Forgot your password?
typodupeerror
Operating Systems Windows IT Games Linux

Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie? 503

Posted by timothy
from the not-under-my-roof dept.
madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.
madsdyd continues: "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost. However, I understand that I need to protect the Windows installation against viruses and malware and whatnot. The problem is, I have no clue how. One shop wants to sell me a subscription-based solution from Norton, but this cost will take a huge dip into my kid's monthly allowance — he is required to cover the costs of playing himself, so given that playing WoW is not exactly free, this is a non-trivial expense for him. On the other hand, he has plenty of time, so I guess he could use that time to learn something, and protect his system at the same time.

How do other Slashdotters provide Windows installations for their kids? What kind of protection is needed? Are there any open source/free protection systems that can be used? Should the security issues be ignored, and instead dump the Windows install to an external disk, and restore every two weeks? Is there a 'Windows for Linux users' guide somewhere? What should we do, given that we need to keep the cost low and preferably the steps simple enough for a 12-year-old kid to perform?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Securing a Windows Laptop, For the Windows Newbie?

Comments Filter:
  • Simple (Score:5, Informative)

    by Anonymous Coward on Saturday October 20, 2012 @11:29AM (#41714995)

    Install Microsoft Security Essentials and forget about it.

    • Re:Simple (Score:5, Insightful)

      by djl4570 (801529) on Saturday October 20, 2012 @11:42AM (#41715107) Journal
      I second Microsoft Security Essentials. Add Firefox with Noscript. Malware Bytes is highly recommended.
    • Re:Simple (Score:5, Funny)

      by DeathFromSomewhere (940915) on Saturday October 20, 2012 @12:24PM (#41715415)

      Recommendation for a Microsoft product.

      Not a snarky post about how he should install some obscure linux distro instead.

      (Score:5, Informative)

      WHO ARE YOU PEOPLE AND WHAT HAVE YOU DONE WITH MY SLASHDOT!?!

    • Re:Simple (Score:5, Insightful)

      by Gaygirlie (1657131) <gaygirlie.hotmail@com> on Saturday October 20, 2012 @12:46PM (#41715553) Homepage

      I use MSE, Firefox with Adblock Plus+Flashblock and disable Java in the browser as it's got more holes in it than Swiss cheese. These simple steps have kept me secure so far perfectly well. On the other hand OP's situation is a little as the kid may or may not end up falling for social engineering: how does one protect against that? I'd say actually teaching the kid what social engineering is and how to recognize it is better than relying on a software-solution for that, even though teaching that is a longer project.

    • Re:Simple (Score:5, Informative)

      by atlasdropperofworlds (888683) on Saturday October 20, 2012 @01:43PM (#41715871)
      Also, do not give the kids administrative user accounts. What people don't know is that Windows 7 is actually a very secure desktop OS. The easiest path into the windows machine is by far via the user. The ASLR implementation is quite good, so even any exploits (such as browser-based ones) fire only occasionally. Apparently windows 8 has improved ASLR, so you can expect the next Win7 service pack to get the same treatment. I have some whitehat contacts, and they all say the same thing: If you want a secure desktop OS, Win7 64bit is the one to get - it's apparently a very tough nut to crack. Couple it with MSE to help cut down on operator-installed worms and you're golden. OSX, on the other hand, is certainly not the best options for security. It remains the least secure desktop OS (though it is still decently secure).
    • I second that. Install Microsoft Security Essentials, it's free. Do not turn off automatic OS updates (they are on by default, so you just install the OS). Use Firefox. Done. Setting up Windows is really no-brainer. Just a single more thing: I turn off automatic reboot after updates [microsoft.com] (several ways to do it; I use gpedit). There is nothing more anoying as being forcibly rebooted in the middle of a game :). When this setting is turned off, there will be a periodic reminder to reboot when needed.

      If you do no
  • value of your time (Score:5, Insightful)

    by Moblaster (521614) on Saturday October 20, 2012 @11:29AM (#41715001)

    Run it through your regular NAT router setup and tell your kid not to download nasty stuff!

    And consider the educational value of having him get viruses. And the joy of reinstalling the OS.

    Maybe he will appreciate dad's wisdom to date ;)

    • by fermion (181285)
      I am going to second this. Stuff on the internet is like candy to kids. There is no imposed consequence that is going to stop them, and no technology to prevent it. The only real way to stop it is the authentic consequence of not having a computer. Back up the computer, store files online, and let the kid go. When the kid breaks the computer, have a rule that it will be fixed the next weekend. Don't want to have to go days without a computer, then don't break it. Software will not break the computer.
    • by mwvdlee (775178) on Saturday October 20, 2012 @11:52AM (#41715189) Homepage

      At 12 years old, he's about an age where he can learn about malware, virusses and backups yet young enough that data loss will be marginal.

      Ideally, set up a backup of any important files (homework, pictures, email) from Linux that the kid doesn't know about so atleast the damage can be repaired after he's learned his lesson. It should be easy to setup from whatever current backup solution you have running. If you have no current backup solution, you should worry about education yourself on security before you start educating your kid ;)

  • I know you asked about securing, but there is more than just security that is often overlooked in windows, that can be learned from the *nix world.

    First, don't give anyone admin privileges with their default account. You are just asking for trouble if you do.

    Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.
    • Real gamers disable swap all together on their gaming rigs i the first place - you don't want the disk slowing you down ever while playing and physical memory is cheap...
      • by fluffy99 (870997) on Saturday October 20, 2012 @01:11PM (#41715699)

        Real gamers disable swap all together on their gaming rigs i the first place - you don't want the disk slowing you down ever while playing and physical memory is cheap...

        I agree dumping in more memory will enhance performance for memory hungry apps. That was especially true for XP and even more for Win7. Win 7 manages memory and swapping a whole lot better though. The reality is that you'll probably not notice any performance difference with or without a pagefile if you have enough memory to handle the normal memory commit charge, and you may cause problems with some games or apps that like to create a large memory commit even though they don't actually need it (SQL Server, Firefox, etc).

        I would suggest keeping the pagefile, especially if it's on a fast SSD drive. That way the game can keep maps in memory, even if it's paged out to the fast SSD, instead of dumping and reloading from the slower spinning drive.

      • by Tenebrousedge (1226584) <tenebrousedge@gmai[ ]om ['l.c' in gap]> on Saturday October 20, 2012 @01:14PM (#41715715)

        By and large, real gamers are pretty clueless about software, know less about OSes, and nothing about security. What they know of hardware comes straight from benchmarking websites.

        Generally speaking, you get ugly results when you run out of RAM with no swap file. Windows of course has notoriously aggressive paging, and changing this behavior is not as simple as on other OSes. There are a couple of registry settings, however, that govern how large the filesystem cache is and whether drivers and core components can be swapped to disk. You can also lock the process in memory if you really must.

        Yes, you can more simply set the swap size to zero. Yes, many people don't have stability problems with this. Yes, you can use a wrench instead of a hammer if you have to.

        If your system is having issues with paging, don't disable paging: just buy more RAM.

    • the swap file should have its own partition

      Sure, if you already have an existing partition it's best to move the page file to it. But if resizing your existing partition to make room for a new one is a PITA, just purchase a new drive and page out to that volume instead. It will be an improvement in overall disk I/O. Also, it can double as a local D2D backup drive too. Though it does require time, money, and physical access to inside the box, a secondary drive is really the way to go.

      If your going to do it,

    • by benjymouse (756774) on Saturday October 20, 2012 @02:31PM (#41716189)

      Second, the swap file should have its own partition. In *nix this is pretty much dogma, and it well should be in windows as well. Everyone knows that windows loves to fragment the hell out of its own file system, and the windows swap (paging) file is no exception. If you put it on its own partition you will make defragmentation a lot easier later when you have to do it.

      Stupid advice, based on an old Unix/Linux myth.

      Consider this: What is the paging file actually for? Yes, for swapping out "dirty memory" when the memory pages are needed for something else. The paging file is *not* used like a large video file. It is being accessed *randomly* (non-sequential) *most* of the time.

      What if the primary concern with fragmentation? Answer: Excessive head movements.

      And you advice users to place the paging file on another partition, all but *guaranteeing* excessive head movement on *each* access to the paging file? The original recommendation to place the swap file in its own partition was that Linux (and most Unix'es) fails pretty horribly under low-disk space conditions. I.e. the recommendation was for space management - not for controlling fragmentation.

      Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.

      The *only* files that really benefit from *not* being fragmented are large files that are access in sequential fashion or which account for a very large share of all disc accesses (such a large video file or a database file in a single-instance database server).

      If you are concerned that the paging file may grow and shrink and thus cause fragmentation of *other* files, then simply reserve a minimum size for the paging file. If you keep it on the same disc as the OS, then you should definitively keep it in the same partition as the rest of the OS. Now, if you could move it to another physical disc - that would offer a performance improvement - as long as you reserve that disc for paging.

      But suggesting to move the paging file into a location where you are guaranteed to *increase* head movements - that is nonsensical. Unfortunately that is a very hard myth to bust.

      • Fragmentation of the paging/swap file is a non issue. The OS rarely need to read more than a few blocks sequentially. Actually, one could argue that the best place for the paging file in a memory-constrained system (where swapping happens a lot) is at ½ disc width - or centered in the partition. If that happens to be interleaved with other files which are also access in a random-access pattern - so be it. It is still more optimal.

        Perhaps I was unclear. The fragmentation of the paging/swap file is not the big issue here per se, rather it is the effect on the rest of the storage volume of having a fragmented swap file. When windows makes the paging file look like buckshot scattered around the hard drive, it naturally ends up scattering the files themselves all over the hard drive. Pretty soon you have a hard drive full of fragmented files, and since the paging file is often rewritten entirely each time the system boots, you end up

  • Let him deal with it (Score:5, Interesting)

    by e065c8515d206cb0e190 (1785896) on Saturday October 20, 2012 @11:35AM (#41715051)
    How did you learn? By making mistakes. Let him run his Windows 7. With admin rights. If he gets viruses, trojans, adware, malware, so be it. If he needs to reinstall every 3 months as you probably did when you had Win 95, so be it. That's how he'll learn.
    • by malakai (136531)

      This this this.

      Kids need to try, fail, and learn. Your trying to put him on a bicycle in full body armor and rig some sort of support system that holds him up if the bike falls over.
      Let him scrape his knee once.

      I've seen first hands how fast kids learn when the reward is their favorite game working and or working faster. Minecraft alone has been responsible for an entire new generation of hackers who w/o it never would have figured out (or needed to) how to unpack a jar file, make a change, and repack it.

      If

  • Good luck (Score:5, Insightful)

    by Shavano (2541114) on Saturday October 20, 2012 @11:35AM (#41715057)

    Your kid might not be satisfied with the way WoW works on an old T400 laptop. Check the graphics specs vs. the game recommendations. And for security, I'd just use Microsoft Security Essentials. It's free, probably works as well as any of the subscription-based anti-virus products and how much do you really care if your kid's game platform gets a virus?

  • Windows VM (Score:4, Interesting)

    by Nerdfest (867930) on Saturday October 20, 2012 @11:35AM (#41715061)

    If your machines have the power for it. you may be able to get away with running Windows in a VM. Install everything, get it set up properly, then snapshot it and restore to that point at the end of every gaming session. It's one fairly sure way of keeping Windows safe.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The problem with this is that VMs do not have access to the graphics card... Meaning it will be CPU rendered and unplayable.

      I also think OP is underestimating the requirements for a game like WoW... You so need a decent graphics card to play it... Which a T400 may be lacking.

    • So his kid has to reinstall each and every addon to the games he uses every time he wants to play? And he loses all of his profile data (WoW does save some locally)? And now he has to also know how to safely update the image with the weekly WoW updates and patches?

      I think that kind of misses the point of a gaming machine. It's supposed to operate as an appliance: boot, play the games, shut down, done.

    • You don't want to do this for a gaming setup, it will impact performance...if all this computer is going to be used for is gaming, don't worry about security beyond Microsoft Security Essentials. Just remember, if something seems fishy, wipe and reinstall, it doesn't take that long...
  • You can use AV, be careful (i.e. stay the hell away from insecure trash like IE or Outlook), but that is it. Windows, when connected to a network, cannot be secured by itself against targeted attacks, unlike any Unix or Linux. In professional environments, restrictive firewall settings also help, but that requires firewalls not running on the host. Security-wise Windows is a lost cause.

  • A few things (Score:2, Interesting)

    by Anonymous Coward

    1) Install a free antivirus program like Microsoft Security Essential or AVG. Most free antivirus programs are close enough to paid software as long as you pick the better ones.

    2) Run the computers network through a filtering program or DNS server like OpenDNS with the filtering option enabled.

    3) Limit user account for kid. Install the software he needs for him. This would be a major improvement in security with limited hassles as it's usually the user that is the cause of many security issue.

    Bonus) Occasio

    • Re:A few things (Score:4, Interesting)

      by magic maverick (2615475) on Saturday October 20, 2012 @11:45AM (#41715129) Homepage Journal

      I like 1 and 3, but have another suggestion instead of 2. Install a firewall between the computer and the Internet, and block all inbound and outbound connections except on the ports used by the games required. No web browsing, no email, no chat (except in game) on the MS Windows machine at all.

      Disclaimer, I've been using GNU/Linux myself almost exclusively since 2003 or something, and so my knowledge of MS Windows is also dated. But, if the worms can't access the machine they can't hurt it. If the child can't access the web, they can't have some ad network serve drive-by-download malware. Etc.

      I also like the idea of letting the child learn about computer security themselves and do it all themselves. But that may cause more heartbreak in the end than my suggestion.

      • by cbhacking (979169)

        Starting with Windows Vista (and therefore also in Win7), there's a built-in two-way firewall with fine-grained rules. No need for third-party software; if you want to block web browsing on the PC you can just block outgoing connections to TCP 80 and 443 (for example).

  • by vinn (4370) on Saturday October 20, 2012 @11:42AM (#41715109) Homepage Journal

    Two comments -

    1. If you're going to use Wine, go purchase Codeweaver's Crossover version. It's much better than the standard Wine. Plus, you can get a warm fuzzy feeling you're paying to support open source. PlayOnLinux is an option too.

    2. However, do expose your children to Windows. It's what they're going to learn in school and possibly what they'll need in the workplace. (Oh, I'm sure some people would like to point out why I'm wrong, people have been predicting the demise of Windows for decades. It's still the de facto standard.)

    Finally, just go download something like MIcrosoft Security Essentials or Avast for your antivirus. They're free and work.

    • No mod points here. I played WoW for 3 years on Linux using Crossover Games. Codeweavers has merged all of their Wine forks into one product so it's even more worthwhile to buy it now. There have been a few issues (such as memory problems on 64-bit Linux hosts), but overall it works pretty well. I had no trouble doing end-game raids (Vent works fine too).
  • by 140Mandak262Jamuna (970587) on Saturday October 20, 2012 @11:48AM (#41715151) Journal
    Dont protect the machine. Let him taste windows the way Microsoft serves it. What does not kill him will make him stronger. Either he learns to protect the machine on his own and stays in Windows camp. Or learns that the few things in the Windows world is not worth the pain and suffering comes home to a real OS. At best you throw him a nickel and ask him to buy a real OS. [Growing a beard before throwing that nickel is optional.]
  • by gQuigs (913879) on Saturday October 20, 2012 @11:49AM (#41715167) Homepage

    and it runs on Linux natively. http://www.heroesofnewerth.com/ [heroesofnewerth.com]

    Obviously if his friends are already playing LoL it might be difficult to switch.

    • by malakai (136531)

      If his friends play LOL and he plays HON he'll take shit for it. Honestly, I think HON and DOTA2 are far better games than LOL, but there's peer pressure here, and no one likes playing a game alone, if a few of their friends are playing some other game.

  • What about when the WoW/LoL servers themselves get pwned?

    It's actually not a bad idea to run Windows in a VM that boots from a clean snapshot every time.

    It would be an even better idea if the machine in question was ONLY used for the games in question, but all it takes is one "Let me look that up on Google/Start IE" or "Gotta check my FaceBook" to start the can opener.

  • by stillnotelf (1476907) on Saturday October 20, 2012 @11:52AM (#41715187)
    Microsoft Security Essentials is the only thing I have running on most of the Windows computers I administer (note: they're XP, not 7). I've never had any problems. Install that and don't worry too much about it. Install noscript on Firefox and tell him not to use IE; that will avoid most of the remaining problems. Let all software autoupdate as much as it wants.

    You do want to do two other things. 1) Keep that install disc, and make sure the kid knows how to install Windows himself, plus install his games himself. I think WOW and probably LOL are both cloud-based saves so wiping the HDD is no issue. Reinstalling Windows is generally 1/4 the time and hassle of actually fixing a malware problem.

    2) Let him know that he is only likely to get viruses doing things he shouldn't. Drive-by downloads on legit sites are rare. Drive-by-downloads on warez, gold sellers (for WOW), and porn are a lot more common. If he is going to do that stuff (you can't stop him) at least make sure he knows that those are dangerous sites. If his computer is acting funny after visiting one, and a reboot doesn't fix it, then wipe the install.

  • by neile (139369) on Saturday October 20, 2012 @11:52AM (#41715191)

    What free antivirus do you install on windows [slashdot.org]

    Install Windows Security Essentials and you'll be fine. Seriously, it's not like by putting Windows 7 on a computer your house is immediately going to be invaded by zombies dragging every virus or malware known to man. Install WSE (or one of the other recommendations from the above thread), run with standard (not admin) rights, and that's pretty much all you need to do.

    Neil

  • Don't use IE, and whichever browser to do use, install Flashblock.

    Also, get an installer from ninite.com for Flash, Reader, and Java. Set it to run every day.

  • by erp_consultant (2614861) on Saturday October 20, 2012 @11:53AM (#41715195)

    1) Install Microsoft Security Essentials. It's free and works as well as any paid Anti-Virus that I've used.
    2) Educate your kids on the types of website to avoid. Sites like Limewire (where kids get free MP3's from) are full of viruses and spyware.
    3) Set them up with a non-Admin account. That way if something bad happens the damage is minimized.
    4) Install some add ons for the browser. No Script is a good one. It blocks Java Script and the bad guys love to use that to wreck havoc.
    5) Consider creating a separate partition for the OS. If something goes wrong it's nice to have the OS separate from your own files.
    6) Consider something like Norton Ghost (there are free alternatives as well) that can create a full image of your HD. Take snapshots before doing major system updates. If something goes wrong you can just restore the image and everything is as it was.
    7) Running Windows as a VM on top of Linux is a good idea. If something goes south you can simply copy the pristine image back over the corrupted one.
    8) Stay on top of the System Updates. Microsoft has "patch Tuesday" where they typically release system patches. Some of them are important and fix known vulnerabilities.

  • Why not make the kid do it? That way instead of learning that there will always be people out there to do things for him, he will learn to rely on himself(and google of course).
  • Getting Windows 7 from a shop is surprisingly expensive

    He didn't even look. NewEgg is selling it for $99 [newegg.ca]. A 30 day WoW subscription is listed on the Blizzard store for $15 [blizzard.com]. So your OS costs less than 7 months of playing just one of the games you listed - tell me again what's expensive?

    • by Holi (250190)

      A thirty day subscription is $15 + a one time fee of $50 for the license and on average another $50 for the expansion packs. (granted most are now included in the original license but I don't believe the latest one is.)

      Ack I think I have done more to prove your point.

    • by madsdyd (228464)

      The cheapest price I have been able to find here in Denmark is kr. 1399,- which is $244,-. I was surprised by this.

  • Install everything (Windows, Microsoft Security Essentials, the game(s), whatever else is needed) clean, update it all, then back an image and keep it handy.

    Reinstall the image every month or three.

  • by Raxxon (6291) on Saturday October 20, 2012 @12:11PM (#41715313)

    You want to keep the laptop secure. You want a 12 year old to use it. You want it to run Windows.

    There is no solution. There will always be security risks and in some cases a negative time-frame to deal with them. Doesn't matter how good your AV is or what utilities you put on there, if it's connected to the Internet and there's a user at the keyboard then it is inherently insecure.

    Now, how "secure" do you need it to be? If you're ok with putting that laptop on a separate subnet from everything else and teach the kiddo to do a proper update check every couple of days you should be able to mitigate most of the 'risk'.... but that seems a bit much to ask.

  • I made a security guide for hardening Windows against threats, it's at http://bulletproof-windows.blogspot.com/ [blogspot.com] - it may be useful, it's not professional by any means but I think the advice there can help a Windows security newbie.
  • I don't believe you. (Score:5, Informative)

    by Zombie Ryushu (803103) on Saturday October 20, 2012 @12:14PM (#41715337)

    WoW runs perfectly under Wine, even under a dirty prefix, and has for like 5 years, maybe longer. League of Legends you must clean Prefix, and install dx9, dotnet2.0, and vcrun2008. Then LoL will work. I know from experience that this shit works.

  • by future assassin (639396) on Saturday October 20, 2012 @12:15PM (#41715345) Homepage

    and went all Linux in house. Told the kid to suck it up for any games that were not available on console. 5 years later I get a couple of complaints here and there but sure as hell beats reinstalling windows every 6 months. You can tell the kids to not download all you want but they're kids so it takes a few times to learn not to download files from all over the places.

  • Before you give in, I highly highly suggest you try virtualizing windows on a working (ideally multi-core) Linux box with Oracle's VirtualBox [virtualbox.org].

    It's completely free, frequently updated, allows control of everything, including number of processors and RAM to dedicate to the virtual environment, and the only exception is the lack of support for discrete hardware graphics acceleration (But for now should be OK for the games he wants to play).

  • by myxiplx (906307) on Saturday October 20, 2012 @12:20PM (#41715373)

    As a log term windows admin who's cleaned up more home computers than I care to count, here are my tips:

    1. Ensure windows updates are set to download and install automatically.
    2. Install AVG Free, sure MS essentials is good, but I guarantee every virus is written to avoid it, I go with 3rd party AV wherever possible.
    3. Install Chrome for web browsing, sync the account to google
    4. Setup his account as a regular user, don't give him the admin password
    5. Setup something to backup Warcraft, it's a huge download, you don't want to be doing it again if you need to reinstall

    And that's it, it's basic security but win7 is pretty good, the above has been enough to keep our home XP machine safe for many years.

    Ultimately it's a kids computer and they're going to click anything shiny, sooner or later it will get a virus. There are a few key points to bear in mind here:

    1. It's going to happen, preventing it is pretty much impossible.
    2. Your other computers are Linux, so the risk to them is negligible.
    3. Most viruses these days are botnets or phishing, so long as he's not spending a fortune on a debit card, the risk to him is minimal.
    4. All the software I recommended will update itself, so it's zero maintenance. That's a major factor in keeping windows secure.
    5. If it does end up riddled with viruses, a quick re-install over the top, followed by a sync to google and it's all back to normal, including your files and settings.

    • by Holi (250190)

      No offense but if the kid does not have access to admin rights it's not his computer, he's just a user.

      2nd you obviously have little experience with windows 7 as " a quick re-install over the top" ( I am guessing you are talking about XP's repair install ) is not an option on Windows 7. Hell it will be a computer for gaming and thats it Let it get messed up and reinstall when needed.

  • I'm a Windows guy for the most part so I'll give you my various insights from that world.

    First things first - have you tried WineX/Cedega or whatever evolution it's on to try running these things on your nix boxes? I've heard of various successes and I'd assume there's got to be a write up somewhere for how to do this - at least for WoW. Not sure about LoL.

    "Getting Windows 7 from a shop is surprisingly expensive, but I have found a place where they sell used software (legally) and can live with that one-time cost."

    OEM copies are a cheap route and the only main difference is that Microsoft wont provide support directly. You're basically buying as a computer builder

  • by Clomer (644284) on Saturday October 20, 2012 @12:21PM (#41715383)
    See title. I feel it important to point out that the Lenovo T400 does not meet World of Warcraft's minimum requirements. The Intel GMA 4500 GPU that this laptop has is specifically listed on Blizzard's website as not being supported. What this means is that even if you manage to get it to run, performance will be poor and the game really won't be any fun. In fact, I have to wonder if the problems you've had related to getting it to run in wine are more hardware-related - the computers you are trying to do this on simply aren't beefy enough.

    Other specs on the system are borderline bottom for barely meeting the requirements. Don't subject your kids to that. Get them a new computer with Windows 7 preinstalled. For virus protection, Microsoft Security Essentials does fine (free with Windows 7, though it is a separate download).

    You may prefer Linux, and it may even work for you, and for you that is fine. But we live in a Windows world - you are doing your kids a serious disservice by not giving them Windows exposure now. They'll need that experience in 10 years when they are trying to get a job - any job - that isn't Linux development.
    • I have to agree here: the laptop mentioned ain't gonna run the game in any way or form that's actually pleasant.

    • by Holi (250190)

      Have to agree, I just upgraded my girlfriends laptop for WoW, I got her an Inspiron 15r Special Edition (the one with dedicated graphics). You really do save your self a lot of hassle getting something that will actually run the game. At $800 with windows installed it really is not that expensive.

  • Since he will be the only one to use it, and for games, there should be nothing of value on the computer, so some malware are not going to be the end of the world.
    At worst, he will have his battlenet account hacked, so just teach him to use secure passwords and an authenticator. (You probably already did.)

    As some others have already pointed out, the best is to let him experiment by himself. However, there aren't that many (common) ways to get malwares; if it happens, you'd best have a talk with him about no

    • (plus you don't necessary want him to go to porn websites too).

      Personally I'd say that that's just folly: when the time comes he WILL find porn, one way or another, and there isn't actually anything wrong with that. Sexuality is one of those things that just can't be avoided, so why try to make it something he should feel ashamed of? He'll grow into a more stable and round person if you don't make him ashamed for things he can't avoid.

      When the time comes and he starts to show interest in such have a talk with him, make sure he knows how and why to wear protection and w

  • by RandomFactor (22447) on Saturday October 20, 2012 @12:27PM (#41715429)

    Translating - you aren't a windows guy, and you aren't going to become one for this, but you don't want to waste time reinstalling every couple of weeks or listen to your kid crying his account got hacked.

    With that premise

      - Set Windows updates to nightly download and install automatically.
      - MSE (AV from MS) is fine, oddly enough. Its even light enough you can run a second one such as Avast! if you wish.
      - NAT router in front assumed
      - Leave the Windows Firewall on, don't enable file sharing
      - Install Firefox, make it the default browser, load two addons - NOSCRIPT and AdBlock Plus. Remove the IE icon from the desktop.
      - Council the kid that this is NOT his general internet browsing/use machine. It is dedicated for the games. Continue to browse etc. on the systems you know how to maintain.

    With the above, you have no cost, minimal maintenance and the machine is very likely to stay secure for years.

  • by WarJolt (990309) on Saturday October 20, 2012 @12:31PM (#41715459)

    Do you have broadband?

    They all come with a free security suite.

    http://xfinity.comcast.net/constantguard/Products/CGPS/norton/ [comcast.net]
    http://www.cox.com/css [cox.com]
    www.att.com/esupport/article.jsp?sid=KB402441
    http://www.rr.com/security [rr.com]
    http://www22.verizon.com/home/utilities/security-backup [verizon.com]

  • I was too envious to finish the rest of the paragraph...
  • You need to use a sandbox - google for sandboxie, read up on it and find out how to set it up to put your bookmarks outside the sandbox, etc.

    You need to use a good browser, right now for me that's Chrome.

    You need to do the customary tweaks to the browser such as ad-blocking, script blocking, etc. Ghostery seems to do well, chrome also has a noscript clone.

    You can make windows accounts with limited privilege.

    If you want an active antivirus you can use microsoft security essentials - free.

    If you want to pay f

  • Every year I host a LAN party on X-mas Day. On Linux.

    2006 - Duke Nukem 3D
    2007 - Urban Terror
    2008 - Warzone 2100
    2009 - Doom 3 and Unreal Tournament
    2010 - WoW
    2011 - Enemy Territory Quake Wars
    This year will be Borderlands or Halo. (Under Wine) Not sure which.

    So the idea this kid needs Windows 7 is doubly rediculous. I make it my business to host contained LAN wars for Friends and Family.

  • Make the gaming PC as consolized as possible. Setup multiple partitions if you need to or provide a secure VM on the house server that he can use to peruse questionable sites without exposing the gaming machine and its expensive and time consuming software stack. Dont let the gaming OS browse the web, except when absolutely necessary (like steam, Blizz account pages etc) Image the hell out of the machine regularly after rolling in new changes. Treat it like a static machine, not a general purpose PC. Do not
  • The biggest security hole in every system is the human. Teach your kid safe browsing and general safety guidelines. Viruses don't get on a machine by themselves. Put on MSE and a firewall. Don't use third-party antiviruses, they cause more pain than the actual viruses.

  • by Deathlizard (115856) on Saturday October 20, 2012 @03:00PM (#41716407) Homepage Journal

    1) install Windows 7 and set a password for your account.
    2) Install all MS Service packs, patches and MSE.
    3) Make a Limited user account, and log into it. This is your Kids account
    4) Install Chrome for that user, give him a Gmail account to backup settings (in case something does happen to the system) and install Adblock plus with the Easylist filter on it. Set it as the default browser. Hide or disable IE afterwards. This also sandboxes the browser even further and gives him flash player and PDF functionality without having to worrying about updating those.
    5) DO NOT INSTALL JAVA!! He doesn't need it, it's full of exploits, and every exploit kit on earth uses it to infect your box! If he needs Java for Minecraft (and seriously this is the only reason to install Java. Anything else say no.) then Install the 64 Bit version and run it from the minecraft executable on Mojang's site. The 64 bit version of Java doesn't work for browsers other than IE 64 (which you uninstalled) so just install that one and update it manually since the clueless idiots at Oracle hasn't figured out how to auto update 64 bit java for some reason..

    As for games.
    1) install the game as the admin. Try it on his user account. If it works, Great.
    2) If that fails or if you just want to simplify setup, use UACTrust [itknowledge24.com] to make a shortcut that is pre-trusted. Since it's unlikely WOW or LOL will hack the machine directly, you can use this so he can play the game while the other stuff is user snadboxed.

    Other notes:
    You said you're letting him use a Lenovo T400. Ban him from using USB devices on the left USB ports unless you want to replace a Board for $300. If he must use USB, Only use the right USB port by the CD-Rom and use a Hub. That port never breaks.

  • by DL117 (2138600) on Saturday October 20, 2012 @03:49PM (#41716703) Homepage

    A couple problems with what you're doing:

    1. Games on a Lenovo?! Lenovo is Chinese for 'shitty laptop company' Their computers are for business, not gaming.
    2. Norton? Norton's a scam. Just use Microsoft Security Essentials. Even if you get a virus, who cares? Worst case, reformat, start over.

    It's not so complicated.

  • by hobarrera (2008506) on Saturday October 20, 2012 @06:05PM (#41717625) Homepage

    What do you mean you "couldn't get wow to run on wine"?
    WOW has a platinum rating on wine's appdb [winehq.org].

    For those of you who don't know, platinum means that absolutely no tweaking is required at all.

    If they want to game on wine though, make sure you get an nvidia card. It's the only way to go. Sure ATI/Intel are more open, bla bla, but if gaming's what you want, then it's your only choice.

  • by Mhrmnhrm (263196) on Saturday October 20, 2012 @08:26PM (#41718473)

    Surprised I haven't seen this mentioned, but in addition to MSE, Microsoft also offers a second exploit prevention/mitigation tool called EMET http://www.microsoft.com/en-us/download/details.aspx?id=29851 [microsoft.com]

The sooner all the animals are extinct, the sooner we'll find their money. - Ed Bluestone

Working...