Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Protecting Home Computers From Guests?

timothy posted 1 year,15 days | from the quick-name-an-os-that's-never-been-compromised dept.

Security 572

An anonymous reader writes "We frequently have guests in our home who ask to use our computer for various reasons such as checking their email or showing us websites. We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware, despite having antivirus and the usual computer security precautions. We have tried using a Linux boot CD but usually get funny looks or confused users. We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised. What tips do you have to overcome this problem, technologically or otherwise?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Guest wifi... (5, Insightful)

Anonymous Coward | 1 year,15 days | (#43361939)

I think they call it guest wifi and byod.

Re:Guest wifi... (-1)

Anonymous Coward | 1 year,15 days | (#43362121)

Too much... friends are overrated anyway!

Malware eh? (5, Funny)

i_ate_god (899684) | 1 year,15 days | (#43361943)

> We are happy to oblige, but the problem is many of these guests have high risk computing habits and have more than once infested one of our computers with malware,

Really? It's not that they started typing something into your browser and the browser history showed off all the sick and twisted porn you watch? :P

Linux Boot (5, Insightful)

Sylak (1611137) | 1 year,15 days | (#43361945)

Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.

Re:Linux Boot + PRINTER (3, Informative)

xxxJonBoyxxx (565205) | 1 year,15 days | (#43362113)

>> Have a dedicated Linux boot just for them, and if they give you funny looks tell them too bad.

This. As long as you can PRINT from it. (Most of the time I loaned "local" computer access it was to let someone print airline boarding passes.)

Also make a couple paper copies of your WiFi creds and encourage them to BYOD.

Re:Linux Boot + PRINTER (0)

WillKemp (1338605) | 1 year,15 days | (#43362187)

Printing boarding passes? How quaintly retro! The last few times i've flown, the boarding pass has been sent to my phone as a text message.

Re:Linux Boot + PRINTER (0)

Anonymous Coward | 1 year,15 days | (#43362397)

Depending on the airline/airport combo, paper boarding pass might be the only option. Couldn't get a mobile boarding pass for US Airways in San Diego, for example.

Re:Linux Boot (5, Interesting)

Phillip2 (203612) | 1 year,15 days | (#43362207)

I've had lots of visitors in my house, of various ages, various skills levels. Most of them managed to get a browser open on linux, then it all works from there.

Other way is to use a VM, with a snapshot, so you can just revert it when you have finished.

EZ (1)

Anonymous Coward | 1 year,15 days | (#43361959)

Don't let them use your computers. Done.

Chromebook maybe? (1)

Anonymous Coward | 1 year,15 days | (#43361961)

Guest chromebook seems like one good option -- probably rather harder to compromise, and lets guests surf/etc...

Virtual Machine (5, Insightful)

FiveLights (1012605) | 1 year,15 days | (#43361965)

Set up a VM in Virtual Box for them to use. Take a snapshot of when it was healthy and new and just revert to that each time someone wants to use it. Even paying for a Windows install for the VM would be cheaper than an iPad.

Re:Virtual Machine (1)

Raven42rac (448205) | 1 year,15 days | (#43361987)

Windows Steadystate used to do a decent job of this on XP.

Re:Virtual Machine (2)

fuzzyfuzzyfungus (1223518) | 1 year,15 days | (#43362303)

Windows Steadystate used to do a decent job of this on XP.

Which, for some reason that probably had nothing to do with pushing AD and group-policy tinkering on a bunch of schools and libraries and other relatively unsophisticated organizational users, is why Microsoft killed it. Support ended a couple of years back, availability 3-ish. No 64-bit or Win7 compatible version ever existed.

Re:Virtual Machine (1)

Saethan (2725367) | 1 year,15 days | (#43362191)

Set up a VM in Virtual Box for them to use. Take a snapshot of when it was healthy and new and just revert to that each time someone wants to use it. Even paying for a Windows install for the VM would be cheaper than an iPad.

I'd mod this up if I had points, it was going to be my suggestion. Really, though, the best option has been mentioned elsewhere - give 'em access to your wifi and tell them to bring their own damn computers. :P

Re:Virtual Machine (5, Informative)

Erioll (229536) | 1 year,15 days | (#43362205)

I agree. Fullscreen the VM, and they'll probably never even know that they weren't using your "actual" PC.

Re:Virtual Machine (2)

freedom_surfer (203272) | 1 year,15 days | (#43362211)

Agreed. You can also run the machine in a non-persistence mode so that nothing is written to the disk at all while in use. Just periodically fire it up in a persistent state to apply important security updates etc for their safety. Unless they are savvy they won't even know they are running in a VM.

Locked up in a safe. (2, Funny)

Anonymous Coward | 1 year,15 days | (#43361971)

The guests, that is.

Locked down guest account? (0)

Anonymous Coward | 1 year,15 days | (#43361975)

Actually the live CD works best, who cares about the funny looks.

Re:Locked down guest account? (4, Interesting)

kilfarsnar (561956) | 1 year,15 days | (#43362037)

Seconded. I say locked down guest account, or live CD. The VM idea isn't bad either.

Re:Locked down guest account? (1)

Bert64 (520050) | 1 year,15 days | (#43362185)

And put it in its own separate guest network, which is logically isolated from your own stuff by a firewall, maybe run a print server too (people often want to print boarding passes)...
As for funny looks, a browser is a browser and i've never had any problems giving someone a linux livecd, it has both firefox and chrome and most people are perfectly familiar with these applications.

Dont be happy to oblige (0)

Anonymous Coward | 1 year,15 days | (#43361991)

ask them to check when they get to they own devices.

Emulators/Virtualization (1)

Anonymous Coward | 1 year,15 days | (#43361995)

You can set up a PC image with your favorite virtualization system, then run that full screen and have guests use it. They get an environment they're familiar with and you can have the emulator set up not to save any changes to the hard drive image it's running from, so when they leave you can reset it and get back to a known safe state.

How about virtual machines? (0)

Anonymous Coward | 1 year,15 days | (#43362001)

You might be able to use something like VirtualBox for example. Create a pristine image and use it as a template, creating a new machine for each guest (it doesn't take that long). Assuming your machine is powerful enough, it should be fast and in full screen mode, your guests would barely be able to tell the difference.

The only issue there is licensing of course, which means you will likely have to use Linux. I am not sure why users give you funny looks with Linux. Is it because things like Flash/Java plug-in/etc. are not installed? If so, you can install them in the template so that everything needed to check email/etc. is ready to go.

Virtual solution (0)

Anonymous Coward | 1 year,15 days | (#43362003)

Give users a copy of a virtual machine to play with; you can simply delete it afterwards.

NoScript (4, Interesting)

MetalliQaZ (539913) | 1 year,15 days | (#43362007)

It's a Firefox addon. Check it out. Also Adblock Plus. With those two installed and running, things get a lot safer. Of course, NoScript requires a bit of savvy to be able to browse the web correctly. You might have to help. Otherwise, tell them to bring their own darn laptop.

Re:NoScript (2)

hyades1 (1149581) | 1 year,15 days | (#43362165)

I use and LOVE both of those add-ons. Ghostery is also good, and it shows what's tracking you even if you choose not to block them.

Re:NoScript (0)

Anonymous Coward | 1 year,15 days | (#43362273)

ABP has a malware filter subscription that's NOT listed on the default "add on" "add a subscription" selection.

You can find it at the ABP site under "known filters".

Re:NoScript (4, Insightful)

acariquara (753971) | 1 year,15 days | (#43362309)

Except that NoScript does not protect anyone from downloading "hi_I_saw_you_wanna_fuck.jpg.scr.pif.exe.bat.com"

Seriously? (4, Funny)

morcego (260031) | 1 year,15 days | (#43362009)

The moment your computer becomes public (however limited that "public" is), it is a goner. It is like asking how to secure your computer after it was compromised.

I don't even let my visitor plug into the same network my main computers are, and have both a separated WiFi network and a separated ethernet segment for them (1 port only in the guest room), that I treat as a DMZ. Ok, I'm paranoid, but still.

Maybe use removable HDs, and keep one for your own use, and swap it for an entirely different one (which you can restore from a Ghost image or something) for your guests. As in PHYSICALLY disconnecting your HDs when they are going to use.

Otherwise, it is like using band-aids to stop a leaking dam.

Linux (0)

Anonymous Coward | 1 year,15 days | (#43362011)

Linux distro, normal user accounts without super user privaleges. Letting anyone use your unprotected Windows system is a mistake.

Virtual Machine (5, Insightful)

Anonymous Coward | 1 year,15 days | (#43362019)

Something like VirtualBox or VMWare that supports snapshots. Install an OS into the virtual machine and set some firewall rules to keep it from accessing anything else on your network. When they ask to use your computer, launch the virtual machine and set it to full screen. They won't know the difference. When they're done, revert to snapshot.

Easy - Virtualize (1)

Anonymous Coward | 1 year,15 days | (#43362023)

Install a freeware (or not if you prefer) virtualization application, create a non-persistent snapshot, and when the guest needs it, boot it an make full screen.

When they leave, revert to the pristine state, and store until needed again.

Seems fairly easy, and ensures you lose any crud they pick up in their IntarWebz(tm) travels.

Re-install the OS (0)

Anonymous Coward | 1 year,15 days | (#43362025)

Just re-install the OS after each guest. Problem solved.

Chromebook? (5, Interesting)

Anonymous Coward | 1 year,15 days | (#43362033)

Sound like a good use for a Chromebook.

virtual machine (1)

Anonymous Coward | 1 year,15 days | (#43362035)

Set up a new virtual machine (KVM say) when the guest comes, so it's like they're using a brand new installation (Windoze if you must). When they're done, wipe the container, and set up another one next time you need it. Or even keep a spare hard drive around for a non-virtualized PC. Reformat it completely and install OS on it for each visit.

image (0)

Anonymous Coward | 1 year,15 days | (#43362045)

Setup a clean environment and then image it with something like Symantec Ghost or Acronis Trueimage Home. I vote for acronis, because its easy to use and will let you save the image to a local network share. Easy.

VirtualBox (2, Insightful)

whtmarker (1060730) | 1 year,15 days | (#43362047)

Setup a windows XP virtual machine. Save a snapshot, or a VDI/VMDK file of a clean hard drive image. When they come, boot up the virtual machine in full screen. When they leave, restore the clean snapshot or clean hard drive image.

Re:VirtualBox (0)

Anonymous Coward | 1 year,15 days | (#43362245)

I do this for ISP techs, too. Bridge the ethernet adapter, install Windows of some variety in a virtual machine. (Don't even bother activating or updating it, it's going away as soon as they leave.) Most of them don't give a crap that they're installing in a virtual machine if they even notice at all. Just stand around and shoo them away when the host OS's interface pops up briefly during the reboot process.

Use a fullscreen VM & snapshots (0)

Anonymous Coward | 1 year,15 days | (#43362049)

I'd recommend to just use a virtual machine. I don't think the OS even matters that much in that case. If you put it in full-screen, then they probably won't even notec. And you can have a snapshot to revert to when they're done, and the next person gets a clean slate.

Know what I'd do. . . (5, Funny)

Anonymous Coward | 1 year,15 days | (#43362055)

Get smarter guests

Just sandbox them (1)

Zarhan (415465) | 1 year,15 days | (#43362057)

Just create an ad-hoc guest account with limited rights. That way they can't really screw up things. Once the guest has left the premises, remove the account. You don't even have to log out yourself if someone just needs the access for five minutes, just switch users.

A step further: Build a virtual machine with a e.g. your basic Linux distro or Windows XP, create a snapshot of it in it's "fresh" state, and set it up to talk only directly to the Internet without any access to your local network. You can achieve this with Virtualbox at least. Let your guest access the virtual machine. When the guest leaves, just revert it to the snapshot state.

Re:Just sandbox them (1)

The MAZZTer (911996) | 1 year,15 days | (#43362153)

The guest account is the way to go. Anything that infects the PC is unlikely to make it past the guest account as long as you keep your Windows Updates up-to-date. I would also recommend going the extra step and setting ACLs to deny usage of Internet Explorer. Install Firefox and/or Chrome.

Malware? (0)

Anonymous Coward | 1 year,15 days | (#43362059)

If you're worried about malware, your OS isn't set up correctly. Stop running as admin/root.

A VM should do the trick (1)

Anonymous Coward | 1 year,15 days | (#43362061)

It's trivial nowadays to get an OS running on a VM. You can easily backup the virtual drive as well, so that restoring it to its clean state is equally as easy.

Use two routers. (1)

140Mandak262Jamuna (970587) | 1 year,15 days | (#43362071)

Use two routers. The turn wi-fi on both. Give the password to the outer router to your guests and ask them to BYOC, bring your own computers. Use the second router, the inner one, to run your home network. Close all the ports and be very secure on the second router. Tell your guests your PC has a virus and so you don't want others connecting to it or using it till you get some help to disinfect it.

virtualization (0)

Anonymous Coward | 1 year,15 days | (#43362073)

Virtual machine with a backup harddrive image invade it itself gets messed up.

I have to do this with my family myself, but its worth the time to setup.

Hey, I'm lazy too! (0)

Anonymous Coward | 1 year,15 days | (#43362085)

I too have a list of problems I'm to lazy to google! Mind if I submit those to Slashdot?

Re:Hey, I'm lazy too! (4, Informative)

gagol (583737) | 1 year,15 days | (#43362323)

Solutions evolve with time, in order for Google to index relevant pages, we have to create content. That is happening as we speak!

Boot to the guest account (5, Informative)

AlphaBit (1244464) | 1 year,15 days | (#43362097)

The media PC in my living room boots directly into the Guest account. Under the guest account I can USE almost all the programs I have installed seamlessly. There are some minor issues with software updates, XBOX controllers, and a complete inability to configure network settings, but that's about it. If I need to do anything that requires more rights I can deal with the UAC prompts that show up or simply log out and back in as an admin.

I know it's not flawless but I still feel pretty comfortable letting my tech savvy (e.g. dangerous) friends stay over unattended. It wouldn't hold up to anyone seriously determined to break the security but they have access to the physical machine and can't really be stopped anyway.

Just say no (4, Interesting)

Bill_the_Engineer (772575) | 1 year,15 days | (#43362105)

Most of the new WiFi routers offer guest networks. Set one up and tell them to bring their own device. With the number of people with smartphones, I don't really see a legitimate need to set up guest computers.

Re:Just say no (0)

Anonymous Coward | 1 year,15 days | (#43362299)

Keeping the unfriendly computer geek stereotype alive?

vmware (0)

Anonymous Coward | 1 year,15 days | (#43362115)

I have previously had a virtual machine running on my desktop with Vmware Workstation or something equivalent, which is running full screen. The user doesn't usually know it's not a native installation, unless they press certain special keys to exit full screen. Then, you set the virtual hard disk to not write changes. Then, you have a fresh, clean computer every time a guest comes over, all with no recurring effort.

Enable Guest account (0)

Anonymous Coward | 1 year,15 days | (#43362129)

Why not just enable the Guest account?

Chromebook (0)

Anonymous Coward | 1 year,15 days | (#43362133)

Get a chromebook, let them use the 'Guest' account.

Obvious... (1)

Anonymous Coward | 1 year,15 days | (#43362139)

Have a multi-tier network, with multiple nested NAT/Firewall layers. (One NAT/Firewall/Router connects as a client to another.) Bonus points for DD-WRT with the SPI firewall enabled. The idea is, your guest talks to your broadband network, but not to your other computers who are all hiding behind a NAT/Firewall/Router. Thus, when the guest is compromised, it doesn't create a wormhole into your private network.

Second, get a cheap windows box (is there such a thing?). Get a Linux boot disk. I use an old Fedora install disk and boot into rescue mode. Get an external harddrive. Run ntfsclone. Make a mirror copy of the windows computer's disks. Restore back after the guest leaves. It's, like, trivial....

Alternative: Buy a chromebook. Tell them it's the latest fad. (It is!) Problem solved.

Faronics DeepFreeeze, Virtual Machine, Guest VLAN (0)

Anonymous Coward | 1 year,15 days | (#43362145)

Have guest computer with Faronics DeepFreeze or Virtual Machine that can be reloaded.
Or just have a guest computer that you re-image when they're done. Put it in a guest VLAN. or DMZ.

ipad compromised?? (0)

Anonymous Coward | 1 year,15 days | (#43362149)

What are you talking about an ipad being a computing system that has been compromised? Do you not know how iOS apps work?

"may have been compromised" (1)

SuperKendall (25149) | 1 year,15 days | (#43362151)

"it wasn't right to knowingly let others use a computing platform that may have been compromised."

Then why are you letting them use ANY computer? There is no platform where you can say 100% that it has not been compromised.

By far the iPad would be the least likely to be infected by anything, and require the least maintenance. I can't understand your rationale for not going this route at all.

Compromised? (0)

Anonymous Coward | 1 year,15 days | (#43362159)

All computer platforms have been or will be compromised. IT Security 101.

Sorry, No. (1)

primebase (9535) | 1 year,15 days | (#43362175)

Really? If their Web habits are ~that~ sketchy then you don't even want them using your Internet connection. Seriously! They could be downloading copyrighted material or even worse things that you don't want anywhere near your ISPs records.

Tell them no, and make them bring their own damn 3G/4G device hooked to an account that they own if they simply must access the net while they're hanging out.

Had the same problem (0)

Anonymous Coward | 1 year,15 days | (#43362189)

I've run into this very same problem.

Just set up a guest account with no password. When ever anyone comes over to visit they have an account for them to use.
Since it a "guest" account no funny looks.

Fon Hotspot (1)

samjam (256347) | 1 year,15 days | (#43362199)

I have a cheap fon router which provides two wireless networks. One for my family and one non-encrypted.

The non-encrypted network normally requires a logon, but some IP addresses can be excluded from that requirement. You might choose to exclude all requirements so that your guests get straight access.

You also get to rate-limit the connection too.

If you run a connection and leave it turned on you get free logon to other peoples fon hotspots too - and there are thousands in the UK.

http://corp.fon.com/how-it-works [fon.com]

Stop using Windows (1)

guruevi (827432) | 1 year,15 days | (#43362217)

Just use a Linux distro - problems solved. Create a guest account that automatically wipes every time you log out.


Anonymous Coward | 1 year,15 days | (#43362221)

- No disk writing outside the sandbox - set it to delete the sandbox data on close.

Use a good freshly updated hosts file, block known malware traffic by IP.

Malware sought out and downloaded specifically cannot be stopped.
Verify your guests aren't script kiddies first.

Tell them no (1)

spire3661 (1038968) | 1 year,15 days | (#43362225)

No one touches my computing equipment, period. If you MUST use my machine you are getting a Linux Live Cd. If you dont like, it, use someone else's resources.

Paging APK (0)

Anonymous Coward | 1 year,15 days | (#43362235)

malware? Just use a 2GB HOSTS file!

Obvious answer (2, Insightful)

jamesl (106902) | 1 year,15 days | (#43362239)

... many of these guests have high risk computing habits and have more than once infested one of our computers with malware ...

Change a few words ... many of these guests have high risk driving habits and have more than once driven one of our cars into a phone pole ... and the answer is obvious.

Not convinced? Try this one ...
... many of these guests have high risk sexual behavior habits and have more than once infected one or more of our girl/boy friends ...

Use Ubuntu guest account. (0)

Anonymous Coward | 1 year,15 days | (#43362243)

Don't use a boot cd, install that shit for personal use.
  If the weather / free game site / background of puppies / custom cursor software they wanted to run doesn't work, then you know you just stopped a virus.

Guests? (0)

Anonymous Coward | 1 year,15 days | (#43362251)

What kinds of "guests" give a funny look when you go out of your way to give them access to your computer. Tell them to go to the library if they don't want to use your Linux boot cd (I assume you at least load the cd yourself for them and get them started)

Easy (1)

PPH (736903) | 1 year,15 days | (#43362269)

Anyone who stays at my house has to help slop the hogs and clean out the barn. You can play with the computer afterward.

Problem solved.

Guests (0)

Anonymous Coward | 1 year,15 days | (#43362271)

Using a Linux LiveCD is the best route, the system can be shutdown to clear out all the /home (usually ran off the ramdisk) infestations from Trojans and spyware. On an x86-based version, it supports Flash the best. And with most users having used Windows at some point, KDE or LXDE best translates as the frontends.

To protect your PC, it may be wise to scan the packages offered by the distribution you're looking at and make sure that it doesn't offer ntfs-3g or Linux-NTFS--though the latter has mostly been restricted to read-only.

Besides, the confused look is good; it means that they're not going to mess with your PC because they just don't understand it.

A seperate computer ? (0)

Anonymous Coward | 1 year,15 days | (#43362279)

A possible solution would be :

Use a seperate computer from which a drive-image is stored on a read-only medium, preferrably something like a DVD, together with a minimal OS and a restore program.

After the guest leaves (or whenever they made a big enough boo-boo to be noticed by themselves) simply re-image the harddisk (fully whiping whatever wrong has been done with it), preferrably done automatically by booting with the DVD in the drive.

Simple, when you think of it.

Linux PC running VirtualBox fullscreen (1)

steveha (103154) | 1 year,15 days | (#43362283)

With Windows inside the VirtualBox. Once the guests leave, revert the VirtualBox image.

With a little work, you can make a "guest" login that launches VirtualBox and can't do anything else.

On the other hand, it might be enough to make a "guest" account, and just run a script that cleans out /home/guest after the users leave:

# remove all trace of guest directory
rm -fr /home/guest
# set up clean copy again
cp -pr /whatever/guest /home

If you are using Linux Mint with MATE, your guests should be able to cope with the desktop. If you are using an "improved" desktop like GNOME Shell or Ubuntu Unity, stick with the VirtualBox running Windows.

Act just as though it was a user at the office (1)

adam525 (813427) | 1 year,15 days | (#43362285)

I would go even a step further than my subject line suggests and create a guest account and lock it down as much as you can. Turn off all the browser features as well.

A guest shouldn't be doing anything except for browsing the web and checking web based email. Turning the browsers security settings on "high" (which would generally mean disabling scripting, cookies, etc) will keep them from doing too much there.

Also, as I said above, let them use the guest account and lock it down tight. You didn't mention which version of Windows you are running, but if it's fairly new you could use the Local Security Policy MMC and prevent them from running applications.

This on top of your standard AV and the other precautions that I'm assuming you are talking about should do it.

Adjust priviledges? (1)

Kimomaru (2579489) | 1 year,15 days | (#43362317)

You may want to do some very light reading on priviledges for your platform of choice. Install your OS, create a guest account and set up the desktop with a browser and some apps that might be needed, then dial back the access so thatt he guest account can't install anything. That's all there is to it. If they complain, throw them out of the house.

Guests use their (own) phones now. (0)

Anonymous Coward | 1 year,15 days | (#43362325)

I can't remember the last time a guest asked to use one of our PCs...

For checking their email or showing us websites, everyone I know just pulls out their phone. They prefer it that way, even if we have a computer on the desk right there, because they are familiar with their own devices. And those without smartphones? They ask the person next to them to look it up on their phone.

As smartphones become more prevalent, the problem you are having seems to be rapidly disappearing!

Give the a Temporary Virtual Machine Guest OS (1)

MatthewEarley (2451600) | 1 year,15 days | (#43362327)

Use VMware Server - this is free 1. Install virtual machine - choice of OS is up to you 2. Backup the VM to a directory they are not going to use 3. Create a directory called virtual machine 4. Let them use the virtual machine 5. When they leave, delete the virtual machine (after taking notes on the type of pr0n they watch) 6. Next visitor arrives, copy the backed-up original, unused virtual machine 7. rinse 8. repeat

iPad (3, Informative)

tverbeek (457094) | 1 year,15 days | (#43362329)

"We've thought about buying an iPad for guests to use, but decided it wasn't right to knowingly let others use a computing platform that may have been compromised."

Seriously? What have you been reading that gives you bizarre notions like that? The iPad has a number of general shortcomings, most of which are related to its single-user OS and its closed architecture. And I'd hesitate to lend a guest my iPad, but only because – once unlocked for use – it's wide open for the user to poke around (e.g. read my mail, browser history, etc). But in terms of the OS being compromised, an iOS device that hasn't been deliberately jailbroken (by you) is about as safe an internet-access device as you're likely to find, short of custom building a Linux- or BSD-based system yourself.

Small Linux Partition (0)

Anonymous Coward | 1 year,15 days | (#43362331)

Most of them come with a guest log-on anyway. It doesn't need to take up more than 10GB of your harddrive and should be pretty safe.

privileges (3, Informative)

Dandano (584147) | 1 year,15 days | (#43362353)

Create an account that does not have the ability to change the operating system, a "user" account for your friends. It won't prevent all problems, but it does cut down on the ability of malware to corrupt you system outside that user's folder.

Underprivileged User (0)

Anonymous Coward | 1 year,15 days | (#43362355)

I enabled the guest account on my OS X machine specifically for this purpose and it works flawlessly.

I am not sure how easily you can set up a user which will "self-destruct on logout" on other platforms but you could minimally create a guest account which your root cron could destroy and rebuild during the nightly maintenance run (or whenever).

If a user with such restricted access can modify common areas of the system (beyond a "drop box" directory), then you have bigger problems.

Puppy Slacko 5.5 (3, Interesting)

b4upoo (166390) | 1 year,15 days | (#43362359)

Let them run Puppy and if they get confused lend them a hand. Usually most people seem to want to check email or some other trivial task. You do want to be certain that your email account does not allow auto sign in while you have company.

Cheap-o (2)

Sigma 7 (266129) | 1 year,15 days | (#43362365)

Get a cheap computer (i.e. used/refurb), and keep installation media on-hand.

You can optionally install Linux to make it more resistant to stuff.

And put the homepage to something [rshirley.com] that discourages them from visiting naughty sites.

Linux=HD access (0)

Anonymous Coward | 1 year,15 days | (#43362373)

Lot's of people suggesting you just make a dual boot Linux for them.

Just a word of caution: If you do this, you very well could be giving them access to your entire harddrive, instead of just accessing the user account they're logged on to.

Linux should stop most self-run viruses, but you're giving up a lot of security by giving them full HDD access. IOW you need to encrypt your main installs partitions before giving them Linux access

/.er & .. (0)

Anonymous Coward | 1 year,15 days | (#43362377)

..... you have "GUESTS"?!?!

A more specific case study (0)

Anonymous Coward | 1 year,15 days | (#43362383)

I stay in a university dorm and my friends often come over just for hanging out and killing time. My desktop is always on and I don't protect it with password. So if they find it free, they'll use it right away.

A particular friend has a hobby of collecting freeware. So he downloads tons of these stuffs from both reliable and unreliable sources. When he finds a very interesting piece, he won't wait until he gets to his own home, he'll just install it in my computer. In turn, I got a good collection of malwares. I do have antivirus installed, but some naughty wares still go through sometimes.

Sandboxie (0)

Anonymous Coward | 1 year,15 days | (#43362393)

The simplest solution would be to installed Sandboxie and then run the web browser using it.
After they're done, just delete the Sandboxie contents and you're all set.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account