (while just as fast and capable).

Re:Internet College web sites and virtual machines (0)

Anonymous Coward | more than 5 years ago | (#27175869)

Me? I just use Linux. Free. And no need to have snapshots in a VM to protect my system from typical MS-Windows snafu's. But if you want, you can run MS-Win under Virtualbox under Linux; also free, but in addition, it is open source (while just as fast and capable).

Not only did no one ask what you used, you completely ignored the designated scenario to push your opinion on a crowd that already knows all the information you had to share. Bravo!

Re:Internet College web sites and virtual machines (1)

markdavis (642305) | more than 5 years ago | (#27176099)

Oh yes, and your anonymous coward comments were so constructive and on-topic too.

Re: Windows SteadyState (0)

Anonymous Coward | more than 5 years ago | (#27175059)

Wow, that's a great option. It might even beat using Virtual Box since I erred on the side of caution and completely locked down my Windows XP guest. It doesn't even have access to the main Ubuntu machine, let alone to the household network or the Internet.

I don't need to have XP access to the world outside my office, but those who need it--often for academic purposes--would be well served if MS publicized this SteadyState option. Of course, in order to publicize it, they might have to admit that Windows is so easily cracked, which might cause users to investigate options to Windows, which would keep them from publicizing it...lather, rinse, repeat.

Oxymoron? (0, Troll)

CyberSlammer (1459173) | more than 5 years ago | (#27175063)

Windows security... Kind of like Army Intelligence?

Re:Oxymoron? (1)

CyberSlammer (1459173) | more than 5 years ago | (#27176029)

Aww poor Windows shill...can't handle the truth?

LUA & VMs (1)

Malc (1751) | more than 5 years ago | (#27175073)

Best thing you can do on XP is logon as a normal user (not admin, nor power user), and learn how to deal with the occasional problems caused by having insufficient privs. Aaron Margosis' (sp?) blog has some great tips.

VMWare Player is free, but doesn't make it easy to create VMs. Sunbarrow.com has lots of tips.

Virtual machines are a great way to run stuff where performance isn't critical. It's a useful sandbox that you can easily restore to a known state just by copy some files from your backups.

Re:LUA & VMs (2, Informative)

Malc (1751) | more than 5 years ago | (#27175133)

Sunbarrow.com? I meant: Sanbarrow.com

Windows Security. (2, Interesting)

vistapwns (1103935) | more than 5 years ago | (#27175121)

The solution is easy, though you may not like it. Install Vista (It has ASLR, heap protection, pointer protection, dep, integrity levels, and so on) and latest updates. Enable DEP for all processes and memory protection in IE advanced options (must run IE as admin first to change this setting.) Disable all the AcitveX and .NET stuff in the internet zone. Enable Protected Mode for 'trusted zone.' Add necessary, trusted sites to 'Trusted Zone' site list, that require an active-x/.net plug-in. Leave auto-updates on. Don't download anything unless you know for sure the trustworthyness of the people who made it. Using just that, I have been using Vista for almost 2 years without a single Virus, trojan or Worm, or anything at all to speak of, and I surf everything, all day, including very shady sites. Vista pretty much takes care of the automated and drive-by download infections, teaching non-advanced users about web scams that only require a sucker user on the other hand is very difficult, I recently had to clean antivirus-360 from a friends computer because despite all the security (it was XP) she willingly clicked 'download' and 'install' and 'ok' when it said she needed the program on some website. lol.

virtualbox no doubt about it (1)

roscowe (1499265) | more than 5 years ago | (#27175157)

I use it for MS Visio, nothing else I run Linux in my laptop and 'if' I need MS Visio, I just run my Virtual machine, which does not have to fully boot up... =) it can easily wake up from saved state (takes like 5 seconds) ohh Sun thank you...

Can't you just fix the problem? (3, Interesting)

diggitzz (615742) | more than 5 years ago | (#27175179)

Virtualization is easy, but non-virtualization is even easier. There is a VMWare solution that will work: It's VMWare, and it works exactly like you think it does. The current price is listed on the VMWare website. I don't understand why this is a community-posed question, though, since you seem to have answered yourself in the question.

The free solution, on the other hand, is to just clean up the problems on the XP machine. If the other machines on the network continue to run trouble-free, just fix the one with trouble. You probably don't even need to recover or reinstall. Uninstall the ActiveX components, close the firewall back up, run anti-virus and anti-spyware apps (at least 3 different free ones) to remove anything that might have shown up, and if there are less than a handful of problems detected, you don't really need to reinstall. Run msconfig to check for extra crap at startup, and use HijackThis to check for any remaining browser toolbars, add-ons or other crap you don't want. Then make Firefox the default browser. Incidentally, there is a Firefox add-on available called IETabs which lets you run an IE-specific webpage from Firefox without starting IE and all its add-ons (it does use the base IE rendering engine tho).

If the machine hasn't had a fresh XP install in over a year, then it's time to reinstall anyway, and the sluggishness might have little to do with the extra ActiveX crap your wife had to use.

A cleanup might take you 2 hours. A reinstall could take longer, depending on how organized you and your wife have been about backing up data and how many programs you'll need to reinstall. VMWare works, but isn't free. These are the considerations to balance. Good Luck!

Re:Can't you just fix the problem? (1)

Spit (23158) | more than 5 years ago | (#27175511)

Virtualbox is free, in both regards.

Re:Can't you just fix the problem? (1)

SwedishPenguin (1035756) | more than 5 years ago | (#27176261)

Only the open source edition i entirely Free. The closed source edition has some extra features (like USB support), but it's free for personal use.

Re:Can't you just fix the problem? (1)

rec9140 (732463) | more than 5 years ago | (#27175699)

VMWare works, but isn't free. These are the considerations to balance. Good Luck!

VMWare Server, ESXi and Player don't get any cheaper, than $0.00. Thats pretty free in my book. Get VMWare, create VM, ONCE, zap after it becomes a computer hazmat zone.

Re:Can't you just fix the problem? (1)

Malc (1751) | more than 5 years ago | (#27175993)

"If the machine hasn't had a fresh XP install in over a year, then it's time to reinstall anyway,"

Why?

My work laptop is five years old, never reinstalled XP. It's fine. Until I replaced it with a MacBook Pro, my home computer hadn't been reinstalled for years either. Why would I want to do so?

Re:Can't you just fix the problem? (1)

chuck97224 (1123537) | more than 5 years ago | (#27176157)

I think the key point is this: It's his wife's machine and he wants to take the least risky path to solving the problem. If he just fixes the current machine and wife still has problems, then he gets the arrows. But if he sets up a clean machine and his wife has problems, then Microsoft gets the arrows. Hence, it is in his best interest to set up a "clean" machine.

btw, I use virtualization all the time (VirtualBox, VMWare Server, QEMU) on a linux host machine to run Windows. There are a few limitations to consider: VM's are noticeably slower than the host machine (QEMU is the worst). USB support varies (for example VirtBox can't connect to my thumb drive). 3D Video either doesn't work or sucks to the point that it is worthless.

Re:Can't you just fix the problem? (1)

LurkerXXX (667952) | more than 5 years ago | (#27176173)

If you need to install XP fresh each year...

YOU ARE DOING IT WRONG.

Re:Can't you just fix the problem? (1)

LurkerXXX (667952) | more than 5 years ago | (#27176183)

VMWare player IS free.

VMWare server IS free.

VirtualBox an option (0)

Anonymous Coward | more than 5 years ago | (#27175191)

Take a look at VirtualBox, http://www.virtualbox.org/. It works well, its free, and it allows you to setup an sandbox within which you can allow insecure browsing.

try portable apps or pendrive apps (0)

Anonymous Coward | more than 5 years ago | (#27175205)

Try these programs which work from a USB drive: http://portableapps.com/ [portableapps.com] http://www.pendriveapps.com/ [pendriveapps.com]

Sandbox software (3, Insightful)

bakuun (976228) | more than 5 years ago | (#27175289)

While running a virtual machine certainly would solve the problem, I think it might be more than a tad overkill.

Just get some sandboxing software (i.e. "sandboxie", which I've only heard good stuff about) and run internet explorer from within such a sandboxed environment.

Just like a VM it will keep IE (or anything spawned by IE) from messing with the rest of the system, but with the advantage that it is much more lightweight than a typical VM.

Re:Sandbox software (1)

bakuun (976228) | more than 5 years ago | (#27175307)

Ah, another note btw: using a VM you would have to purchace another windows license. You'll avoid that by using something lighter (the software I mentioned, sandboxie, is not free - but it is a hell of a lot cheaper than a copy of windows.)

Virtualbox + Linux (1)

markdavis (642305) | more than 5 years ago | (#27175391)

Load up Linux and Virtualbox. Then you can run any number of MS-Windows snapshots under it as needed. If you get infected, just revert to a previous snapshot and your problem is solved.... instantly.

Meanwhile, you have the opportunity to learn and experiment with a newer, more enjoyable, free, and open OS (and VM) instead of just being "stuck" with MS-Windows 2000. And it will be an OS that will likely not be compromised by virii, spyware, and malware.

Windows 2000 is out of support (0)

Anonymous Coward | more than 5 years ago | (#27175545)

Windows 2000 is out of support. That means, no patches for known issues. It's been out of support for a few years. Chances are your PC is pwned. The only way it could be worse is if you were running Win98.

Based on your other questions, you and your wife have much to learn. Start with VirtualBox and run a live linux distribution (no HD install) under a VM. Don't know how? http://justfuckinggoogleit.com/ [justfuckinggoogleit.com]

Re:Windows 2000 is out of support (3, Informative)

wjsteele (255130) | more than 5 years ago | (#27175633)

Windows 2000 is not out of support. It is, in fact, still supported under the "Extended Support" model, where security fixes are still produced. It has left the mainstream support model where tech support was free. The difference between mainstream and extended is that you must pay for tech support calls instead of them being free.

According to this [microsoft.com] , Extended support doesn't end until July 13, 2010.

Bill

Re:Windows 2000 is out of support (0)

Anonymous Coward | more than 5 years ago | (#27175649)

NT4 is out of support. W2k receives security patches only. XP is set to receive the same treatment shortly.

This fact is made worse by the advent of Vista and its SP2 (Win7) which no one wants...

Had a similar case with wife taking classes... (2, Interesting)

Ungrounded Lightning (62228) | more than 5 years ago | (#27175675)

Wife in question has administered lab machines before. So I left the Windows admin to her. B-)

For net access I put a third ethernet card in the Linux-based firewall machine and added rules:
  - This new "red" net, like the "blue" net where the linux boxen live, was essentially restricted to talking to the firewall machine and outgoing TCP connections (plus very few specific other things.)
  - "Red" and "blue" were treated, with respect to each other, as just as foreign as the wild-and-woolly Internet.

I know this doesn't answer questions about "How do you protect the Windows machine?". But there is plenty of stuff elsewhere about that. Plugging Microsoft's security holes is a multi-billion dollar industry. This was "How do you protect the rest of the machines in the house?". Giving Windows boxen their own LAN segment and walling it off from reduces the problem to the equivalent of a Windows box (or LAN of them) alone behind a NAT/Firewall machine. That's an already (sorta) solved problem.

Linux plus crossover office (1)

transporter_ii (986545) | more than 5 years ago | (#27175885)

Make your system a dual boot and install Ubuntu and Crossover Office, at which point you can click a button and install IE on it.

Ironically, I had to install IE to take an online Linux course.

But IE works great and it being that it isn't actually running on Windows, I've never had a moments trouble.

Also, in some cases you can stick with Firefox. There is an add-on to let you report back to the site that it is IE. I've found that a lot of sites that say they are IE only will actually work with Firefox...but this is kind of hit and miss.

And also, I have one Linux system with Win4Lin on it and running XP. That also works well, but native IE running in WINE actually works much smoother.

You know, Firewall or not, the latest Ubuntu is going to be way more secure than an old Windows 2000 machine. Use Linux on the Net and then boot to Windows when you need an old app.

Transporter_ii

why make this overcomplex? (1)

YesIAmAScript (886271) | more than 5 years ago | (#27176347)

Simply start by making a non-administrator account on XP and surf from that account. It will reduce the likelihood of getting a system-wide virus or worm to near zero. You still could end up with a bunch of crudware on that account if she clicks "yes" to questions about installing plug-ins and such. But you should be able to fix all that by just deleting that user and making a new non-administrator one.

Minimal priv's (0)

Anonymous Coward | more than 5 years ago | (#27176481)

Make an account on the machine and give it guest access, make use of psexec from system internals to run IE as that user only. It will not have access to executing anything weird on the machine and it restricts the user down pretty far but should not have any problems with access to what it needs for the online classes and any other web surfing you might want to do.

Perhaps Dual Boot as a Solution? (1)

t2000kw (1066988) | more than 5 years ago | (#27176565)

Why not set up a dual boot machine? You could install Linux on a separate partition and let GRUB handle the choice between which OS to boot to at startup. You could even set up two XP partitions, and use something like NeoSmart Technologies' Easy BCD as a boot manager. I use it in my Vista partition to allow me to boot to Linux when I want to, and it works pretty well, but you can also use it to choose between different Windows installations. That way, the partition with all of the suspect Active-X controls and such would be separated from the good Windows partition. The only problem with using Windows for both operating systems is that malware might "see" the other Windows partition and cause problems. Of course, it might also "see" a Linux partition, but unless it destroys data, it probably won't find anything useful to exploit there. Just my 2 cents, subject to inflation.

Honey, I love you (1)

actionbastard (1206160) | more than 5 years ago | (#27176595)

But if you use IE for anything but college classwork...Bang! Zoom! Straight to the third moon of Omicron Perseii Eight!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>