Bulletproof browser area?

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
I have some users that insist on browsing unsafe sites. They know the problems, and are looking for a way to do what they want without getting hurt.

My backup plan is running a VM with Firefox, but are there better tools out there? Are they effective? Sandboxie? What is the least-intrusive solution?
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
What kind of place is that? Why have they not been fired yet?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
This is someone's home computer. They have teenagers that do the myspace / facebook thing. As unfortunate a situation as it is, a presence on those sites is more important than having a phone number for that age group, and denying them access really would be a "punishment". These places are also infection point #1 out of all my users.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Completely serious answer: Put them on Linux, or tell them to browse from a game system like a Wii.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Windows as a platform is the wrong starting point, and if you give them Windows and tell them to start a VM for browsing eventually they''l browse without the VM.

Anyway, what's wrong with browsing on Linux?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
Nothing. It just means that they move all their other activities to another computer. It's already what I've told them, I was just looking for easier choices.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
You might look into Windows 7 XP mode as the least in-obtrusive sandbox. I haven't played with it, but as I understand it, you get to run the XP apps (within the VM) from within Windows 7 using just a regular shortcut.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
You might look into Windows 7 XP mode as the least in-obtrusive sandbox. I haven't played with it, but as I understand it, you get to run the XP apps (within the VM) from within Windows 7 using just a regular shortcut.

I actually think that that is too integrated. I'd bet that a virus could infect 7 though the VM.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
I think Linux is the best idea here. What do they need to dual boot into Windows for?
 
Last edited by a moderator:

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
Nothing. It just means that they move all their other activities to another computer. It's already what I've told them, I was just looking for easier choices.

Done vetting yet?

!lookin v. hard>RU dd?...rose colored glasses?

I fergot, U don't watch TV :p

http://www.youtube.com/watch?v=M3Z386vXrt4

^can quad boot if ya like :D



I think Linux is the best idea here. What do they need to dual boot into Windows for?

^U think *wrong* :p ...Get a Mac™ :rr:


http://computershopper.com/desktops/reviews/apple-imac-27-inch

Notable additions with this update are the stylish new multi-touch Magic Mouse and a slim, wireless keyboard; both come bundled with the iMac. And the new edgeless, LED-backlit screen with 2,560x1,440-pixel native resolution is simply jaw-dropping for viewing high-definition video. Simply put: We've seen a ton of them, and no other current all-in-one offers a screen that looks this good. In fact, to get a similar resolution on any desktop-computer display, you’d have to step up to a 30-inch monitor, which would set you back $1,000 or more for the display alone

^IPS LED, probably not the best for fast video gaming.

http://www.pcworld.com/article/174147/apples_new_27inch_imac_the_mac_to_have.html

The 27-inch iMac has all of the horsepower that I will need for the foreseeable future. The high-end Quad Core i7 Intel configuration with 16GB of RAM and ATI Radeon HD 4850 graphics processor on that gorgeous 27-inch screen is as solid a computer as I can imagine. It also has most of the pixel screen area of a 30-inch display (2560x1440 for iMac vs. 2560x1600 for 30-inch SXGA) yet is smaller than a 30-inch display. Oh, and you get a freakishly fast computer in there as well. In fact, the base model 27-inch iMac is $100 less than an Apple 30-inch cinema display.

2 things that really suck, no BR drive *option* & the keyboard 'chiclet' keys blow most immensely, tactile feel of a gnat!
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
uda, I'm not sure if you've noticed, but there is a remarkable signal/noise ratio in other people's posts here. Have you noticed that yours are a serious outlier? I'm not saying there aren't tidbits of useful information in there; you've brought bits of knowledge on SSDs and cameras to the group, and I appreciate that. As a matter of fact, it's the only reason I don't have you on ignore.

But increasingly lately, your posts have taken a more aggressive, rambling, and less informed or structured tone. Often you ignore bits of information in previous posts that would go against the concepts you seem predisposed to. It's as if all the trolls at Slashdot infected you with whatever they have.

I know you like it here, or you wouldn't bother posting as much as you do. Just think about how much better a place it would be if you worked on making your posts more concise and helpful rather than flaming and ranting.

Just a thought.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Maybe someone actually has to use a PC for work, though that is less likely for kids? :D
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
Mainly QuickBooks, but VPN to work and PowerPoint would also be appreciated.

If they need the Cisco VPN client, they offer one for Linux. It only supports IA-32 though. Otherwise, there are other VPN clients available. I would be surprised if Ubuntu doesn't come with one out of the box. Fedora does.

For a Quicken replacement there's GnuCash. I just checked, it's available in the Fedora repository. Probably, going to be a tough sell though.

There's also Quicken Online, I've never used that though. You could setup VirtualBox or Xen with an XP VM. The problem with dual booting is if they are more comfortable in Windows, they will all just end up booting into Windows rather that Linux, and your problem continues.

OpenOffice.org Impess is the clear alternative to PowerPoint.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
At a minimum those users need an education. Failing that, tell them to buy another machine for their bad habits. Put the onus of action and the expense on their shoulders.

Personally, they're the kind of users who really piss me off. They have no understanding of risk. Financial software access & unsafe browsing absolutely positively do not mix.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Excuse my ignorance, but how to do get infected from facebook? myspace?

Advertisements and Page template kits (well, they have those on Myspace, anyway. I've never actually been on Facebook) that are laden with Javascript attacks or Flash/Acrobat plug-in exploits.

Seriously.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
I actually think that that is too integrated. I'd bet that a virus could infect 7 though the VM.

Yes.
From what I've read, there are in fact "blue pill" rootkits now that can infect all the systems being managed by a single hypervisor.

I don't think normal people are going to be running across that kind of thing any time soon, though.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
Personally, they're the kind of users who really piss me off. They have no understanding of risk. Financial software access & unsafe browsing absolutely positively do not mix.
but they keep lots of people employed. :rofl:
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
Mint currently doesn't allow for manual transactions which is a pain for some people. It's not a big deal to me, but I can understand why it's important.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
Sure, until there's a breach.
Breach of what? I meant that if everyone was internet savvy people like Merc wouldn't have much to do because they wouldn't manage to mess up their PCs. Stupid people are great economic stimulus that trickles down into tons of industries. :eek:
 

Will Rickards

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,012
Location
Here
Website
willrickards.net
I moved from mint to quicken because my bank wasn't supported. I sure hope they bring mint up to the quicken level of support for banks. I didn't really like the quicken interface. I tried to use it for tracking what to pay and my paychecks but it didn't work very well in matching up the transactions automatically. I went back to my spreadsheet for that.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
Breach of what? I meant that if everyone was internet savvy people like Merc wouldn't have much to do because they wouldn't manage to mess up their PCs. Stupid people are great economic stimulus that trickles down into tons of industries. :eek:
These folks aren't necessarily stupid; I haven't read anything to indicate that condition. However, they are being willfully negligent. Stupid would be not understanding that there are "dangerous" sites on the net. These folks understand that but want to hit those sites anyway.

On a PC that's hosting financial information.

They have no one but themselves to blame if/when the data on the machine is captured and bank accounts are drained or credit card info is sold to the highest bidder.

I don't think everyone needs the degree of IT knowledge that most of us on this forum posess. But there is an awareness issue here. "Average" users need to understand that surfing to dangerous sites can, in fact, be dangerous. There are plenty of free safe surfing widgets out there; the user can get by with one as long as they follow it's advice.

As an IT Security professional, I have plenty of work to keep me busy for the rest of my career without investigating or cleaning up after other people's messes.
 
Top