Should a nasty get past the virus scanner, or if someone downloads something inadvisable this can help with the aftermath.
Next week, The Reg heads into Australia's red centre to perform a Windows XP to Windows 7 upgrade at the Wirliyatjarrayi Learning Centre, a facility in the tiny central Australian town of Willowra. The Learning Centre offers the first publicly accessible internet-connected PCs in the 300-strong town. Willowra is a two-hour …
Whilst this is a very good tool and Faronics are really helpful, I'm not sure if the pricing model is appropriate for this and probably Drive Vaccine would be better.
Note these tools effectively rule out the use of traditional AV software and really you would need to use a cloud-based AV (they rely on a having continually updated signature DB which doesn't go down well on a locked down HDD which after every user session reverts to it's old/non-updated state.
A few years back I used Prevx SafeOnline (now part of Webroot) - basically because your main threats are against user browser sessions and this tool included custom support for banking, social media such as Facebook etc.. Other choices now include Panda Cloud AV Free (not used for real but looks promising) and tools such as Zemana AntiLogger Free.
I would avoid installing a more functional free firewall, such as Comodo or Agnitum Outpost, because these do need configuring and a like more maintenance than the Windows firewall...
Been doing a little more digging, having been reminded of EMET.
Whilst it isn't the same as Deep Freeze etc. it does seem to offer additional protection over and above Windows (XP/7/8) normal/default operation as it forces the use of some security features in Windows, that if correctly deployed may help reduce the impact of undesirable programs.
Good article here: http://krebsonsecurity.com/2013/06/windows-security-101-emet-4-0/#more-20368
Aside: To download the EMET install package you need a Windows system that MS can validate.
Also you will need .NET framework 4.0 for the latest version)
a) If you’re using Firfox, which I’d highly recommend, then add-ons are of course a normal part of its proper functionality. These would include:-
1) Adblock Plus (essential)
2) Speed Dial [FVD] (essential)
Like Opera Speeddial, but better. Will focus the student on using preferred sites.
3) Self-Destructing Cookies (essential)
Has a white list for those you want it to remember, and ditch the rest.
4) Add Bookmark Here (optional)
5) Duplicate This Tab (optional)
Missing from the standard Firefox.
b) SUPERAntiSpyware (free addition)
Has a focus on spyware, but also scans for Trojans, Worms etc. Can be set up to have a resident part, but useful as a stand-alone scan application. Finds spyware that Avast and AVG misses. Also gives the pre-flight option to remove undesirable add-ons and changes to home page etc.
c) TDSSKiller (free)
Originally produced by Kaspersky to find the tdss rootkit virus. Now maintained to find some of the most difficult rootkits. A small stand-alone scan application that even Kaspersky keep semi-covert.
d) TuneUp Utilities (low cost) or similar
Essential resident programme that can be set up to automatically keep the system in good health. Yes you can do most of what it does manually, but given the application there may not be either the time or the expertise available.
e) LibreOffice (agree)
Even if you're using Firefox, some links and stuff will still open in IE because they just do.
So, once you get online head straight for https://adblockplus.org/en/internet-explorer in IE and install it.
You might also want the Tracking Protection Lists
- http://ie.microsoft.com/testdrive/browser/trackingprotectionlists/default.html - get EasyList
Congratulations, you have just made IE into a usable browser.
After that, if you want all-free and for-noobs and to offer some potential as to what's possible, I'd probably install Webmatrix from http://www.microsoft.com/web/ - they can learn something decent and download their own IDEs afterwards if they get the bug.
No firewall mentioned? Are you planning to use the Windows firewall or a free third party one, like you do for the anti-virus?
I use the free version of Comodo on my desktop PC and ZoneAlarm on my laptops and can recommend both. I felt that Comodo used more resources on the low spec laptop where ZoneAlarm didn't have as noticable effect at the time.
The big thing to be aware of when installing the free firewall or AV software is know how to install them without the extra "free" software, the ASK toolbar, etc.
Good point 1Rafayal, although I normally avoid installing Publisher unless the client demands it, because it's file format is highly proprietary and seems to change with every release of Office with each new version having limited or zero support for previous versions...
I suspect that unless you know which version of Office is being supplied, it is wise to have an alternative in the back pocket.
A ssh server should be enough but I don't know about what Windows 7 actually wants in this regard.
The only sensible setup involves the PCs being automatically wiped and restored from some - as far as the users are concerned - read-only device between users. Otherwise, once one of them gets pwned* then they all are.
That device can be updated remotely with the patches etc, because if they can't handle keeping a modern Linux up to date, they sure aren't going to be looking at the numerous sources for updates for a Windows PC.
And next time, you - or whoever else it is - doesn't have to drive two hours there and two hours back.
* We can have the sweepstake on just how quickly that happens another time.
So I know Silverlight has been mentioned but what about Flash, latest .Net, Java JRE/JVM etc. at the low level. Just thinking about all those annoying add-ons etc. you get prompted to install to view web pages, play videos etc. over the web.
At the, higher, apps level have you got a music maker/mixer/recorder in the list? No they may not use it now but music and the aural tradition is very important to the local culture I belive.
AudioGrabber - it might be old, but it's stable and does just what is needed to rip CDs.
AgentRansack - a great way to search for, or in, files without a resource hungry indexing service. One of the few tools other than 7zip and (a restricted) Notepad++ that I routinely deploy on servers.
Picasa - works well on low powered systems and does a good job of all the basic photo manipulations you might need. You don't need to connect it online.
I was thinking along the same lines. It and Flash are of course absolute security nightmares, but I expect in that sort of environment they will be expected. So best to take along offline installers.
Somebody above already mentioned CutePDF, I think its essential for people who don't pay Adobe for software.
I'd add Avidemux, a good basic video editor.
Already mentioned, so + my 1 for ...
Irfanview, Inkscape, Audacity, VLC, Filezilla, ImageBurn, 7-zip, Adblock essential.
Noscript, probably, but can confuse inexperienced users.
A good AV media format converter could be handy. Handbrake ?
MS Office comes with MS Publisher, good for community newsletters, posters etc,etc
If not MS Office then definitely LibreOffice + probably Scribus for DTP
How "powerful" are these m/cs ? Win 7 may be a bit much for them & a lightweight Linux, tricked up to have the standard Win XP desk top features really ought to be considered I think.
When I've tried Avast! in the past, it would popup daily marketing messages in very large dialog boxes. Anyone know if this is still the case? Could be a source of confusion in a learning centre.
Comodo Internet Security is my free go-to now - quieter day-to-day, and covers AV, firewall, and malware.
you have or disk space available on the older PC's, but for remote locations with limited bandwidth, we download, wikipedia and set the browser home page pointing there
Khan Academy Lite https://kalite.learningequality.org/ with an RPi as a server is good for everyone not just the kids.
Probably outside the remit of what you are trying to achieve this visit but for the future?
The software equivalent of taking off and nuking the site from orbit.
In fact you only need to run it for a few seconds to make sure that you are starting with a fresh partition table. This technique has solved problems for me more times then I can count. Virtually impossible for a virus/malware to survive dban. Old machines frequently have partition table strangeness, Hidden partitions, restore partitions etc. I have gotten to the end of a Win7 install with no errors, and found the machine would not boot. Dban, and reinstall and everything is good.
A large quantity of your favourite pain killer.
Upgrading machines speced for XP to Win 7, is going to be a painful experience.
Good on you for doing it.
All that stuff is available for Linux, even antivirus which is shoes for snakes. If you go there you may as well install Linux Genuine Advantage for your activation and license control needs.
Seriously though, if they are that innocent then putting an XP skin on your preferred Linux is the way to go.
If the hardware is on the older side & the machines may have limited resources as a result, would it be worth considering Panda or an alternative free cloud-based antivirus solution? Provided their bandwidth is sufficient to cope, it should leave the PCs with enough resources to run other processes as required.
Looking through the original list and the comments so far and comparing to systems I've built a couple of additions:
1. eReader: Whilst we can debate whether they need Kobo, Kindle etc. an abilitiy to read ePub files will be useful. I use MobiPocket, but there are many to choose from. Be warned that many (eg. Kindle) need to be installed by logging into each individual user account and then installing - they don't seem to handle a general admin install.
2. Touch typing tutor: I've tended to install Rapid Typing Tutor - remember the satellilite link effectively rules out online tools such as the excellent http://www.bbc.co.uk/schools/typing/
3. Password Manager: Whilst these are public machines, it may be handy to use a password manager to retain all those default passwords that permit these systems to access standard resources.
4. iPads/Android etc.: For simplicity just install Collobos Presto on the 'server' system. Whilst not free, it is probably the easiest way to enable iOS to send stuff to Windows printers.
Finally, I recommend giving some thought to the final user environment configuration. Trivia like:
- Tidying up the Windows menu's so the user doesn't get to see entries like "Windows Anytime Upgrade" etc.
- Buttons, such as changing the default setting on the "Shutdown" button to "Logoff".
- Setting the various auto updaters so that user's aren't distracted by them.
- Pinning relevant stuff to the desktop, Menu bar, start menu etc.
Biting the hand that feeds IT © 1998–2019