Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie? 503
madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive.
So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.
madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"
Simple (Score:5, Informative)
Install Microsoft Security Essentials and forget about it.
My best windows admin tips come from *nix (Score:5, Informative)
First, don't give anyone admin privileges with their default account. You are just asking for trouble if you do.
Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.
Re:Simple (Score:4, Informative)
If you really want to increase your paranoia, you could install ZoneAlarm.
Re:Windows VM (Score:2, Informative)
The problem with this is that VMs do not have access to the graphics card... Meaning it will be CPU rendered and unplayable.
I also think OP is underestimating the requirements for a game like WoW... You so need a decent graphics card to play it... Which a T400 may be lacking.
MSE is good enough - but teach him to reinstall (Score:5, Informative)
You do want to do two other things. 1) Keep that install disc, and make sure the kid knows how to install Windows himself, plus install his games himself. I think WOW and probably LOL are both cloud-based saves so wiping the HDD is no issue. Reinstalling Windows is generally 1/4 the time and hassle of actually fixing a malware problem.
2) Let him know that he is only likely to get viruses doing things he shouldn't. Drive-by downloads on legit sites are rare. Drive-by-downloads on warez, gold sellers (for WOW), and porn are a lot more common. If he is going to do that stuff (you can't stop him) at least make sure he knows that those are dangerous sites. If his computer is acting funny after visiting one, and a reboot doesn't fix it, then wipe the install.
Relevant story from two weeks ago (Score:5, Informative)
What free antivirus do you install on windows [slashdot.org]
Install Windows Security Essentials and you'll be fine. Seriously, it's not like by putting Windows 7 on a computer your house is immediately going to be invaded by zombies dragging every virus or malware known to man. Install WSE (or one of the other recommendations from the above thread), run with standard (not admin) rights, and that's pretty much all you need to do.
Neil
No Idea (Score:0, Informative)
Why you'd consider Apple before MS is beyond me, especially coming from linux, Apple is the most anti-free.
Install MSE.
Give him a limited account (If you want, but you will always have do installations and system changes).
Run it though a router.
Keep Java, Flash, Acrobat, (any adobe), any Apple junk (Quick time), the OS, and any browsers up to date.
Install adblock plus because much malware is served through adds.
Know how to reset web settings in IE. Tools > Options > Advanced > Reset
Other than that it's coming sense, if he isn't a click happy clown he will be ok. Any OS can be infected given a careless user :)
I don't believe you. (Score:5, Informative)
WoW runs perfectly under Wine, even under a dirty prefix, and has for like 5 years, maybe longer. League of Legends you must clean Prefix, and install dx9, dotnet2.0, and vcrun2008. Then LoL will work. I know from experience that this shit works.
Lenovo T400 does not meet WoW's minimum requiremen (Score:4, Informative)
Other specs on the system are borderline bottom for barely meeting the requirements. Don't subject your kids to that. Get them a new computer with Windows 7 preinstalled. For virus protection, Microsoft Security Essentials does fine (free with Windows 7, though it is a separate download).
You may prefer Linux, and it may even work for you, and for you that is fine. But we live in a Windows world - you are doing your kids a serious disservice by not giving them Windows exposure now. They'll need that experience in 10 years when they are trying to get a job - any job - that isn't Linux development.
Re:Simple (Score:4, Informative)
Actually I've found MSE to be the least intrusive and most resource sparing of all the windows anti-virus. AVG works well but they nag living hell out of you to upgrade and so do most of the others. Of course I haven't tried any of the paid versions. MSE is free and easy and I figure they built windows so should know how to protect it....I'm sure there are API's that none of the other anti-malware authors know of that Microsoft engineers use.
Comment removed (Score:5, Informative)
Re:Simple (Score:5, Informative)
Actually I've found MSE to be the least intrusive and most resource sparing of all the windows anti-virus. AVG works well but they nag living hell out of you to upgrade and so do most of the others. Of course I haven't tried any of the paid versions. MSE is free and easy and I figure they built windows so should know how to protect it....I'm sure there are API's that none of the other anti-malware authors know of that Microsoft engineers use.
I agree. it's definitely been the lightest foot print so far for a basic antivirus. Symantec and McAfee are hogs. I ran AVG for a while until it started getting to be resource hungry and missed a common trojan on my wifes computer.
Contrary to what a 1998 level of experience with Window might infer, Windows has gotten a lot more secure. The best protection is good habits and using known safe software. To help avoid infections I would recommend using Chrome or Firefox, as there are still zero-days out there for IE. Avoid crap from Adobe if at all possible. Teach the kids not to install or run random programs from the internet (yea, I guess your safer there on Linux). Install Windows 7 with the UAC enabled and either run the kids with a non-admin account or teach them that the UAC prompt is important, same as you'd do under Linux.
I think you've done yourself and the kids a mild disservice by avoiding windows with such a passion. When they get into the real world, it won't be just WOW that they need to run. It'll be business apps like MS Office, LabView, or something else that's truly Windows-only and having Windows experience (even if they prefer Linux) will be invaluable.
Re:My best windows admin tips come from *nix (Score:4, Informative)
Real gamers disable swap all together on their gaming rigs i the first place - you don't want the disk slowing you down ever while playing and physical memory is cheap...
I agree dumping in more memory will enhance performance for memory hungry apps. That was especially true for XP and even more for Win7. Win 7 manages memory and swapping a whole lot better though. The reality is that you'll probably not notice any performance difference with or without a pagefile if you have enough memory to handle the normal memory commit charge, and you may cause problems with some games or apps that like to create a large memory commit even though they don't actually need it (SQL Server, Firefox, etc).
I would suggest keeping the pagefile, especially if it's on a fast SSD drive. That way the game can keep maps in memory, even if it's paged out to the fast SSD, instead of dumping and reloading from the slower spinning drive.
Re:Simple (Score:5, Informative)
Re:IT'S A TRAP !! (Score:5, Informative)
Submitter here:
Step 1: There is no windows to uninstall. There are literally no Windows installations in this house, (and actually never have been, as we built the house in 2004, but that is another story). The kid in question - my 12 year old son - does run Linux (Kubuntu 12.04) and uses e.g. Scratch from MIT for programming, libreoffice for school work, minecraft for, well, minecraft and so on, and so on. Oh, and he runs his own minecraft server.
But, no, I can't get WoW and LOL to work with/under Linux (neither can he). Starting point is some semi-old laptop (not the T400, which have just become available recently), running Kubuntu 12.04. Been through various permutations of Wine, Crossover and some "just install this, guaranteed to work, autoinstall Wow" permutation of crossover (I think, have forgotten the details). For all, it looks as "the right thing" happens, but eventually it turns out something or other does not work, e.g. the system is left for 24 hours to download the last 1% and it just does not happen. I think the last approach we tried, we ended up installing a US version (?) and beeing in Europe, this apparently (eventually) failed to start. Or something. I have lost count of the hours we have used. I simply can not make it work, and I do not know any persons that can. I could possibly hire someone to do it, but I have no idea if it ends there. What if all his friends plays "FunkyNewGame" next year, that only runs under Windws? What then? Make no mistake: I consider Windows in this context simply a console, much like the PS3 - but a console that needs a lot more handhelding than the PS3 (And, I understand that WoW does not run on the Xbox).
Now, beside that I personally have other things to use my time on, all this fidling is also a very frustrating experience for my kid. I do not expect you to understand this, especially not, if you have no kids, but he gets his hopes up high, and sort of thinks his dad is "the shit" for finally making this work, and then, after 4-5 hours of reading, installing, downloading, and whatnot, it just does not work. And, another day/week/month has gone by with him still not beeing able to play WoW/LOL with his friends. So, as I stated, I am going to bite the bullet and get Windows. For this particular purpose. (Oh, and possibly to reprogram the properitary house control system of this house, which was the only legal option to install, according to Danish Law, when the house was built - but again, that is another story).
You may argue that my linux skills are inadequeate because of this - you may be perfectly right. The sad truth is then, that my Windows skills are even worse.
Windows for Linux users, advice (Score:5, Informative)
I maintain a machine much like the one to be used by your son. You are right to give up on trying to get these games working in Wine. Even if you succeed, the next patch might break it. It creates an unreasonable amount of recurring effort, which you can avoid entirely for the cost of an OEM Windows licence, which is really, really cheap in comparison. Sure, this is not what Stallman would say, but then he does not support PCs for a family.
Here are some suggestions:
1. Windows 7 on a new laptop.
2. Install Microsoft Security Essentials. It's free (beer). Don't bother with Norton.
3. Create a regular user account for your son. Ensure the account is not able to modify system files without asking for the admin password. This prevents most of the nasty things malware tries to do. WIndows security is actually really good these days.
4. Order a Blizzard authenticator to go with WoW. This excludes more nasty things that malware might do... just in case!
5. Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.
6. When working with Windows, use the same patience you have to use when working with an unfamiliar Linux distribution. Don't expect everything to be straightforward or logical, and be pleasantly surprised when it is. The only extra thing you need to beware of, but Linux users do not, is that there are scam sites which offer to "help" you with common problems, e.g. device driver issues, and serve up malware instead of help. Good practice is to research Windows problems on a Linux machine.
Wow has a Platinum rating on Wine (Score:4, Informative)
What do you mean you "couldn't get wow to run on wine"?
WOW has a platinum rating on wine's appdb [winehq.org].
For those of you who don't know, platinum means that absolutely no tweaking is required at all.
If they want to game on wine though, make sure you get an nvidia card. It's the only way to go. Sure ATI/Intel are more open, bla bla, but if gaming's what you want, then it's your only choice.
Re:value of your time (Score:5, Informative)
Ok. But the basic security steps should be:
1. Use windows 7 64 bit, it is more secure
2. install Windows and create a user you will use for the "root" work. Call ist root, if you like, or boss orbwhatever. Do NOT set a password yet! Search for updates using windows updates. Do not hesitate to install all optional updates. MSIE will end on the machine anyway, so it's best to have the least insecure installed. The optional drivers are propably crap, but they're better then the generic drivers that came with Windows. Install updates. Reboot, install updates. Reboot, install updates. This is the most annoying part, but eventually, Windows update, when asked to search for more updates, will report it has none in store for you. Phew.
3. If it didn't install already, install MSE.
4. in order to work correctly in games, you will now need to install the latest drivers for the video card and for the soundcard. Do not rely on the optional windows drivers for these two components, replace the ones you got in step 3. These are the important drivers that get glitchy in games. First place to look is NOT the producer of the laptop, but the producer of the chips that are used in the laptop for sound and graphics. Google for it. Only if step 4 breaks it, try the producer of the laptop for drivers. Only if the producer of the laptop has no drivers and the drivers from the producers of the chips break the installation, repeat step 1-3 and omit step 4.
5. install the desired games and software
6. Install chrome or Firefox. Chrome might be a bit more secure. Install a PDF reader.
7. Install PSI from secunia in order to keep the update-hell in check. Run it once to check if everything is up to date.
8. Now set up the account of your son as a normal user, give him a password. Now give the root account a password, as you will soon expose the laptop to your son the real world, not just a few sites.
9. Backup and setup a backup-routine.
Give your son the computer and the password for root. Explain to him that it is his responsibility to doublecheck if a program is OK to run with Admin-privileges. From time to time, make him login as root/admin and check if any bad written programs ask for updates and check if PSI complaints about old programs and keep them up to date.
Most importantly: the best antimalware is a brain. Inform him, that he must double-check (with google, for example) that a source of downloadsoftware is reliable if he downloads software from the internet. If something sounds too good to be true, it propably is.