Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-12-24 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Family System Administrator

Published: 2005-12-24
Last Updated: 2005-12-25 00:45:55 UTC
by Kevin Liston (Version: 1)
0 comment(s)
A couple of days ago we asked our readers, "if your parents got a new computer for Christmas, what would you tell them to do?"  The responses have been great!  Rather than trying to summarize, we decided to just print them all in the order they were received.  If the submitter clicked the box that said it was OK to use their name, we've done so.  Thanks to everybody who sent us their ideas.

Good luck on Christmas morning, everybody!  We know that most of our readers are also family system administrators and this time of year we work overtime.

Best wishes to you and your family from all of us at the Internet Storm Center!

Marcus H. Sachs
Director, SANS Internet Storm Center


From Gary Hinson:

I'd talk them through Bill Cheswick's presentation: "My Dad's Computer, Microsoft, and the Future of Internet Security" at

http://www.cheswick.com/ches/ppt/soups-dad.ppt

Merry Christmas to all at SANS.


From Yves Konigshofer:

If it's a new computer, I would tell them to get a wired (not wireless) router at the same time and set up the router with the old computer before connecting the new computer.  That way, windows updates can be installed without having to worry about worms.

In fact, I got my parents a router last year (OK, I also wanted to be able to use my laptop there at the same time) and my father is looking to get a new computer any day now.

It's also important to set up accounts that are not administrator accounts for everyday use.


From John Herron:

If my parents received a new computer for Christmas I would tell them to use Firefox with the Adblock and NoScript extensions.  And if they were ever asked to answer "Yes" or "No" they were to answer "NO" unless they called me first.  The internet is just too dangerous for amateurs unless they follow these steps.


From Pawel Maczka:

We can multiply hundrests of tips but following are essential and minumum list "must have" to protect new Windows box with absolutely minimum cost and effort:
- set strong admin password - use >= 8 characters mix with !"#&/) and numbers
- just uncheck "Sharing disks and printers in MS networks" in network connection properties
- agree for firewall and automatic updates
- get Mozilla FF from www.mozilla.com and set as default system browser.
- purchase and install commercial antivirus software
- set password for regular user like admin password
- install an ad/spy-ware freeeware like spybot or lava or just even MS AntiSpyware


From Jafar Calley:

First I would tell them give me a few hours with to to remove Windows and install Linux. Then they can claim a "Cashback" from Microsoft by sending back a rejected licence. :D

Next, my present to them would be free Linux lessons and support for life. As they are complete PC n00bs they wouldn't be able to tell the difference between Linux and Windows, but a little help in using it would go a long way.

Using Linux would also be less frustrating for them as they wouldn't have to worry so much about viruses and spam so they can surf the "interweb net thingy" without worrying. No Spyware either.

Most other stuff like email, writing letters etc.. is straight forward and usually pre-installed with most Linux Distros so after a few lessons, they won't need to keep call ing me back because the computer keeps crashing or they can't do what they want to do.


From Steve K:

If my folks got a Windows PC for Christmas I would explain that it's a very powerful tool - not an appliance, and that they "would only benefit from it if they were to attend a local training course (picked by my good self)", one which covered Windows & broadband security routines.

(Luckily the limit to my father's computing expertise is playing "Missile Command" from MS Arcade and he has no aspirations to further technical savoir faire!)


From Peter Glock:

I'm getting a mac mini for my mum to rig up to her LCD TV.  This will replace an ageing IBM ThinkPad which I'm heartily sick of providing remote support on (she lives 150 miles away). 

She has an existing AOL account for the rare times when she needs to be online which I set up for her some years ago. I foolishly though this would add some additional layer of protection (d'oh).

I'll use the included Apple Remote Desktop to give me VNC access (tunneled over ssh of course) for remote diagnostics, not sure how this will work through the AOL proxy, I will probably have to put a script together to setup a reverse tunnel.  I'll set her up two accounts, a 'normal' one for everday usage plus an admin account for those rare occasions when she needs to install/update something.

The mac firewall will be set to allow only ssh inbound.  I'll setup ClamAV on the mac to scan stuff for malware.

I'm probably going to setup a wifi dial-up access pont (I have an older Apple Airport going spare) so she doesn't have to have a phone lead installed by the TV.  This will be locked down with WPA.

Thinks that's it!


From Gavin:

If my parents got a new omputer for christmas, I'd make sure they had my brother in laws number and go on holiday somewhere with no mobile phone coverage.


From Anonymous:

If my parrents were to get a new computer, I'd take on the role of security elf and intercept it to ensure it would be running still on the Day After Christmas.

Knowing it would most likely be Windows as the OS (beginner's choice), I'd have autoupdate set up, AV with hourly checks and weekly scans, a REAL firewall with updates set up, and a card taped to the monitor with my phone number for emergencies that will occur (new users).

After a bit, I might try to persuade them to go LINUX, use openoffice, firefox, thunderbird, etc.  Security updates are posted as soon as they can be resolved and don't wait for a patch cycle on fixes for Zero-Day exploits.


From Anonymous:

If my parents recieved a new computer for christmas I would insist that they give it back.  I have spent years trying to educate them on the basic concepts of how to use a computer and they still struggle with the concept of 'right-clicking' for a list of options, they still do not understand how to send photos via email to Aunt whoever or how to save the photo of Uncle Joe that was emailed to them.

I find that many of my relatives that are 55 and older just have not had the experience with technology to intuitively understand it and these are the same ones with always-on high speed connections at home and no firewall/AV measures.  I spend many hours helping fix these issues for them only to find that after 12 months and the subscription runs out, they get confused by the nag screen asking for a renewal and never do it and end up compromised again.  Return to top of paragraph.

I hate this time of year....  My list of relatives that call me for help will increase with each new PDA, computer, and MP# player.


From Randy Nash:

I saw your post this morning asking what we'd tell our parents if they got a new computer for Christmas.  Last year I started getting calls right after Christmas from family and friends, prompting me to write my "New Years Security Resolutions" article (http://www.atriskonline.com/archives/00000037.htm)

While some of this may be somewhat dated, I tried to keep it generic and high-level enough to be useful over time.  Today I'd at least add a section on using a secondary browser such as FireFox.  I may also expand on the various tool listings for each category.  I hope you find this suitable.


From John Franolich:

This is easy on the windows home user...

UltraVNC is a nice remote app that can be customized to connect with your IP.  The executable, that the home user downloads, does not install as a service.  Also, it will time out after a few minutes if there is not any inbound connection. 

See http://ajaxtricks.blogspot.com/2005/11/put-geeksquad-out-of-business.html

and http://www.uvnc.com/addons/singleclick.html


From Bert Rapp:

I'd tell them to buy a Mac.  I've been telling everyone to buy Macs.


From Michael Varre:

Return it for a full refund. Then take the money and go on vacation for a few days :)


From Dan:

What I would tell my parents is:

Write down the Dell tech support number and keep it on the fridge.

P.S. That number should do ya for a year  :)  After that please feel free to call me.   Baahhhhh Humbug.


Oh, I may also share the basics of keeping their computer up to date with patches. A reminder every week or so in their calendar to double check their AV signatures and run a spyware scan also worked extremely well.


From Art McFadden:

If my mother-in-law were to get a new computer for Christmas, first, I would faint.  Then I would get ready to be bombarded with calls.

The first logical steps would to ensure the OS and drivers are up today and add some of my favorites.  Microsoft's anti-spywear program, Spybot Search and Destroy, and Girsofts free version of AVG antivirus.  From experience, I have found that people with expired antivirus programs allow them to lapse for two main reasons:

?  Money-  Will the computer still work?  Yes?  Well then why should I pay anything?  I won't get a virus.  (sounds like an incorrect similar line of thought I heard about from some less cautious fellow students in college ;-) ?  Not informed-  We warn people constantly about fraud on the Internet, identity theft, and other white collar crimes.  Now they get a window asking them for credit card information.  Hopefully, they will call someone they trust before dismissing this as a scam to be enlightened.

If my father (the retired computer analyst/administrator) received a new computer for Christmas, I would ask him what the specs were and how does he like it.  After all, he is one of the people I call when I have questions.

Happy Holidays and stay safe.


From Tim:

Already happened...  In '98 us "kids" got together to get a pc for mom and dad.  Windows 98 with dialup AOL.  Put the usual Office suite, McAfee, Adobe, etc on the box.  Then came training day - ugh.  We very slowly went thru the power on, boot up, click the America Off Line button, listen to the modem dial, connect, verify the username, click No Thanks to their barrage of ads, then click the email icon.  I had already called my brother on the other coast to email jpg's of his kids.  We found the email waiting and explained how to view the attached photo's.  As soon as he was done reading the email, dad reached over and unplugged the pc from the wall - while still online.  In disbelief, I asked why he did that.  His reply:  "I was finished".  It took another week of constant tutoring before he could grasp the concept of disconnecting from AOL and shutting down the machine before powering down.  He was 70 then. 
Now he has broadband on a little celery 2 gig machine.  He still does email, but now his joy is printing color photo's of the fish his son catches.  He goes thru color ink cartridges pretty fast.  I worry about phishing attacks because he's a prime target.  I swing by and run spybot and adaware occaisionaly and so far, so good.
My neighbors are in their 80's and surf high speed all the time.  They are very pc savy and know about suspicious emails and using Firefox instead of IE, etc.  It just depends on their comfort levels.  Mom and Dad's machine is ripe for a zombie attack, while my neighbors are trusted surfers.
happy holidaze


From Wayne Smith:

What I told my mom over two years ago when she 'got a Dell'.

1) You will use alphanumeric passwords at least 8 chars long.  You will not use the same password for more than one account.  Your ISP email password should not be the same password you use for ebay, which should not be the same password you use for paypal.  Period.
2) You will have an anti-virus program installed and you will update it every time you are online.  You will get the new upgrade once a year.  Yeah, it's a pain on dial-up so just do it when you are done surfing each time, unless you haven't been on for a few weeks and then do it immediately before you surf the web or check email.
3) email... you will never forward, forward, forward something that simply has to go to all your friends.  Chili's and sear's aren't given away their money.  If you forward anything like that to me, I'm changing my email address and my name.
4) you will never, ever, for any reason, click on a link inside an email.  If you want to go to ebay, paypal, anywhere, you open up a new browser and type the URL in.  You look for the 'lock' and the https.  If it looks strange, don't trust it.  If anybody says your account has been hacked and click here, what do you do? Exactly
5) if you weren't expecting an attachment in an email, you don't open the attachment until you contact the person you know and ask them what it is and why and have them confirm they sent it.  If you don't know the person sending it, delete it and don't email the person.
6) Windows requires updating.   It's not an option.  When you are online, check for new updates.
7) you will have a separate, low limit credit card you use for online transacations.  You never send the number via email and unless you see https, the lock, and you didn't get any warnings about 'certificate', etc, you don't use it.
8) if something pops up on your screen, you'll read the whole message before clicking anything.

I'm a tech head and so is my wife.  My Mom is on the other side of the spectrum.  She's been computing safely for two years and only asks me for help when she needs to pull down a new copy of Norton once a year (hard on dialup).


From Dean:

If Mom and Dad actually bought a new computer, we would have miracle number one...
If I could talk them through installing the antivirus and firewall software, we would have our second miracle.
Now if, and this is a biggie...if I could get Mom and Dad to stop forwarding every single chain letter they receive, asking if it really is true, or warning me about...
This would be miracle number three, and I would consider myself truly blessed.

Happy Holidays to all!


From R. J. Brown:

My father is 84 years old, and has several computers already.  I tried to get him to switch to Linux, but the learning curve was too steep for him without my being able to be there physically and help him.  The only advice I would give him at this point is to be sure his anti-malware tools are working -- virus scanner, internal firewall, and spyware scanner.  He pretty well knows what he is doing by now.  He was involved with the early GE computers in the 1950's, and is a big reason why I am now a computer consultant myself!  Now my wife's mother?  If she got a new computer for Christmas, I would just tell her not to hook it to the internet!  ;-)


From Jim Halfpenny:

...I'd buy them a copy of Civilisation IV and tell them the Internet is expensive and overrated.

My parents do have a computer and use it only for web browsing. It's coming home with me this Christmas to have Linux installed on it. So long as it has Firefox and Solitare they will be happy. So long as it's not got pr0n dialers, spam relays, spyware, adware, DoS tools, viruses, trojans, worms et. al I'll be happy.


From David Hamilton:

I gave my parents a computer at Christmas a few years ago.  My folks have DSL. I installed a hardware firewall and virus protection immediately.  Later on, Firefox, anti-spyware and a pop up blocker all with training. I keep the "gift giving" going all year by talking to them about the bad stuff out there in terms that make sense to them.  I also trained them to ask me if they have questions or just don't understand. 

If I did it over, I would install hardware and software above all at once and train them throughout the year. 


From Kristina Harris:

I dunno about everyone else, but if my parents got a new computer for Christmas (without me getting it, in which case they would get it will all applicable updates, antivirus, and firewall software installed), it would go something like this:

*ring* *ring*

"Hello?"

"Hi, honey, it's mom."

"Oh, hi mom."

"Say, I got a new computer, and I was wondering if ..."

"No."

" ... what's that?"

"No. Just No. You got it at Costco, didn't you?"

"Well, yes, but ..."

"And it has Windows, doesn't it?"

"I think so, but ..."

"Okay, do NOT plug in the computer until I come over with my  adware detector/firewall/antivirus CD."

"Well, I was just going to .."

"No."

" ... what?"

"I said no. No, no, no. Do NOT. Plug IN. The computer. Until I get there."

"Well, really, honey I was just ..."

"Mom, don't make me disable your DSL."

"Oh ... okay."

"I'll be over in a few minutes."

"All right honey, I guess I could wait for ..."

"Oh, and Mom?"

"Yes?"

"If you decide not to listen to me, just remember: Wells Fargo does not outsource their emailing to a company in Uganda, and Paypal does NOT need to verify your information. Neither does eBay. And you don't need to click on that link to verify anything. Trust me."

"Oh. Are you sure?"

"Yes. Oh, and Mom?"

"Yes, honey?"

"Merry Christmas."

*click*


From Ron M:

"The question to you is, if your parents got a new computer for Christmas, what would you tell them to do?"

Return it. No kidding. There's just no hope that it'll stay updated and happy if they actually plug it in. An cuticle chainsaw would be a safer gift.

Have a good holiday, all!
 

From Anonymous:

I would tell them to _not_ connect it to the Internet, until I did a few things:
* many new motherboards have built-in RAID capabilities.
I would purchase a 2nd hard-drive, and build a "mirrored"
RAID ocnfiguration.  Then, if one hard-drive died, the other drive will become a backup, until I could replace the dead-drive, and re-enable the mirroring.
Yes, mirroring adds a one-time hardware cost, but it certainly is much easier for my parents than trying to teach them how to do routine backups.
* enable the Windows XP firewall *BEFORE* connecting the computer to the Internet, and then accessing Windows Update.
* download free software: MS Word Viewer, Adobe Reader, the GIMP (www.gimp.org), the latest Shockwave and Flash plug-ins.  Then, tell them that anytime that a pop-up window tells them to download or install something, just say "no", by closing the window, rather than clicking on the "NO" or "DECLINE" or "CANCEL" buttons insdie the window.
* of course, anti-virus software (www.my-etrust.com/microsoft) is an absolute essential.
* inventory the CDs and documents that come with the computer, to ensure that they have received everything that they are entitled to, and help them to store that bundle in a safe place.

Enough?  :-)


From Alan:

My advice to anyone receiving a new computer for Christmas:

1) Do not connect it to the Internet without an external hardware firewall.

2) Boot the machine and set a secure login password for admin / root and for the user account.

The following advice assumes it is a Windows machine

3) Before doing ANYTHING ELSE, perform a complete Windows Update. 

4) Launch Internet Explorer.  Download and install an alternative browser.  My choice is Firefox, but Opera is also a reasonable choice.  Then remove the blue e from the desktop and the launcher on the taskbar, and exit from IE.

5) Launch the alternative browser. Download and install Thunderbird for email.  Remove Outlook / Outlook Express from the desktop and the launcher taskbar.

6) Install a good anti-spam tool.  I like K9 from www.keir.net/k9.html.  Teach the new PC owner how to train the antispam tool.

6)  Download and install a personal firewall.  Unfortunately Sygate is no longer recommended because support has ended :-(  ZoneAlarm is ok.

7) Download and install the free grisoft AVG antivirus product.  Update it and set it up to scan nightly.

8) Go to housecall.trendmicro.com and perform a scan to be sure the machine is clean.

9) Give the standard lecture about not clicking on links in emails, not opening attachments, and being generally paranoid about unknown web sites.

10) If they insist on using instant messaging, install the latest version of gaim and remove icons for any IM tool supplied with the pc.

11) Install Startup Monitor and Startup Control Panel from http://www.mlin.net/.  Educate the owner about how to answer the popup questions that will occasionally be presented to them.

ALTERNATIVE to #3-11:  Install Ubuntu Linux or a similar user-friendly distribution.


From Anonymous:

If my parents got a new computer for Christmas, and it would be a laptop, I'll tell them to plug the thing in, turn it on, close it, put it on the floor, put the feet on it - and they'll have warm feet all day long ;-)


From Anonymous:

It's funny you sould ask; My parents ARE getting a new computer for Christmas. I steered them to a notebook so they could easily transport it between thier winter and summer places. That also means they can just bring it with them when they stop by my house and I can check it out.


From Anonymous:

Direct them to leave it in the box and bury it in the backyard. :)


From  Mike Lewis

My advice would be simple. Buy a MAC with the 3-year service and support contract, and then in 3-years, buy another MAC. The things my parents would do with a PC include e-mail, web browsing, paying bills on-line, and maybe saving digital pictures.

Why go through all the service, support, spyware, antivirus, free downloads ... crap available to Windows based PCs if all you want to do is e-mail, surf, and save pictures?!


From Brent Bice:

Interesting that you ask this as I've had this same scenario with several family members except not at Christmas. :-)

1.  The first thing I've recommended several times to the extended family is, go buy a router/firewall -- not just firewall software, but a separate network device. Yes, they've had their own set of issues but it's far harder and less likely that the malware du jour will disable a hardware firewall than any of the software firewalls that may be on a compromised PC. I also urge them to get the latest firmware updates for their new network router/firewall.

2. From behind the firewall, update the brand new machine with the latest recommended patches and all security patches from Microsoft.  Reboot. Rinse, lather, repeat until no more recommended or security patches are found.

3. Repeat step 2 with any software packages installed on the system and repeat as needed if any additional software gets installed.

4. Install Firefox and Mozilla and configure them to not trust cookies, have javascript off by default and to not load remote images.  Yes, Firefox and Mozilla have also had security bugs, but they've been fewer in number and usually less severe and less broad in scope than those found in MSIE and Lookout (er, I mean Outlook).  Tell the user to use firefox when possible, enable javascript only when absolutely necessary, and use MSIE only when absolutely necessary and only for trusted websites (like their employer's poorly designed website, for instance).

5. Uninstall unneeded software.

6. Install/update anti-virus software. Ensure it updates itself at least once a day.

7. Install/update anti-spyware tools such as (but not limited to) Spybot S&D, AdAware, the new MS Malware Removal Tool, etc.

8. Give a class (or two or three) on the care 'n feeding of anti-virus software, anti-spyware software, applying updates (ensure automatic-updates are on), recognizing phish, the risks of opening holes in the firewall or installing browser plugins/helpers, and generally install a bit of healthy skepticism about clicking on links coming via IM or email.

   Most of these require that I or another geeky family member pay a visit to help out. Oh well. It's usually good for a dinner and generally means far fewer of those REALLY painful attempts to walk someone through un-fscking their computer over the phone after it's been trashed by the MS Worm of the week -- especially if you're a unix geek like myself who hasn't kept up with all the changes to the windows desktop interface!


From Keith Rosenberg:

What would I tell my Parents?
- Antivirus software
- Firewall
- anti-spam capability
- Hardware firewall if they have broadband
- Keep OS and all software updated
- Provide phone and e-mail support
- Educate them about the internet's redlight district
- And finally, set up their computer for them if possible. That is what I did in one case.


From Anonymous:

Have them return it.


From Dave Rundle

'Twas the day after Christmas, when all through the house
we were gathered round the PC, examining the mouse;
The flat-panel LDC; speakers, so new and so crisp,
Displayed Microsoft Sam, with his usual lisp;

"Welcome to Windows," it intoned with a beep
Never warning that the Internet has more than one creep;
And mamma's logging in, and shopping like crazy,
Cause security issues make most people lazy,

When up on the screen there arose a quick popup,
A quick flash of the drive light, a really quick screw-up.
Away to the keyboard I flew like a flash,
Tore open the registry and cried "Where's the Patch!"

The new startup path was pointed to "Temp,"
Hmm, where the Internet cache is usually kept?
When, what to my wondering eyes should appear,
But a known key logger, to cause much fear

With an outdated driver, more useless than junk,
"Who hacked my computer; what little cyber-punk!"
More holes than had patches, who was to blame?
And he whistled, and shouted, and called them by name;

"Now, Microsoft! now, Borland! now, eBay and Spammers!
On, Oracle! on Apache! on, Mozilla and Hackers!
Who can guard my computer, who's the best of them all?
Who can do a good job, and not leave me to fall?

As Norton was loaded, and Mcafee started,
My guests grew tired, and soon they departed.
Loading up patches took most of the night,
And then the next morning, I had a new fight.

My adolescent son awoke before dawn
Frantic scrambles downstairs I heard as I woke with a yawn.
Cam Girls Live he'd found; a deviant site,
You won't meet him here, cause he's grounded for life.

Net Nanny I loaded, and then CyberSitter,
A whole lot of trouble caused by this little critter?
A new bunch of toolbars has just been installed,
And a DLL error, (the kid will get mauled!)

By the next week, I gave up, the computer reloaded,
40 hours of work, like the Matrix I coded.
Had I taken the time to prepare my Dell,
I would not be he sitting here inside malware hell.


From Anonymous:

I would do the same as I already did for my daughter (she got a 2nd hand PC as an early Christmas present) and install Ubuntu linux plus the codecs required to access some non-free audio and video.

Merry Christmas and a safe and prosperous new year to all the handlers.


From Anonymous:

If my parents had a computer for Xmas:

I would hope it is a Macintosh.

First and foremost because they easier to use, so less support calls...

But also because they are somewhat less prone to the on-going barrage of malware and viruses and all around pests that make computing such a pain.

If it is not a Mac, then I just got myself a free weekly dinner on Sundays...


Keywords:
0 comment(s)

Parents and Computers

Published: 2005-12-24
Last Updated: 2005-12-24 21:22:48 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
We compiled the information that many people sent to us over the past few days to answer the question, "if your parents got a new computer for Christmas, what would you tell them to do?"  The long list of ideas, poems, and thoughts are here.

From all of us at the ISC, we wish you the merriest of holidays and best wishes in the coming year!

Keywords:
0 comment(s)
Diary Archives