dbarrow
06-18-2006, 11:57 AM
Although we have taken glancing blows at this topic in various topics and discussions in the past, we have never collectively looked at a complete tutorial to help users create what I will name the "SafeSurfer" user.
Information about Vista has been showing us where M$ is going in terms of security, limited users distanced from their ability to access and modify the OS. The open infrastructure of the OS and the ability of many functions to impact other critical functions has long been the screen door in the submarine for M$ security. Yet, the majority of this problem was cured, for the most part, in XP from the very beginning.
It's just that few if any people take advantage of the cumbersome and detailed process of setting it up.
In order to fathom the concept (ala Vista), one has to alter their thinking about how they use the computer and seperate "inside" from "outside".
In the common day to day use of XP, we often fail to establish a distinct boundary between what we do "inside" the system vs. our routine and regular connections "outside" the system, the deep dark holes where the trouble comes from. It is all too easy to blend the two into one routine function.
We all have our collection of bookmarks, links and functions which connect us to the "outside" online world.
As educated users, we all practice "Safe Computing" habits and know how to avoid most of the potholes in the www.
We run numerous security programs, AV, mail screening and other measures to protect us.
Yet, how often do we go in search of things doing some research or shopping where we bring up a Google list many pages deep in unknown links to unknown sites where we start dancing through the web into unknown territory?
Despite our "know better" Safe Computing knowledge and our arsenal of defenses, we chuck it all in pursuit of the quest and start tripping through the darker side of the web where one wrong click can take us off a cliff.
I will bet that none of us here, being seasoned and well educated Safe Computing users, have set up any kind of restricted user logon just for that purpose.
Whether it is inconvenience or just being lazy, we have avoided the major security feature of XP that has been there all the time in favor of all the other measures we use to keep us safe and a total reliance on those "third party" apps to protect us.
Now, here is a collective project for all of us to work on, how to setup and establish a SafeSurfer limited user account for those times when you have to make an excursion into enemy territory.
Let's develop a complete tutorial on setting up a limited user account for this purpose which blocks download and install, resides apart from our other Documents and Settings folders, has limited cache, does not store cookies or passwords, and is highlighted with a higher level of attention from all our other security devices.
Everyone put on your thinking caps and apply all the knowledge of XP you have to creating a secure SafeSurfer user that is as secure as you can get.
1. Create a SafeSurfer user account
a. Restrictions
b. Privledges
(1) exploring XP Permissions and security policy
c. File locations
(1) how to move the user settings to a different location
2. Applying "third party" security apps to specifically scan this user account with higher security
a. Target these files for AV scans
b. Use of plugins and extensions
3. Browser security
a. Limit and flush cache after use
b. Flushing cookies, passwords, MRU after use
c. Browser security settings
d. Adware blocking using the Host list and re-direct
4. Network security
a. Isolating this user from network functions
b. Firewall restrictions on this user
5. Additional security programs
6. Limiting startup programs, menus, applications available to this user
As you start thinking about these various items, you know full well that we routinely do not apply most of them to our "regular" user account as they can be a real PITA for daily use. They can be overly annoying and block us from many of our "regular" tasks. The majority of them would be just too annoying to apply on a constant basis.
But... for those limited times when you intend to go off on a lengthy search or intentionaly prowl the darker side of the web, these added security measures are a must!
These are the times when you want to strap on your six shooter and don your bullet proof vest by switching over to your SafeSurfer limited user account for a cruise in your armored Hummer.
Creating a limited user account is not all that difficult, it's just an annoyance that most of us never bother with.
It takes little space and consumes no resources.
If you start looking at the enhanced security of Vista, what the heck?, we can do most of that already!
Ok gang, let's each start creating a SafeSurfer user account and building up all the security levels as we work through the process!
Information about Vista has been showing us where M$ is going in terms of security, limited users distanced from their ability to access and modify the OS. The open infrastructure of the OS and the ability of many functions to impact other critical functions has long been the screen door in the submarine for M$ security. Yet, the majority of this problem was cured, for the most part, in XP from the very beginning.
It's just that few if any people take advantage of the cumbersome and detailed process of setting it up.
In order to fathom the concept (ala Vista), one has to alter their thinking about how they use the computer and seperate "inside" from "outside".
In the common day to day use of XP, we often fail to establish a distinct boundary between what we do "inside" the system vs. our routine and regular connections "outside" the system, the deep dark holes where the trouble comes from. It is all too easy to blend the two into one routine function.
We all have our collection of bookmarks, links and functions which connect us to the "outside" online world.
As educated users, we all practice "Safe Computing" habits and know how to avoid most of the potholes in the www.
We run numerous security programs, AV, mail screening and other measures to protect us.
Yet, how often do we go in search of things doing some research or shopping where we bring up a Google list many pages deep in unknown links to unknown sites where we start dancing through the web into unknown territory?
Despite our "know better" Safe Computing knowledge and our arsenal of defenses, we chuck it all in pursuit of the quest and start tripping through the darker side of the web where one wrong click can take us off a cliff.
I will bet that none of us here, being seasoned and well educated Safe Computing users, have set up any kind of restricted user logon just for that purpose.
Whether it is inconvenience or just being lazy, we have avoided the major security feature of XP that has been there all the time in favor of all the other measures we use to keep us safe and a total reliance on those "third party" apps to protect us.
Now, here is a collective project for all of us to work on, how to setup and establish a SafeSurfer limited user account for those times when you have to make an excursion into enemy territory.
Let's develop a complete tutorial on setting up a limited user account for this purpose which blocks download and install, resides apart from our other Documents and Settings folders, has limited cache, does not store cookies or passwords, and is highlighted with a higher level of attention from all our other security devices.
Everyone put on your thinking caps and apply all the knowledge of XP you have to creating a secure SafeSurfer user that is as secure as you can get.
1. Create a SafeSurfer user account
a. Restrictions
b. Privledges
(1) exploring XP Permissions and security policy
c. File locations
(1) how to move the user settings to a different location
2. Applying "third party" security apps to specifically scan this user account with higher security
a. Target these files for AV scans
b. Use of plugins and extensions
3. Browser security
a. Limit and flush cache after use
b. Flushing cookies, passwords, MRU after use
c. Browser security settings
d. Adware blocking using the Host list and re-direct
4. Network security
a. Isolating this user from network functions
b. Firewall restrictions on this user
5. Additional security programs
6. Limiting startup programs, menus, applications available to this user
As you start thinking about these various items, you know full well that we routinely do not apply most of them to our "regular" user account as they can be a real PITA for daily use. They can be overly annoying and block us from many of our "regular" tasks. The majority of them would be just too annoying to apply on a constant basis.
But... for those limited times when you intend to go off on a lengthy search or intentionaly prowl the darker side of the web, these added security measures are a must!
These are the times when you want to strap on your six shooter and don your bullet proof vest by switching over to your SafeSurfer limited user account for a cruise in your armored Hummer.
Creating a limited user account is not all that difficult, it's just an annoyance that most of us never bother with.
It takes little space and consumes no resources.
If you start looking at the enhanced security of Vista, what the heck?, we can do most of that already!
Ok gang, let's each start creating a SafeSurfer user account and building up all the security levels as we work through the process!