I love to “steal” content and blog post ideas from others (usually AuditMonkey), but this time, I slim-fingered from Mister Reiner (check out his computer security and hacking blog at misterreiner.wordpress.com).
All I really stole were the ideas inspired by a comment that I left on his post entitled, Your friends and relatives can go home and jack up their own computer. Reiner wrote that allowing others on your computer might result in an infected PC if your friends and relatives do stupid things like surf porn or open email attachments. To avoid these issues, he suggested you do the following:
- Lay down the law as to what they can do and where they can go on the Internet.
- Set up a virtual machine like VMware Player (free) or VMware Workstation for them to use instead of your regular desktop environment.
These are good ideas, to which I’d also add:
- Never let anyone on your computer when you’re not around.
That’s just asking for trouble, especially since this violates one of the 10 Immutable Laws of Security, namely, if someone has unrestricted physical access to your computer, it’s not your computer anymore. (I suggest those of you with kids follow this advice to help them avoid bad content.)
- Use a bootable Linux CD like Ubuntu. Even if they go to bad sites, when you reboot the computer, it’s all gone.*
The one issue you need to be aware of when using this method is that the user still has access to your hard drive and can read, update, or delete your files. Since a different operating system other than Windows is running, any file permission protection that Windows normally would provide is NOT operational. Which sends you back to the point immediately above: don’t let others on your PC when you’re not watching.
However, I don’t see this file access as a big risk, since most people don’t use Linux, and the file managers used to view and edit files are a bit different from Windows Explorer.
* For those of you who aren’t familiar with the bootable Linux method, all you have to do is download the image and burn it to a CD (or DVD). Most Linux distribution websites will walk you through this step-by-step. When you boot the PC with this CD, the operating system and applications (including the Firefox browser) run in random access memory (RAM) without writing to or changing your hard drive. (This is also a great way to play with Linux and taste the other side of computing.)
- If you have an old, slow PC laying around, let them use that. It not only keeps them off your main PC, the poor performance of the box silently discourages them from asking for access again (the perfect solution!).
If my friends and relatives put up a fuss, I simply explain that those are the rules of the house. If that doesn’t work, then I remind them of all the times I’ve had to help them untangle THEIR computers and explain how I don’t want the same to happen at my PC.
ITauditSecurity 