I know how I want to protect my own and my family’s PCs.
I know what software I trust (and how this changes over the years) and what can be a resource hog. I know how often I want to scan my PC for malware, rootkits, etc and then I know that those I support aren’t as technically aware as myself and often I need reconsider what I use to protect them and then wonder if I am going far enough or too far?
So how to draw the line? For machines I support I take the approach of ensuring the user has as little interaction as possible. Coupled with what I hope is sensible advice then after 30 minutes or so of a one to one they will not come away feeling overwhelmed but prepared to face the wider world of networking. Secondly I make use of a remote support tool and my preferred choice here is to use the free version of LogMeIn (I don’t need remote file copy or print abilities) and with this I can always access the machine to either coach or fix as necessary.
So what do I use? These are personal preferences and I realise there may be some debate (which is what I want) but they are preferences borne of years of experience as well as reading industry reviews, listening to users and also in putting my trust into certain people to do what they say they do. I refer to folks whom undertake group tests on AV for example or firewalls and so on.
So, my list of necessary software is:(windows based PCs)
- Firewall – currently I love Tall Emu‘s OnlineArmor and this is slowly replacing the former incumbent Comodo. Both offer free versions and both are happy for Charity based groups to utilise their free product.
- Anti Virus – Eset‘s Nod32 has been top of my list for AV for years and now that they’ve updated their GUI it is even easier to use. They don’t offer a free version but when you price in charity discounts and go for multiple year purchase of updates it works out at less than £5 per machine per year.
- ccleaner for vaping temporary files, cookies, etc
- Educating them to use firefox rather than IE but some of them are diehards so I’m looking at locking down IE and using a central configuartion tool for Firefox.
- Utilise Active Directory Group Policies to lock down unessential tools, etc.
- Beyond this I have one fairly tech savvy office user to whom day to day support and issues go.
What I’d like to add is a a few layers of additional protection but I think the alerts would drive the users crazy or the complexity of the software or the results produced would push my workload up tenfold – and as it is my time is precious enough to them that ‘wasting’ it with trivial stuff is not realistic.
I’d like to ‘force’ the users into using a sandbox and only once they are happy that a download won’t infect their day to day work to migrate the app or whatever from their sandbox to their PC. Perhaps utilising a virtual PC would be another way and if that gets infected then just blat the vPC session and recreate it.
Additionally I’d like to see them doing regular scans for malware and rootkits, etc but the reality is this won’t happen so we need to look at a centralised solution. Therein lies an issue in spare capital for doing just such and so scans like these go to my to do list when I have nothing else on, right!
So what do you use to keep your networked PC’s secure, virus and other nasties free?
Do you have a central hardware based firewall (even if free) protecting the network or?
What regular tasks do you undertake that you’d like to see automated or done by the users?
Anything else?
