Teenager-proof a computer

[TechLady]

I'm looking for something that will block all the crap my clients' teenagers install. They (and more often their friends) will install anything willy nilly, and though it certainly gives me a lot of malware removal business, it's insanity.

Does anybody have any experience with this program?

I've tried other things...OpenDNS, Malwarebytes Pro, minor site blocking and a few other restrictions, etc., etc....but these kids will install literally anything so the above isn't much help. I need something that will prevent them from installing FreeMalGame101 with FreeTacos Toolbarz in the first place.

 

[PBComputer]

What about trying Linux? Ubuntu and mint have come along way recently. And would stop a lot of infections.

Another idea would be a program like Microsoft system state, used it in a company hot desk to make a clean system each start up, seemed to keep it clean.

Paul

 

[TechLady]

What about trying Linux? Ubuntu and mint have come along way recently. And would stop a lot of infections.

Another idea would be a program like Microsoft system state, used it in a company hot desk to make a clean system each start up, seemed to keep it clean.

Paul

Yup, tried that route too. The teenagers got so frustrated over not being able to install their usual games and music and crap in Ubuntu that they stopped using it altogether, and simply moved on to trashing other computers in the house.

I don't think that Microsoft tool is available anymore, and I have used a program like it called DeepFreeze for my loaner computers, but it's too much. It won't even let you save documents and it is really for coffeehouse computers.

 

['putertutor]

MS Steady State (I think that's what PBComputer is referring to) works well for this, but only works up until vista. Its not compatible with 7 or above.

Can't you just make them limited accounts? Or remove the windows installer privilege in group policy? If not then Deep Freeze is another option you might want to look into.

EDIT: I have the steady state install file if you want to try it out. But you should be able to disable the windows installer (msiexec.exe) either through group policy or directly in the registry. What os are we talking about?

 

[TechLady]

What os are we talking about?

Windows 7 (sigh...).

 

[DocGreen]

I agree with the limited account method... *should* restrict most of the stuff from being installed without a password. Question is, would the kids be able to get around it by guessing/stealing the password? Disabling the Windows Installer would only help with some of the installs... a lot of them don't use it.

If the problem is bad enough, it might be enough to sell the customer on a refurb laptop for the kids to use so at least they're not screwing up mom & dad's computer.

 

[TechLady]

No...look, these are determined teenagers. Limited accounts are bandaids they rip right off. I am testing the InstallGuard program right now.

 

[ComputerRepairTech]

No...look, these are determined teenagers. Limited accounts are bandaids they rip right off. I am testing the InstallGuard program right now.

Whats the difference. If limited accounts arent working it means they either have the admin password or are tech savvy enough to get around it. Not sure how the software will be stronger in preventing installations.

Edit: a hosts file filled with malware blocks and google chrome with WoT may help a little.

 

[BloodPack]

Maybe not the most helpful or finanically beneficial but how about a good old lesson in how to use a computer. User education should be able to fix this, my sister was a teenager not to long ago and she would get all the smiley face popup viruses and random game viruses as well. But with a few quick tips on what to click and what to avoid she didnt get viruses anymore (at least not the ones from careless downloads).

And if you cant educate the teenagers why not educate the parents, they ultimately are responsible for what there kids are doing. What kind of spoiled brat gets to continually break a computer but just have mommy and daddy pay some dollars to keep fixing it?

 

[Techlogon]

Am I the only one who thinks your client should, well, grow a pair

"they simply moved on to trashing other computers" - so you did your job and successfully 'proofed' the computer but the client can't say no to their own teenagers and let them loose on others? It's like the client asks you to install 5 door locks for better security but then insists on leaving the door open...

Personally I'd raise my concerns tactfully with the client or bail now rather than milk this job - you've already tried the most sensible options but I can't see how this can end well if the client won't take any responsibility. Eventually they're going to realize they have spent a lot of money and don't seem to have achieved anything - guess who they'll blame? (It won't be their precious kids...)

 

['putertutor]

I agree. If the blow past UAC, they will probably blow past whatever. I would recommend telling them they need to be better parents as it is probably outside your pay grade, so to speak.

Have you tried disabling msiexec.exe in the registry? Of course that's a current user hack, so sounds like they'll get past that too?

 

[RedFoxComp]

You would need to upgrade to Pro since this involves group policy settings.

http://www.microsoft.com/en-us/download/details.aspx?id=24373

 

[HFultzjr]

Maybe not the most helpful or finanically beneficial but how about a good old lesson in how to use a computer. User education should be able to fix this, my sister was a teenager not to long ago and she would get all the smiley face popup viruses and random game viruses as well. But with a few quick tips on what to click and what to avoid she didnt get viruses anymore (at least not the ones from careless downloads).

And if you cant educate the teenagers why not educate the parents, they ultimately are responsible for what there kids are doing. What kind of spoiled brat gets to continually break a computer but just have mommy and daddy pay some dollars to keep fixing it?

Ditto!

Stop it at the source.

I have a customer who's son always using LimeWire and screwing up settings.
Dad ask me what I can do to keep from having me fix everything all the time.
Tell him and his son what the issues are and how they came about, how to stop doing them.

Still going back, still fixing, still charging!

Spoiled brat, if daddy can't control him, I'll be more than happy to fix $$$$$.

 

[brandonkick]

Sell the parents a machine for their own usages and set a BIOS password on it. MOST of "these kids" won't be able to get past a BIOS password even if they can bypass user account passwords.

Then let them wreak whatever havoc they want on the machines they are allowed to use. The parents will get tired of paying to have their machines fixed all the time and will stop, because they still have one that they can use.

 

[NETWizz]

Take away their admin rights AND if you must restrict them through the Local Security Policy Object; since, I am presuming they are not in a domain.

Since they are determined, remove USB, CD, Floppy boot via the BIOS and set a BIOS password too and give it to the parent/guardian.

^^^ The above WILL work unless the teen clears the BIOS password, changes the boot order, boots something like KonBoot or OphCrack or similar...

 

[YeOldeStonecat]

Am I the only one who thinks your client should, well, grow a pair

Yeah...by this point,, well...before it got to this point, this would be my next suggestion.

*nix didn't work, have them get something gentler...yet still useful, have them pickup an iMac for the kids. And then setup regular TimeMachine backups that they can roll back to.

 

[mraikes]

I'm looking for something that will block all the crap my clients' teenagers install. They (and more often their friends) will install anything willy nilly, and though it certainly gives me a lot of malware removal business, it's insanity.

Does anybody have any experience with this program?

I've tried other things...OpenDNS, Malwarebytes Pro, minor site blocking and a few other restrictions, etc., etc....but these kids will install literally anything so the above isn't much help. I need something that will prevent them from installing FreeMalGame101 with FreeTacos Toolbarz in the first place.

IMO there's nothing you can do about a determined home user (whether teenager or grey-beard) who wants to install or access bad stuff. There just aren't good fixes to protect users from deliberately harming themselves.

I suggest approaching it from a different angle. The teenager(s) should be paying for your services, not the parents. It's surprising how quickly habits can be modified once it starts affecting the pocketbook.

And once "Teen A" realizes that "Friend B" has just cost them $100 (fill in your price here), Teen A will be much less willing to let Friend B run wild.

And still, as mentioned before, the parents will have to "grow a pair" and keep the teen off the other computers when the teen-computer is down. And if the Teen infects other computers - they pay for them as well.

If the parents are unable or unwilling to hold the teens accountable for their actions, there's nothing you can do. It will just be an escalating game of cat and mouse between you and the teens, with them always winning in the end.

 

[gunslinger]

I suggest approaching it from a different angle. The teenager(s) should be paying for your services, not the parents. It's surprising how quickly habits can be modified once it starts affecting the pocketbook.

And once "Teen A" realizes that "Friend B" has just cost them $100 (fill in your price here), Teen A will be much less willing to let Friend B run wild.

This is almost exactly what I was going to say, you beat me to it. You CANNOT protect people from themselves, but you can make it not worth it to them to do what ever it is they are doing.

And still, as mentioned before, the parents will have to "grow a pair" and keep the teen off the other computers when the teen-computer is down. And if the Teen infects other computers - they pay for them as well.

If the parents are unable or unwilling to hold the teens accountable for their actions, there's nothing you can do. It will just be an escalating game of cat and mouse between you and the teens, with them always winning in the end.

Thank you! Maybe parents should try being parents for a change.

 

[citizensmith]

How about install windows in vm to run in full screen mode on a linux box with snapshot set to discord changes?
or
Put a live pe disk in drive then glue drive shut. Give them a formatted drive with no os so they can store their precious downloads.

With unfetered physical access to system then its gameover for simple lockdown measures. I dont see any problem in taking their cash. If you keep crashing your car the mechanic wont loose sleep over sending you the bill.

 

[NOOB_TECH]

I'm looking for something that will block all the crap my clients' teenagers install. They (and more often their friends) will install anything willy nilly, and though it certainly gives me a lot of malware removal business, it's insanity.

Does anybody have any experience with this program?

I've tried other things...OpenDNS, Malwarebytes Pro, minor site blocking and a few other restrictions, etc., etc....but these kids will install literally anything so the above isn't much help. I need something that will prevent them from installing FreeMalGame101 with FreeTacos Toolbarz in the first place.

So when I volunteered at a nonprofit they used a program called Deep Freeze. This program pretty much managed to prevent the user from installing anything. You can pick what programs you before you install Deep Freeze. Also, you can thaw and install programs. Would this be your best bet? I’m not sure…. but it is a guarantee to stop them from installing stuff.
http://www.faronics.com/products/deep-freeze/standard/

Video on it:
http://www.youtube.com/watch?v=raYLv4Th5vI
You could set them up with sandboxie, or a linux box.