Bulletproof browser area?

[ddrueding]

I have some users that insist on browsing unsafe sites. They know the problems, and are looking for a way to do what they want without getting hurt.

My backup plan is running a VM with Firefox, but are there better tools out there? Are they effective? Sandboxie? What is the least-intrusive solution?

 

[LunarMist]

What kind of place is that? Why have they not been fired yet?

 

[ddrueding]

This is someone's home computer. They have teenagers that do the myspace / facebook thing. As unfortunate a situation as it is, a presence on those sites is more important than having a phone number for that age group, and denying them access really would be a "punishment". These places are also infection point #1 out of all my users.

 

[Mercutio]

Completely serious answer: Put them on Linux, or tell them to browse from a game system like a Wii.

 

[ddrueding]

So sandboxie and the like aren't up for it? I already told them I would be taking them to Linux as a worst-case.

 

[Mercutio]

Windows as a platform is the wrong starting point, and if you give them Windows and tell them to start a VM for browsing eventually they''l browse without the VM.

Anyway, what's wrong with browsing on Linux?

 

[ddrueding]

Nothing. It just means that they move all their other activities to another computer. It's already what I've told them, I was just looking for easier choices.

 

[blakerwry]

Excuse my ignorance, but how to do get infected from facebook? myspace?

 

[P5-133XL]

You might look into Windows 7 XP mode as the least in-obtrusive sandbox. I haven't played with it, but as I understand it, you get to run the XP apps (within the VM) from within Windows 7 using just a regular shortcut.

 

[ddrueding]

You might look into Windows 7 XP mode as the least in-obtrusive sandbox. I haven't played with it, but as I understand it, you get to run the XP apps (within the VM) from within Windows 7 using just a regular shortcut.

I actually think that that is too integrated. I'd bet that a virus could infect 7 though the VM.

 

[ddrueding]

At the moment I'm looking into a dual-boot XP/Ubuntu setup.

 

[timwhit]

I think Linux is the best idea here. What do they need to dual boot into Windows for?

 

[udaman]

Nothing. It just means that they move all their other activities to another computer. It's already what I've told them, I was just looking for easier choices.

Done vetting yet?

!lookin v. hard>RU dd?...rose colored glasses?

I fergot, U don't watch TV

http://www.youtube.com/watch?v=M3Z386vXrt4

^can quad boot if ya like

I think Linux is the best idea here. What do they need to dual boot into Windows for?

^U think *wrong* ...Get a Mac™ :rr:


http://computershopper.com/desktops/reviews/apple-imac-27-inch

Notable additions with this update are the stylish new multi-touch Magic Mouse and a slim, wireless keyboard; both come bundled with the iMac. And the new edgeless, LED-backlit screen with 2,560x1,440-pixel native resolution is simply jaw-dropping for viewing high-definition video. Simply put: We've seen a ton of them, and no other current all-in-one offers a screen that looks this good. In fact, to get a similar resolution on any desktop-computer display, you’d have to step up to a 30-inch monitor, which would set you back $1,000 or more for the display alone

^IPS LED, probably not the best for fast video gaming.

http://www.pcworld.com/article/174147/apples_new_27inch_imac_the_mac_to_have.html

The 27-inch iMac has all of the horsepower that I will need for the foreseeable future. The high-end Quad Core i7 Intel configuration with 16GB of RAM and ATI Radeon HD 4850 graphics processor on that gorgeous 27-inch screen is as solid a computer as I can imagine. It also has most of the pixel screen area of a 30-inch display (2560x1440 for iMac vs. 2560x1600 for 30-inch SXGA) yet is smaller than a 30-inch display. Oh, and you get a freakishly fast computer in there as well. In fact, the base model 27-inch iMac is $100 less than an Apple 30-inch cinema display.

2 things that really suck, no BR drive *option* & the keyboard 'chiclet' keys blow most immensely, tactile feel of a gnat!

 

[ddrueding]

uda, I'm not sure if you've noticed, but there is a remarkable signal/noise ratio in other people's posts here. Have you noticed that yours are a serious outlier? I'm not saying there aren't tidbits of useful information in there; you've brought bits of knowledge on SSDs and cameras to the group, and I appreciate that. As a matter of fact, it's the only reason I don't have you on ignore.

But increasingly lately, your posts have taken a more aggressive, rambling, and less informed or structured tone. Often you ignore bits of information in previous posts that would go against the concepts you seem predisposed to. It's as if all the trolls at Slashdot infected you with whatever they have.

I know you like it here, or you wouldn't bother posting as much as you do. Just think about how much better a place it would be if you worked on making your posts more concise and helpful rather than flaming and ranting.

Just a thought.

 

[ddrueding]

I think Linux is the best idea here. What do they need to dual boot into Windows for?

Mainly QuickBooks, but VPN to work and PowerPoint would also be appreciated.

 

[LunarMist]

Maybe someone actually has to use a PC for work, though that is less likely for kids?

 

[timwhit]

Mainly QuickBooks, but VPN to work and PowerPoint would also be appreciated.

If they need the Cisco VPN client, they offer one for Linux. It only supports IA-32 though. Otherwise, there are other VPN clients available. I would be surprised if Ubuntu doesn't come with one out of the box. Fedora does.

For a Quicken replacement there's GnuCash. I just checked, it's available in the Fedora repository. Probably, going to be a tough sell though.

There's also Quicken Online, I've never used that though. You could setup VirtualBox or Xen with an XP VM. The problem with dual booting is if they are more comfortable in Windows, they will all just end up booting into Windows rather that Linux, and your problem continues.

OpenOffice.org Impess is the clear alternative to PowerPoint.

 

[Fushigi]

Excuse my ignorance, but how to do get infected from facebook? myspace?

Facebook doesn't vet the FB apps for security. They can, and have been, subject to Cross Site Scripting attacks. My wife was hit by one a few months back. This guy has done tests for instance.

 

[Fushigi]

At a minimum those users need an education. Failing that, tell them to buy another machine for their bad habits. Put the onus of action and the expense on their shoulders.

Personally, they're the kind of users who really piss me off. They have no understanding of risk. Financial software access & unsafe browsing absolutely positively do not mix.

 

[Mercutio]

Excuse my ignorance, but how to do get infected from facebook? myspace?

Advertisements and Page template kits (well, they have those on Myspace, anyway. I've never actually been on Facebook) that are laden with Javascript attacks or Flash/Acrobat plug-in exploits.

Seriously.

 

[Mercutio]

I actually think that that is too integrated. I'd bet that a virus could infect 7 though the VM.

Yes.
From what I've read, there are in fact "blue pill" rootkits now that can infect all the systems being managed by a single hypervisor.

I don't think normal people are going to be running across that kind of thing any time soon, though.

 

[Stereodude]

Personally, they're the kind of users who really piss me off. They have no understanding of risk. Financial software access & unsafe browsing absolutely positively do not mix.

but they keep lots of people employed. :rofl:

 

[Fushigi]

but they keep lots of people employed. :rofl:

Sure, until there's a breach.

 

[Mercutio]

Sure, until there's a breach.

After a breach you get information security contractors, and you keep THEM employed.

 

[Howell]

Sure, until there's a breach.

As long as the company survives.

 

[Handruin]

There's also Quicken Online, I've never used that though.

Although not a huge deal to this discussion, I learned today that Quicken Online is shutting down next year.

 

[Mercutio]

They're just moving everything over to Mint.com, which is a better implementation of the same thing.

 

[Handruin]

Mint currently doesn't allow for manual transactions which is a pain for some people. It's not a big deal to me, but I can understand why it's important.

 

[Stereodude]

Sure, until there's a breach.

Breach of what? I meant that if everyone was internet savvy people like Merc wouldn't have much to do because they wouldn't manage to mess up their PCs. Stupid people are great economic stimulus that trickles down into tons of industries.

 

[Will Rickards]

I moved from mint to quicken because my bank wasn't supported. I sure hope they bring mint up to the quicken level of support for banks. I didn't really like the quicken interface. I tried to use it for tracking what to pay and my paychecks but it didn't work very well in matching up the transactions automatically. I went back to my spreadsheet for that.

 

[Fushigi]

Breach of what? I meant that if everyone was internet savvy people like Merc wouldn't have much to do because they wouldn't manage to mess up their PCs. Stupid people are great economic stimulus that trickles down into tons of industries.

These folks aren't necessarily stupid; I haven't read anything to indicate that condition. However, they are being willfully negligent. Stupid would be not understanding that there are "dangerous" sites on the net. These folks understand that but want to hit those sites anyway.

On a PC that's hosting financial information.

They have no one but themselves to blame if/when the data on the machine is captured and bank accounts are drained or credit card info is sold to the highest bidder.

I don't think everyone needs the degree of IT knowledge that most of us on this forum posess. But there is an awareness issue here. "Average" users need to understand that surfing to dangerous sites can, in fact, be dangerous. There are plenty of free safe surfing widgets out there; the user can get by with one as long as they follow it's advice.

As an IT Security professional, I have plenty of work to keep me busy for the rest of my career without investigating or cleaning up after other people's messes.