Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie? 503
madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive.
So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.
madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"
Simple (Score:5, Informative)
Install Microsoft Security Essentials and forget about it.
Re:Simple (Score:5, Insightful)
Re:Simple (Score:4, Informative)
If you really want to increase your paranoia, you could install ZoneAlarm.
Re:Simple (Score:5, Funny)
Recommendation for a Microsoft product.
Not a snarky post about how he should install some obscure linux distro instead.
(Score:5, Informative)
WHO ARE YOU PEOPLE AND WHAT HAVE YOU DONE WITH MY SLASHDOT!?!
Comment removed (Score:5, Insightful)
Re:Simple (Score:5, Informative)
Re: (Score:3)
If you do no
Comment removed (Score:4, Insightful)
Re:Simple (Score:4, Informative)
Actually I've found MSE to be the least intrusive and most resource sparing of all the windows anti-virus. AVG works well but they nag living hell out of you to upgrade and so do most of the others. Of course I haven't tried any of the paid versions. MSE is free and easy and I figure they built windows so should know how to protect it....I'm sure there are API's that none of the other anti-malware authors know of that Microsoft engineers use.
Re:Simple (Score:5, Informative)
Actually I've found MSE to be the least intrusive and most resource sparing of all the windows anti-virus. AVG works well but they nag living hell out of you to upgrade and so do most of the others. Of course I haven't tried any of the paid versions. MSE is free and easy and I figure they built windows so should know how to protect it....I'm sure there are API's that none of the other anti-malware authors know of that Microsoft engineers use.
I agree. it's definitely been the lightest foot print so far for a basic antivirus. Symantec and McAfee are hogs. I ran AVG for a while until it started getting to be resource hungry and missed a common trojan on my wifes computer.
Contrary to what a 1998 level of experience with Window might infer, Windows has gotten a lot more secure. The best protection is good habits and using known safe software. To help avoid infections I would recommend using Chrome or Firefox, as there are still zero-days out there for IE. Avoid crap from Adobe if at all possible. Teach the kids not to install or run random programs from the internet (yea, I guess your safer there on Linux). Install Windows 7 with the UAC enabled and either run the kids with a non-admin account or teach them that the UAC prompt is important, same as you'd do under Linux.
I think you've done yourself and the kids a mild disservice by avoiding windows with such a passion. When they get into the real world, it won't be just WOW that they need to run. It'll be business apps like MS Office, LabView, or something else that's truly Windows-only and having Windows experience (even if they prefer Linux) will be invaluable.
Re: (Score:3)
Wow, such vehemence. The original poster described himself as shunning Windows. You're making the assumption that I shun non-Windows which is certainly not true. I would certainly consider it flamebait.
I manage some large R&D networks running mostly Win7, XP, RHEL, Fedora, and some Debian. Having used Labview on both RHEL and Windows, I can tell from personal experience that they are not the same. On Linux it seems like you're constantly having driver issues, particularly since the drivers have to
Comment removed (Score:5, Informative)
Re: (Score:2)
It hogs the CPU and makes the disk thrash like a Dickensian schoolmaster. So even if it misses any malware or viruses they won't have time to do anything nasty.
So, you're saying he should just install windowsME or vista?
value of your time (Score:5, Insightful)
Run it through your regular NAT router setup and tell your kid not to download nasty stuff!
And consider the educational value of having him get viruses. And the joy of reinstalling the OS.
Maybe he will appreciate dad's wisdom to date ;)
Re: (Score:2)
Re:value of your time (Score:4, Insightful)
At 12 years old, he's about an age where he can learn about malware, virusses and backups yet young enough that data loss will be marginal.
Ideally, set up a backup of any important files (homework, pictures, email) from Linux that the kid doesn't know about so atleast the damage can be repaired after he's learned his lesson. It should be easy to setup from whatever current backup solution you have running. If you have no current backup solution, you should worry about education yourself on security before you start educating your kid ;)
Re:value of your time (Score:5, Informative)
Ok. But the basic security steps should be:
1. Use windows 7 64 bit, it is more secure
2. install Windows and create a user you will use for the "root" work. Call ist root, if you like, or boss orbwhatever. Do NOT set a password yet! Search for updates using windows updates. Do not hesitate to install all optional updates. MSIE will end on the machine anyway, so it's best to have the least insecure installed. The optional drivers are propably crap, but they're better then the generic drivers that came with Windows. Install updates. Reboot, install updates. Reboot, install updates. This is the most annoying part, but eventually, Windows update, when asked to search for more updates, will report it has none in store for you. Phew.
3. If it didn't install already, install MSE.
4. in order to work correctly in games, you will now need to install the latest drivers for the video card and for the soundcard. Do not rely on the optional windows drivers for these two components, replace the ones you got in step 3. These are the important drivers that get glitchy in games. First place to look is NOT the producer of the laptop, but the producer of the chips that are used in the laptop for sound and graphics. Google for it. Only if step 4 breaks it, try the producer of the laptop for drivers. Only if the producer of the laptop has no drivers and the drivers from the producers of the chips break the installation, repeat step 1-3 and omit step 4.
5. install the desired games and software
6. Install chrome or Firefox. Chrome might be a bit more secure. Install a PDF reader.
7. Install PSI from secunia in order to keep the update-hell in check. Run it once to check if everything is up to date.
8. Now set up the account of your son as a normal user, give him a password. Now give the root account a password, as you will soon expose the laptop to your son the real world, not just a few sites.
9. Backup and setup a backup-routine.
Give your son the computer and the password for root. Explain to him that it is his responsibility to doublecheck if a program is OK to run with Admin-privileges. From time to time, make him login as root/admin and check if any bad written programs ask for updates and check if PSI complaints about old programs and keep them up to date.
Most importantly: the best antimalware is a brain. Inform him, that he must double-check (with google, for example) that a source of downloadsoftware is reliable if he downloads software from the internet. If something sounds too good to be true, it propably is.
My best windows admin tips come from *nix (Score:5, Informative)
First, don't give anyone admin privileges with their default account. You are just asking for trouble if you do.
Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.
Re: (Score:3)
Re:My best windows admin tips come from *nix (Score:4, Informative)
Real gamers disable swap all together on their gaming rigs i the first place - you don't want the disk slowing you down ever while playing and physical memory is cheap...
I agree dumping in more memory will enhance performance for memory hungry apps. That was especially true for XP and even more for Win7. Win 7 manages memory and swapping a whole lot better though. The reality is that you'll probably not notice any performance difference with or without a pagefile if you have enough memory to handle the normal memory commit charge, and you may cause problems with some games or apps that like to create a large memory commit even though they don't actually need it (SQL Server, Firefox, etc).
I would suggest keeping the pagefile, especially if it's on a fast SSD drive. That way the game can keep maps in memory, even if it's paged out to the fast SSD, instead of dumping and reloading from the slower spinning drive.
/proc/sys/brain/swappiness = 0 (Score:4, Insightful)
By and large, real gamers are pretty clueless about software, know less about OSes, and nothing about security. What they know of hardware comes straight from benchmarking websites.
Generally speaking, you get ugly results when you run out of RAM with no swap file. Windows of course has notoriously aggressive paging, and changing this behavior is not as simple as on other OSes. There are a couple of registry settings, however, that govern how large the filesystem cache is and whether drivers and core components can be swapped to disk. You can also lock the process in memory if you really must.
Yes, you can more simply set the swap size to zero. Yes, many people don't have stability problems with this. Yes, you can use a wrench instead of a hammer if you have to.
If your system is having issues with paging, don't disable paging: just buy more RAM.
Re: (Score:2)
Re:My best windows admin tips come from *nix (Score:5, Interesting)
Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.
Stupid advice, based on an old Unix/Linux myth.
Consider this: What is the paging file actually for? Yes, for swapping out "dirty memory" when the memory pages are needed for something else. The paging file is *not* used like a large video file. It is being accessed *randomly* (non-sequential) *most* of the time.
What if the primary concern with fragmentation? Answer: Excessive head movements.
And you advice users to place the paging file on another partition, all but *guaranteeing* excessive head movement on *each* access to the paging file? The original recommendation to place the swap file in its own partition was that Linux (and most Unix'es) fails pretty horribly under low-disk space conditions. I.e. the recommendation was for space management - not for controlling fragmentation.
Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.
The *only* files that really benefit from *not* being fragmented are large files that are access in sequential fashion or which account for a very large share of all disc accesses (such a large video file or a database file in a single-instance database server).
If you are concerned that the paging file may grow and shrink and thus cause fragmentation of *other* files, then simply reserve a minimum size for the paging file. If you keep it on the same disc as the OS, then you should definitively keep it in the same partition as the rest of the OS. Now, if you could move it to another physical disc - that would offer a performance improvement - as long as you reserve that disc for paging.
But suggesting to move the paging file into a location where you are guaranteed to *increase* head movements - that is nonsensical. Unfortunately that is a very hard myth to bust.
Re: (Score:3)
Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.
Perhaps I was unclear. The fragmentation of the paging/swap file is not the big issue here per se, rather it is the effect on the rest of the storage volume of having a fragmented swap file. When windows makes the paging file look like buckshot scattered around the hard drive, it naturally ends up scattering the files themselves all over the hard drive. Pretty soon you have a hard drive full of fragmented files, and since the paging file is often rewritten entirely each time the system boots, you end up
Re:My best windows admin tips come from *nix (Score:5, Interesting)
By the time anything comes down to local limited user vs rewt, you've already lost the security battle. So what if kernel32.dll is safe, when all of your programs have every right to destroy all of your files anyways?
That is bad advice. Security is all about layers. If the first level of security is breached then you don't just throw your hands in the air and concede defeat. That is like putting a fence around your property and then not locking your doors. The point is to make it as hard as possible for malware to work.
And so what if they can delete your user files. Most malware these days are made to keep your system running so that they can be remote controlled.
Let him deal with it (Score:5, Interesting)
Re: (Score:3)
This this this.
Kids need to try, fail, and learn. Your trying to put him on a bicycle in full body armor and rig some sort of support system that holds him up if the bike falls over.
Let him scrape his knee once.
I've seen first hands how fast kids learn when the reward is their favorite game working and or working faster. Minecraft alone has been responsible for an entire new generation of hackers who w/o it never would have figured out (or needed to) how to unpack a jar file, make a change, and repack it.
If
Re: (Score:3)
This isn't like 10-15 years ago, when you were severely limited. Today, you can play games, on a PS 1,2,3, xbox, wii, phone, tablet, TV etc. PC gaming, just isn't as important as it once was.
That's gibberish. There are lots of choices of books so you don't need to read the one you want? Games aren't just swappable with any other game. If the kid wants to play WoW or league of legends the best way to do that is on a decent window machine, final fantasy 7 on the PS1 just isn't a substitute. Great game. But not the same thing.
Good luck (Score:5, Insightful)
Your kid might not be satisfied with the way WoW works on an old T400 laptop. Check the graphics specs vs. the game recommendations. And for security, I'd just use Microsoft Security Essentials. It's free, probably works as well as any of the subscription-based anti-virus products and how much do you really care if your kid's game platform gets a virus?
Windows VM (Score:4, Interesting)
If your machines have the power for it. you may be able to get away with running Windows in a VM. Install everything, get it set up properly, then snapshot it and restore to that point at the end of every gaming session. It's one fairly sure way of keeping Windows safe.
Re: (Score:2, Informative)
The problem with this is that VMs do not have access to the graphics card... Meaning it will be CPU rendered and unplayable.
I also think OP is underestimating the requirements for a game like WoW... You so need a decent graphics card to play it... Which a T400 may be lacking.
Re: (Score:2)
So his kid has to reinstall each and every addon to the games he uses every time he wants to play? And he loses all of his profile data (WoW does save some locally)? And now he has to also know how to safely update the image with the weekly WoW updates and patches?
I think that kind of misses the point of a gaming machine. It's supposed to operate as an appliance: boot, play the games, shut down, done.
Re: (Score:2)
Re: (Score:2)
Yes, you re-snapshot after updates (both games and OS). Not sure about WoW, but can profile data be saves in a shared directory on the host OS? This would allow game state to be kept as well.
Not possible (Score:2)
You can use AV, be careful (i.e. stay the hell away from insecure trash like IE or Outlook), but that is it. Windows, when connected to a network, cannot be secured by itself against targeted attacks, unlike any Unix or Linux. In professional environments, restrictive firewall settings also help, but that requires firewalls not running on the host. Security-wise Windows is a lost cause.
A few things (Score:2, Interesting)
1) Install a free antivirus program like Microsoft Security Essential or AVG. Most free antivirus programs are close enough to paid software as long as you pick the better ones.
2) Run the computers network through a filtering program or DNS server like OpenDNS with the filtering option enabled.
3) Limit user account for kid. Install the software he needs for him. This would be a major improvement in security with limited hassles as it's usually the user that is the cause of many security issue.
Bonus) Occasio
Re:A few things (Score:4, Interesting)
I like 1 and 3, but have another suggestion instead of 2. Install a firewall between the computer and the Internet, and block all inbound and outbound connections except on the ports used by the games required. No web browsing, no email, no chat (except in game) on the MS Windows machine at all.
Disclaimer, I've been using GNU/Linux myself almost exclusively since 2003 or something, and so my knowledge of MS Windows is also dated. But, if the worms can't access the machine they can't hurt it. If the child can't access the web, they can't have some ad network serve drive-by-download malware. Etc.
I also like the idea of letting the child learn about computer security themselves and do it all themselves. But that may cause more heartbreak in the end than my suggestion.
Re: (Score:2)
Starting with Windows Vista (and therefore also in Win7), there's a built-in two-way firewall with fine-grained rules. No need for third-party software; if you want to block web browsing on the PC you can just block outgoing connections to TCP 80 and 443 (for example).
Wine - Get Crossover, But Also Get Windows (Score:5, Insightful)
Two comments -
1. If you're going to use Wine, go purchase Codeweaver's Crossover version. It's much better than the standard Wine. Plus, you can get a warm fuzzy feeling you're paying to support open source. PlayOnLinux is an option too.
2. However, do expose your children to Windows. It's what they're going to learn in school and possibly what they'll need in the workplace. (Oh, I'm sure some people would like to point out why I'm wrong, people have been predicting the demise of Windows for decades. It's still the de facto standard.)
Finally, just go download something like MIcrosoft Security Essentials or Avast for your antivirus. They're free and work.
Mod parent up (Score:3)
VM, firewall outside the VM (Score:2)
'nuff said
Look take the long term view. (Score:3)
Heroes of Newerth is the same game as LoL (Score:3)
and it runs on Linux natively. http://www.heroesofnewerth.com/ [heroesofnewerth.com]
Obviously if his friends are already playing LoL it might be difficult to switch.
Re: (Score:2)
If his friends play LOL and he plays HON he'll take shit for it. Honestly, I think HON and DOTA2 are far better games than LOL, but there's peer pressure here, and no one likes playing a game alone, if a few of their friends are playing some other game.
Never mind the laptop... (Score:2)
What about when the WoW/LoL servers themselves get pwned?
It's actually not a bad idea to run Windows in a VM that boots from a clean snapshot every time.
It would be an even better idea if the machine in question was ONLY used for the games in question, but all it takes is one "Let me look that up on Google/Start IE" or "Gotta check my FaceBook" to start the can opener.
MSE is good enough - but teach him to reinstall (Score:5, Informative)
You do want to do two other things. 1) Keep that install disc, and make sure the kid knows how to install Windows himself, plus install his games himself. I think WOW and probably LOL are both cloud-based saves so wiping the HDD is no issue. Reinstalling Windows is generally 1/4 the time and hassle of actually fixing a malware problem.
2) Let him know that he is only likely to get viruses doing things he shouldn't. Drive-by downloads on legit sites are rare. Drive-by-downloads on warez, gold sellers (for WOW), and porn are a lot more common. If he is going to do that stuff (you can't stop him) at least make sure he knows that those are dangerous sites. If his computer is acting funny after visiting one, and a reboot doesn't fix it, then wipe the install.
Re: (Score:2)
Relevant story from two weeks ago (Score:5, Informative)
What free antivirus do you install on windows [slashdot.org]
Install Windows Security Essentials and you'll be fine. Seriously, it's not like by putting Windows 7 on a computer your house is immediately going to be invaded by zombies dragging every virus or malware known to man. Install WSE (or one of the other recommendations from the above thread), run with standard (not admin) rights, and that's pretty much all you need to do.
Neil
Flashblock (Score:2)
Don't use IE, and whichever browser to do use, install Flashblock.
Also, get an installer from ninite.com for Flash, Reader, and Java. Set it to run every day.
A few things to try... (Score:3)
1) Install Microsoft Security Essentials. It's free and works as well as any paid Anti-Virus that I've used.
2) Educate your kids on the types of website to avoid. Sites like Limewire (where kids get free MP3's from) are full of viruses and spyware.
3) Set them up with a non-Admin account. That way if something bad happens the damage is minimized.
4) Install some add ons for the browser. No Script is a good one. It blocks Java Script and the bad guys love to use that to wreck havoc.
5) Consider creating a separate partition for the OS. If something goes wrong it's nice to have the OS separate from your own files.
6) Consider something like Norton Ghost (there are free alternatives as well) that can create a full image of your HD. Take snapshots before doing major system updates. If something goes wrong you can just restore the image and everything is as it was.
7) Running Windows as a VM on top of Linux is a good idea. If something goes south you can simply copy the pristine image back over the corrupted one.
8) Stay on top of the System Updates. Microsoft has "patch Tuesday" where they typically release system patches. Some of them are important and fix known vulnerabilities.
Make him do it (Score:2)
He thinks $100 for an OS is expensive? (Score:2)
Getting Windows 7 from a shop is surprisingly expensive
He didn't even look. NewEgg is selling it for $99 [newegg.ca]. A 30 day WoW subscription is listed on the Blizzard store for $15 [blizzard.com]. So your OS costs less than 7 months of playing just one of the games you listed - tell me again what's expensive?
Re: (Score:2)
A thirty day subscription is $15 + a one time fee of $50 for the license and on average another $50 for the expansion packs. (granted most are now included in the original license but I don't believe the latest one is.)
Ack I think I have done more to prove your point.
Re: (Score:3)
The cheapest price I have been able to find here in Denmark is kr. 1399,- which is $244,-. I was surprised by this.
Re: (Score:2)
Oh Bullshit as long as it's the same hardware you will have no trouble activating it. Seriously whats with the crap FUD. I get it you hate Microsoft but thats no reason to spread lies and rumors.
Image (Score:2)
Install everything (Windows, Microsoft Security Essentials, the game(s), whatever else is needed) clean, update it all, then back an image and keep it handy.
Reinstall the image every month or three.
Unable to meet all requirements.... (Score:5, Insightful)
You want to keep the laptop secure. You want a 12 year old to use it. You want it to run Windows.
There is no solution. There will always be security risks and in some cases a negative time-frame to deal with them. Doesn't matter how good your AV is or what utilities you put on there, if it's connected to the Internet and there's a user at the keyboard then it is inherently insecure.
Now, how "secure" do you need it to be? If you're ok with putting that laptop on a separate subnet from everything else and teach the kiddo to do a proper update check every couple of days you should be able to mitigate most of the 'risk'.... but that seems a bit much to ask.
My security guide may be useful. (Score:2)
I don't believe you. (Score:5, Informative)
WoW runs perfectly under Wine, even under a dirty prefix, and has for like 5 years, maybe longer. League of Legends you must clean Prefix, and install dx9, dotnet2.0, and vcrun2008. Then LoL will work. I know from experience that this shit works.
I went the other way (Score:3)
and went all Linux in house. Told the kid to suck it up for any games that were not available on console. 5 years later I get a couple of complaints here and there but sure as hell beats reinstalling windows every 6 months. You can tell the kids to not download all you want but they're kids so it takes a few times to learn not to download files from all over the places.
VirtualBox (Score:2)
Before you give in, I highly highly suggest you try virtualizing windows on a working (ideally multi-core) Linux box with Oracle's VirtualBox [virtualbox.org].
It's completely free, frequently updated, allows control of everything, including number of processors and RAM to dedicate to the virtual environment, and the only exception is the lack of support for discrete hardware graphics acceleration (But for now should be OK for the games he wants to play).
Re: (Score:2)
Set it and forget it - my tips (Score:3)
As a log term windows admin who's cleaned up more home computers than I care to count, here are my tips:
1. Ensure windows updates are set to download and install automatically.
2. Install AVG Free, sure MS essentials is good, but I guarantee every virus is written to avoid it, I go with 3rd party AV wherever possible.
3. Install Chrome for web browsing, sync the account to google
4. Setup his account as a regular user, don't give him the admin password
5. Setup something to backup Warcraft, it's a huge download, you don't want to be doing it again if you need to reinstall
And that's it, it's basic security but win7 is pretty good, the above has been enough to keep our home XP machine safe for many years.
Ultimately it's a kids computer and they're going to click anything shiny, sooner or later it will get a virus. There are a few key points to bear in mind here:
1. It's going to happen, preventing it is pretty much impossible.
2. Your other computers are Linux, so the risk to them is negligible.
3. Most viruses these days are botnets or phishing, so long as he's not spending a fortune on a debit card, the risk to him is minimal.
4. All the software I recommended will update itself, so it's zero maintenance. That's a major factor in keeping windows secure.
5. If it does end up riddled with viruses, a quick re-install over the top, followed by a sync to google and it's all back to normal, including your files and settings.
Re: (Score:2)
No offense but if the kid does not have access to admin rights it's not his computer, he's just a user.
2nd you obviously have little experience with windows 7 as " a quick re-install over the top" ( I am guessing you are talking about XP's repair install ) is not an option on Windows 7. Hell it will be a computer for gaming and thats it Let it get messed up and reinstall when needed.
Long answer (Score:2)
I'm a Windows guy for the most part so I'll give you my various insights from that world.
First things first - have you tried WineX/Cedega or whatever evolution it's on to try running these things on your nix boxes? I've heard of various successes and I'd assume there's got to be a write up somewhere for how to do this - at least for WoW. Not sure about LoL.
"Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost."
OEM copies are a cheap route and the only main difference is that Microsoft wont provide support directly. You're basically buying as a computer builder
Lenovo T400 does not meet WoW's minimum requiremen (Score:4, Informative)
Other specs on the system are borderline bottom for barely meeting the requirements. Don't subject your kids to that. Get them a new computer with Windows 7 preinstalled. For virus protection, Microsoft Security Essentials does fine (free with Windows 7, though it is a separate download).
You may prefer Linux, and it may even work for you, and for you that is fine. But we live in a Windows world - you are doing your kids a serious disservice by not giving them Windows exposure now. They'll need that experience in 10 years when they are trying to get a job - any job - that isn't Linux development.
Re: (Score:2)
Re: (Score:2)
Have to agree, I just upgraded my girlfriends laptop for WoW, I got her an Inspiron 15r Special Edition (the one with dedicated graphics). You really do save your self a lot of hassle getting something that will actually run the game. At $800 with windows installed it really is not that expensive.
Almost no harm can be done (Score:2)
Since he will be the only one to use it, and for games, there should be nothing of value on the computer, so some malware are not going to be the end of the world.
At worst, he will have his battlenet account hacked, so just teach him to use secure passwords and an authenticator. (You probably already did.)
As some others have already pointed out, the best is to let him experiment by himself. However, there aren't that many (common) ways to get malwares; if it happens, you'd best have a talk with him about no
Re: (Score:2)
You want a windows appliance eh? (Score:5, Insightful)
Translating - you aren't a windows guy, and you aren't going to become one for this, but you don't want to waste time reinstalling every couple of weeks or listen to your kid crying his account got hacked.
With that premise
- Set Windows updates to nightly download and install automatically.
- MSE (AV from MS) is fine, oddly enough. Its even light enough you can run a second one such as Avast! if you wish.
- NAT router in front assumed
- Leave the Windows Firewall on, don't enable file sharing
- Install Firefox, make it the default browser, load two addons - NOSCRIPT and AdBlock Plus. Remove the IE icon from the desktop.
- Council the kid that this is NOT his general internet browsing/use machine. It is dedicated for the games. Continue to browse etc. on the systems you know how to maintain.
With the above, you have no cost, minimal maintenance and the machine is very likely to stay secure for years.
Most ISP accounts come with AntiVirus software (Score:3)
Do you have broadband?
They all come with a free security suite.
http://xfinity.comcast.net/constantguard/Products/CGPS/norton/ [comcast.net]
http://www.cox.com/css [cox.com]
www.att.com/esupport/article.jsp?sid=KB402441
http://www.rr.com/security [rr.com]
http://www22.verizon.com/home/utilities/security-backup [verizon.com]
...and have not been using Windows since 1998 (Score:2)
Here's what I do (Score:2)
You need to use a sandbox - google for sandboxie, read up on it and find out how to set it up to put your bookmarks outside the sandbox, etc.
You need to use a good browser, right now for me that's Chrome.
You need to do the customary tweaks to the browser such as ad-blocking, script blocking, etc. Ghostery seems to do well, chrome also has a noscript clone.
You can make windows accounts with limited privilege.
If you want an active antivirus you can use microsoft security essentials - free.
If you want to pay f
I am a Linux gamer, X-mas LAN party (Score:2)
Every year I host a LAN party on X-mas Day. On Linux.
2006 - Duke Nukem 3D
2007 - Urban Terror
2008 - Warzone 2100
2009 - Doom 3 and Unreal Tournament
2010 - WoW
2011 - Enemy Territory Quake Wars
This year will be Borderlands or Halo. (Under Wine) Not sure which.
So the idea this kid needs Windows 7 is doubly rediculous. I make it my business to host contained LAN wars for Friends and Family.
Consolization (Score:2)
Secure the kid (Score:2)
The biggest security hole in every system is the human. Teach your kid safe browsing and general safety guidelines. Viruses don't get on a machine by themselves. Put on MSE and a firewall. Don't use third-party antiviruses, they cause more pain than the actual viruses.
Lock it down. (Score:3)
1) install Windows 7 and set a password for your account.
2) Install all MS Service packs, patches and MSE.
3) Make a Limited user account, and log into it. This is your Kids account
4) Install Chrome for that user, give him a Gmail account to backup settings (in case something does happen to the system) and install Adblock plus with the Easylist filter on it. Set it as the default browser. Hide or disable IE afterwards. This also sandboxes the browser even further and gives him flash player and PDF functionality without having to worrying about updating those.
5) DO NOT INSTALL JAVA!! He doesn't need it, it's full of exploits, and every exploit kit on earth uses it to infect your box! If he needs Java for Minecraft (and seriously this is the only reason to install Java. Anything else say no.) then Install the 64 Bit version and run it from the minecraft executable on Mojang's site. The 64 bit version of Java doesn't work for browsers other than IE 64 (which you uninstalled) so just install that one and update it manually since the clueless idiots at Oracle hasn't figured out how to auto update 64 bit java for some reason..
As for games.
1) install the game as the admin. Try it on his user account. If it works, Great.
2) If that fails or if you just want to simplify setup, use UACTrust [itknowledge24.com] to make a shortcut that is pre-trusted. Since it's unlikely WOW or LOL will hack the machine directly, you can use this so he can play the game while the other stuff is user snadboxed.
Other notes:
You said you're letting him use a Lenovo T400. Ban him from using USB devices on the left USB ports unless you want to replace a Board for $300. If he must use USB, Only use the right USB port by the CD-Rom and use a Hub. That port never breaks.
Um...you're doing it wrong. All of it. (Score:3)
A couple problems with what you're doing:
1. Games on a Lenovo?! Lenovo is Chinese for 'shitty laptop company' Their computers are for business, not gaming.
2. Norton? Norton's a scam. Just use Microsoft Security Essentials. Even if you get a virus, who cares? Worst case, reformat, start over.
It's not so complicated.
Wow has a Platinum rating on Wine (Score:4, Informative)
What do you mean you "couldn't get wow to run on wine"?
WOW has a platinum rating on wine's appdb [winehq.org].
For those of you who don't know, platinum means that absolutely no tweaking is required at all.
If they want to game on wine though, make sure you get an nvidia card. It's the only way to go. Sure ATI/Intel are more open, bla bla, but if gaming's what you want, then it's your only choice.
EMET (Score:3)
Surprised I haven't seen this mentioned, but in addition to MSE, Microsoft also offers a second exploit prevention/mitigation tool called EMET http://www.microsoft.com/en-us/download/details.aspx?id=29851 [microsoft.com]
Well, do it, but... (Score:4, Interesting)
...one word: Proxy.
Run your kid's network connection through it (enforce it via the home router if necessary), and whitelist what he is allowed to visit. Here is an example of how to set up SQUID to do that. [sheepguardingllama.com]
That by itself will knock out virtually all threats from the network.
As for the machine itself, install CCleaner and AVG (which IMHO is among the least intrusive of the A/V solutions), maybe tweak RDP so you can sniff around in there from time to time remotely w/o his knowledge, and that should cover practically everything you really need to protect and control your kid's computer.
Re:Well, do it, but... (Score:5, Insightful)
"Any snooping should be in the open and agreed upon beforehand."
Exactly. Any it doesn't matter if the child looks at porn. That's what teenagers do. Even better, find some sites with some non-extreme porn (no violence, and even no insults at the women) so that the child doesn't think that fucked up things are normal. It's not normal to insult and hit a women (unless she wants you to). Hell, maybe even just some naked pictures, no need to show sex at all.
Re:Well, do it, but... (Score:5, Interesting)
Maybe. But then do it from a Linux computer. There are obviously plenty of them available in that household. There's no need to allow it from the Windows computer which is the one most likely infected by malware from those porn sites.
Re: (Score:2)
True enough. But it was more a comment about snooping than about Windows.
Re:Well, do it, but... (Score:4, Interesting)
Actually, porn sites tend to be among the safest as far as malware is concerned. You're more likely to catch an infection from your local church website. [http://daltondailycitizen.com/national/x1968178697/Unprotected-sects-Church-websites-more-likely-to-have-viruses]
Re:Well, do it, but... (Score:5, Funny)
find some sites with some non-extreme porn (no violence, and even no insults at the women)
Good luck, that's a small niche. You'll probably have to film it yourself. By the wa, if it comes to that, I don't know if trying to disguise or hide your face on camera is worth the hassle, but if you find it isn't, then there's no reason not to do a live show for the kid. Might be alittle awkward, but the opportunity for an improptu Q&A session offsets that.
Re:Well, do it, but... (Score:5, Insightful)
He said his son is going to play WoW. That means visiting WoW sites, and possibly WoW guilds. This means he'll be exposed to keyloggers, malware and other crap. While I agree it's better to avoid the whore than to wear the condom, but if you know you're going to visit the whore anyway better suit up. Also, and I know many parents particularly on slashdot don't agree with me and that's fine, but my children get privacy once they reach majority and move out and establish financial independence. Until then their lives are my business.
If your son is going to play wow, make sure he has two factor authentication enabled. Especially important is to make sure he sets his email password differently than his game password (or better yet, you sign up for his account with one of your disposable email accounts, and let him create the battlenet account).
Re: (Score:2)
While I agree it's better to avoid the whore than to wear the condom, but if you know you're going to visit the whore anyway better suit up.
Birthday Suit UP! [youtube.com] Also, MSSE is decent.
Re: (Score:2)
Can you give any concrete benefits of installing CCleaner?
It keeps the browser cache sizes down, and keeps the registry bloat to a minimum. It's also a free utility that has no spamware/adware/whatever.
Any snooping should be in the open and agreed upon beforehand.
doveryai, no proveryai [wikipedia.org]. Trusting your teenaged child is a pretty ideal, but making certain that the lessons you taught him sticks is just as important. In an age of a hyperactive RI/MPAA, anti-bullying laws and suchlike, it is doubly important to keep his online activities from coming back to you, and to catch any troubles before they get too big to control. It als
Registry cleaners are useless (Score:3)
The design of the registry makes it very difficult to tell what is "bloat" and what is not. Various optimizations in XP and more recent versions mean that any performance enhancements should be negligible. Unless those few hundred kilobytes are important, and the possibility of breaking software components of your system is not, you should not use CCleaner or any other registry cleaning tool.
Why would you want to have a limited browser cache anyway? Do you like longer access times?
Re: (Score:2)
Re:IT'S A TRAP !! (Score:5, Informative)
Submitter here:
Step 1: There is no windows to uninstall. There are literally no Windows installations in this house, (and actually never have been, as we built the house in 2004, but that is another story). The kid in question - my 12 year old son - does run Linux (Kubuntu 12.04) and uses e.g. Scratch from MIT for programming, libreoffice for school work, minecraft for, well, minecraft and so on, and so on. Oh, and he runs his own minecraft server.
But, no, I can't get WoW and LOL to work with/under Linux (neither can he). Starting point is some semi-old laptop (not the T400, which have just become available recently), running Kubuntu 12.04. Been through various permutations of Wine, Crossover and some "just install this, guaranteed to work, autoinstall Wow" permutation of crossover (I think, have forgotten the details). For all, it looks as "the right thing" happens, but eventually it turns out something or other does not work, e.g. the system is left for 24 hours to download the last 1% and it just does not happen. I think the last approach we tried, we ended up installing a US version (?) and beeing in Europe, this apparently (eventually) failed to start. Or something. I have lost count of the hours we have used. I simply can not make it work, and I do not know any persons that can. I could possibly hire someone to do it, but I have no idea if it ends there. What if all his friends plays "FunkyNewGame" next year, that only runs under Windws? What then? Make no mistake: I consider Windows in this context simply a console, much like the PS3 - but a console that needs a lot more handhelding than the PS3 (And, I understand that WoW does not run on the Xbox).
Now, beside that I personally have other things to use my time on, all this fidling is also a very frustrating experience for my kid. I do not expect you to understand this, especially not, if you have no kids, but he gets his hopes up high, and sort of thinks his dad is "the shit" for finally making this work, and then, after 4-5 hours of reading, installing, downloading, and whatnot, it just does not work. And, another day/week/month has gone by with him still not beeing able to play WoW/LOL with his friends. So, as I stated, I am going to bite the bullet and get Windows. For this particular purpose. (Oh, and possibly to reprogram the properitary house control system of this house, which was the only legal option to install, according to Danish Law, when the house was built - but again, that is another story).
You may argue that my linux skills are inadequeate because of this - you may be perfectly right. The sad truth is then, that my Windows skills are even worse.
Windows for Linux users, advice (Score:5, Informative)
I maintain a machine much like the one to be used by your son. You are right to give up on trying to get these games working in Wine. Even if you succeed, the next patch might break it. It creates an unreasonable amount of recurring effort, which you can avoid entirely for the cost of an OEM Windows licence, which is really, really cheap in comparison. Sure, this is not what Stallman would say, but then he does not support PCs for a family.
Here are some suggestions:
1. Windows 7 on a new laptop.
2. Install Microsoft Security Essentials. It's free (beer). Don't bother with Norton.
3. Create a regular user account for your son. Ensure the account is not able to modify system files without asking for the admin password. This prevents most of the nasty things malware tries to do. WIndows security is actually really good these days.
4. Order a Blizzard authenticator to go with WoW. This excludes more nasty things that malware might do... just in case!
5. Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.
6. When working with Windows, use the same patience you have to use when working with an unfamiliar Linux distribution. Don't expect everything to be straightforward or logical, and be pleasantly surprised when it is. The only extra thing you need to beware of, but Linux users do not, is that there are scam sites which offer to "help" you with common problems, e.g. device driver issues, and serve up malware instead of help. Good practice is to research Windows problems on a Linux machine.
Re: (Score:3)
Some minor notes here...
IMO a new laptop is not essential; BUT it must be 'Windows Logo' for Vista or later otherwise Windows 7 will use a rubbish unaccelerated frame buffer video driver.
Also I would make sure you use the 64bit version of Windows; it's a slightly more hostile environment for malware.
This is good idea; but treat it as a 'best practice', give him both passwords. After all we have here a 12 year old with some skill at Linu
Re: (Score:3)
The Windows license on a Lenovo T400 is going to be for Windows Vista, unless you ordered one of the corporate oriented ones with XP. It will also be a pain in the ass to get that Windows partition working if it ever breaks. You don't get real install media from Lenovo, just their recovery program--which sucks and easily can break.
Just ignoring the whole thing, buying Windows 7, and installing that is absolutely the right thing to do. It's bad enough he's being force to have a Windows laptop in the house
Re: (Score:2)
I am sure you will be able to buy Win7 laptops for quite a while yet
Anyway, one important part of securing a laptop is to chain it to something, like a desk or your wrist.
Re: (Score:3)
$550 is quite a bit for a used computer.
Re: (Score:2)
This is good advice imo. Better than you having to use Windows, which you clearly don't want to do, make sure he can. Unless he's really lucky, his career (or at least academic life) will force him to use Windows anyway.
Re: (Score:2)
If you're worried about your kid getting access to inappropriate things on the net, try K9: http://www1.k9webprotection.com/ [k9webprotection.com]
Don't be a frigging nanny! We're talking about a 12-year old who is old enough to learn that there is crap out there. He's going to find it anyway. If you're worried, tell him that he can only use the computer in the living room or some other visible area. He's not likely to surf porn in the living room where anyone can walk by.