What to do about college

Some schools might not allow NAT. I read once that at least one university, Bob Jones, forbids students from running routers and NAT from their dorm rooms, and I would imagine there are a lot more universities with that policy. A software fireall, like Tiny, is OK, but no NAT routers of any kind are allowed in some schools.

Like I said already, check the acceptable usage policy. I do know that some unversities, do not allow them.

Be careful about automatic updates. I have problems on my network of Windows Product Activation having to be run yet again, every time an update is downloaded. Best to get the freeware version of BigFix, and have it alert you to new hotfixes, and then the user install them manually.

itzadreamer pounded out on the keyboard on or about 21-Dec-04 16:41:

A hardware solution, like you mentioning a NAT router, would be the best to go. But where he's on a college network, that's not a possibility. Using Firefox instead of IE is a very good place to start but that only addresses things that harm you from that area. You still should have a firewall/intrusion detection app on the pc itself. There are a number available out there and you should do some looking around and checking them out. I personally use Kerio 4.1.2 which includes an intrusion detection piece that still stays active after the 30 trial. If you go with another firewall which does not have this piece, I have tried Prevx' intrusion program. It's kind of a pain with all it's questions and since I am using Kerio, I have uninstalled it. One other application you should use, along with Spybot, is Spywareblaster. It will actually secure Activex and other items to so that they can not be used improperly. Good luck!

Jeff

One thing, the most important part - get him a cheap NAT Router, like the Linksys BEFSR41 or the BEFSX41. This one thing will save him many headaches at school, it doesn't matter if he stays in the dorms or at a house (the dorms are the worst infection pot in most schools). The router will keep uninvited intruders out of his computer, so that only things he requests will be let in (even if he doesn't know he's requesting them).

FireFox and Thunderbird are great, but make sure his machine is clean before you send him back.

I did a Sorority at a big 10 school earlier this year, only 3 of 40 computers were clean, the ones from the dorms were the worst.

if he's running windows, make sure to set it up to automatically search/download/install new updates... the same with his virus scanning.. have everything scheduled.. i definately agree with the cheap nat router.. viruses can not come in on ports that arnt open.. if the dorm issues public ips, install vnc on the computer (or nat it from the router) so you can hopefully help him out remotely.. the key for people who dont know what they are doing is to have the pc do it for them automatically.. subscribe yourself and him to CERT advisories, that way you know when the latest holes are found..

-k

I've seen a number campus networks where users, unless in a campus building office, have not had any trouble installing one. Most Dorms allow them, and they are about as safe as the user can get.

i dont really like auto install crap either.. if yer brother will actually update it when he is prompted, it would be better.. and for the CERT advisories, it looks like the newsgroup comp.security.announce posts the advisories when they come out..

The problem with user vs auto is that 99% of users have no clue what the update is going to do, and the basic info they provide in the update notification is slim. Most people will just install the update, which just adds a step to the normally automated process.

Ask yourself how many people actually research the updates and understand them.