Expert: Carolyn Meinel - 3/4/2008

Question
Miss Meinel,

I've read several of your articles, and have enjoyed your site for sometime.  As a student in the field of Information Technology, I was wondering if you could offer some suggestions on "hardening" a win xp system.  I have 2 teens 13 & 14, who use the computer, myself, and my girlfriend.  I am always trying to get them to be more secure about the system, so i don't have to always come behind them and fix it.  There is only 1 user profile in use on the machine currently.  I've been thinking about using software like Microsoft's Steady State, and others that help secure a shared computer.  I know until everyone who uses the computer in the home is well educated, and practicing secure habits, there is no way to completely secure it, but atleast I can try to defend from alot of possible problems.

Answer
Having raised four kids, my guess is that your biggest problem will be their temptation to download files with peer to peer file sharing systems that kids use to get pirated music. Less likely, but possible if one of the teens is a boy, is visiting porn sites.

Your best possible defense would be to install the Linux operating system as hardly any of the attack programs that come from visiting porn sites or downloading files will work against Linux. If you decide to take this solution, your best bets for user-friendly and secure Linux would be Redhat (redhat.com) or SuSE (http://www.novell.com/linux/) and get the desktop version.

If you decide to stay with Windows XP, you will have a huge problem unless you can block all downloads and any use of Internet Explorer. Those net nanny programs only do things like block access to porn sites and they also carelessly block access to my happyhacker.org site because it has the word hacker in it. Sheesh.

But if you are determined to use XP, then at a bare minimum you need a security suite that combines protections against adware, spyware, a firewall that is better than the XP firewall, and protection against all sorts of viruses, worms and other Trojans. To avoid getting dangerous emails that lure people into giving up personal information, you need a good spam blocker.

To keep other people from changing your security settings, you should set up your security program(s) under your own account, which should be the only one to have administrator privileges, and make certain their administration is restricted to you only. Then set up another account or accounts with minimal privileges for the others.

My personal choice for XP security is Zone Alarm for a firewall which also eradicates adware and spyware. I also use Norton Corporate antivirus to handle the viruses, worms and etc. I get spam filtered out on a remote server so it doesn't slow my Internet access and CPU by having to download it all before detecting and deleting it. I get this by hosting the email servers for all the domains I manage at Network Solutions. If you want to try this you would need to buy your own domain name and have it hosted on one of their servers. It actually isn't all that expensive if security is what you want most of all.

On the other hand, you can get all your security software for free if you decide to go to Linux only. But then you would have a bit of a learning curve to be able to set up accounts for the other users that don't let them do foolish things. So you might want to try out Linux on a new computer and keep it to yourself until you have gotten the hang of it.