Pat,
You have my deepest sympathy: there's nothing more frustrating about computers than having a child trash one just by following a link or trying to play an online game.
Adware and spyware has gotten a lot more tenacious and intrusive since it started, and it's an order of magnitude more difficult to remove than a virus. After all, virus writers don't get paid (hmmm ...), and adware vendors do, so they've gotten very good very quickly. Of course, the ad/spyware vendors depend on children to spread their sleezeware, but the damage and wasted time they cause is what an MBA would call an "externality": cleanup is _your_ problem.
The good news is that there is a lot of help available and you've done the most important thing already, which is to admit you need it.
Here's the list I use when I set up a new machine for my SOHO customers. HTH.
- Copy the system partition as soon as the OS and any "office" software has been registered. Since new disk drives typically have at least 20GB of storage, it's a quick and easy precaution. In event of a software meltdown, I simply roll the copy back over the original and they're back in business twenty minutes later. [This is, BTW, an excellent use for the ~2GB drives you have hanging around in your old 486 or can get for free at the recycling center. You can plug the drive in for the backup, and then take it out and put it on a shelf out of harm's reach, thus guarding against both software _and_ hardware failures.]
- If children will have access to the computer, take these precautions:
A. Enable a power-on password to prevent late-night adventures. B. Set a password on the screen saver, and set the timeout to 5 minutes. This keeps the kids out of _your_ account and helps limit damage to your data. C. Warn the user to NEVER use the Administrator account for day-to-day tasks. D. Install the hisecws (or hisecws4) security template, and use it to post a logon warning that all internet usage will be logged. E. Use a group policy to prevent users erasing their history files, and show the owner how to check. F. Install TeaTimer or similar monitoring software to flag attempted registry changes. Of course, the kids always click "yes", but there'll be a log and it'll help to keep the adults out of trouble as well.
- Make sure the owner knows about backup options and the costs of each one: online vs. CD-RW vs. disk, etc. I make sure the user knows that it's a question of "When", not "If", especially with children involved. I emphasize the need for backups just before any family gathering, just in case.
There's another option that you should consider: set aside your old computer for use by the kids, and warn them they if it breaks, they get to keep both pieces and you don't want to hear any whining. I do this with mine, and the one time it got adware on it, I told them I'd get to it in a couple of weeks and in the meantime they could walk to the library or stay after school and use the machines there. It's never happened again.
I know this is locking the barn door, but (especially in your job) it's only a matter of time before something slips past your first line of defense. Next time, the result can be a shrug and a few minutes of copying while you enjoy a coffee break. Sound good?
William Warren
(Filter noise from my address for direct emails)
[TELECOM Digest Editor's Note: It does all sound like good advice. I know that the password on my Administrator account (all my logins and passwords actually) are on autologin. That is to say, I turn on the computer, sit back and wait while it boots up, the 'network user name' and 'network password' boxes are filled in automatically, all the programs which are 'run on start up' such as the atomic clock synchronizer the 'tclockex' program (which provides fancy script and additional features to the Windows clock) starts, Zone Alarm and AVG get started, etc. Sometimes also one or more virus scanning programs run as needed. Then, and only then, do I start doing my thing. And _despite_ the hardware firewall (cable router and modem), the Zone Alarm software firewall, an email 'spam examination program' and other goodies, I still get jumped on now and then.It appears the 'Administrator' profile got trashed by something, which is what caused Internet Explorer to quit operating. I went in the Documents and Settings, renamed that profile to 'Administrator.old', then shut down, powered back up and let Windows build an all new profile for Administrator. The 'ptownson' profile (also an administrator account) worked okay. Now I can be on 'ptownson' or on 'Administrator' and log off that account and switch to the other one which I do sometimes. But for some reason I am unable to switch to the old 'Administrator.old' account to benefit from his files, etc. Apparently just renaming one profile to something else, to force Windows to construct a new profile for who you want to be does not in the process require the old user 'Administrator.old' to come to life any longer. Ergo, things like the Outlook Express mailbox name and address book is now unreachable. I log out of 'ptownson' or 'administrator' and attempt to login in as 'administrator.old' (in order to access his files, etc) but it just won't work. PAT]