Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I prevent someone from installing random stuff?

Question:

My nonagenarian father loves his Windows 7, 64-bit computer. As he slows down and finds it harder to get out and about, his PC and its connectivity are  his portal to the larger world. The problem is that he’s tempted by every pop-up and/or free application he encounters especially for those that promise to speed up his machine, repair his registry, electrify your internet connection and dramatically improve your system’s performance, so not only is his hard drive full of crapware, but I worry about the security threats that his curiosity invites on to his machine.

I visit him frequently and we spend a lot of time cleaning out these programs. But sure enough, he’s reinstalled the same programs between visits. I’ve lectured him but these explanations have about as much impact on him as his lectures did on me 50-odd years ago. Now, I suppose I could lock down user account control so that he couldn’t install anything, but I think that would be an unacceptable affront to his explorations and his dignity. So, do you have any potential solutions? Ideally, I’d like to remotely manage his system so that he can explore the net and software and I can learn of and correct his frequent misadventures.

I love hearing about people in your father’s situation who have discovered the ways that the internet and technology can open their world. That he’s in his nineties is just awesome.

That being said, I can certainly understand that a little restraint on his part might be appreciated. Let’s talk about some ideas.

Become a Patron of Ask Leo! and go ad-free!

Use a limited-user account

The most effective approach would indeed be to set him up with a limited-user account. This is pretty much the lockdown that you’re reluctant to impose on him. And I understand that, too.

I can’t say what kind of impact it would have on your relationship or how it might frustrate him. But from a technological perspective, user account control and limited user accounts exist for exactly this reason.

Try Linux

I don’t know how tied to Windows he is or how much of a stretch it would be for him to switch, but 99% of all that crapware is for Windows. If all he’s doing is surfing the web and playing with email, Linux might be enough.

If it is, I’d suggest the Mint installation; you could grab a live CD and see how he reacts to it. My guess is that if he really does love Windows 7 that might be a little too much.

Laptop needing diagnosisBackup early and often

Backups are another idea. Reinstalling from a backup gives you a very simple way to reset the clock. It beats cleaning up or uninstalling all of this stuff that has appeared on his machine between visits.

Take a backup image the next time that you have it all cleaned up and just periodically restore to that image. After the restore, if there’s something that is legitimate that you actually do want to have added to the machine, add it, and then take a new image so that you have a new starting point.

Install Malwarebytes

You haven’t mentioned what security software he’s running, but something with a good real-time component might be very appropriate for this kind of thing.

For example, this might be a case for Malwarebytes’ paid product which does do some real-time scanning. It’s actually pretty good at preventing some of the more annoying and malicious software from being installed.

Ultimately, I just have to say that it’s exceptionally difficult to protect users from themselves. It’s unfortunate, but there’s really only so much that you can do.

Remote manage

The one shred of hope that I do have for you revolves around your desire to remote manage. What you might want to do is set up TeamViewer on his machine and yours.

With that, you can remote access the machine. He can see what you’re doing while you’re doing it (if you like), but you can also do things more frequently than your periodic visits. You’d be able to connect to his machine from just about anywhere you have an internet connection and run it as if you were sitting in front of it.

The good news about TeamViewer is that it’s free for personal use. I use it myself. It’s actually very cool; I’ve used it many times to remote access my wife’s computer while I’m out of town to help her with an issue.

Like I said, good on your dad. I’m really thrilled to hear this kind of stuff and I wish you the best of luck.

 

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “How can I prevent someone from installing random stuff?”

  1. You might consider dual-booting Win7 and Mint. Going back and forth has made learning easier for me.
    Also, if his Win7 OS is down, between your visits, he will still have Mint available.

    Reply
  2. Try using Sandboxie. It is free although it has a 5 second buy ‘nag’ screen after one month trial, but it still works normally.
    http://www.sandboxie.com/

    Sandboxie throws a protective border around your browser. Anything installed whist sandboxed is deleted after the browser is closed and will not be installed on the hard drive.
    I use it for all sites of a dodgy nature.
    Dubious email attachments can also be opened safely .
    Please note, bookmarks won’t be saved whilst the browser is sandboxed.
    Jp

    Reply
  3. Toolwiz Timefreeze might be a good option. With it set to “TimeFreeze” he could download/install all he wanted. When you return to “Normal Mode”, it would be back to the way it was before with all the download/install gone. Reset to “TimeFreeze” and he could start all over again. If there was anything that he really wanted to keep, just install it before starting “TimeFreeze” again. Toolwiz TimeFreeze is free. You can learn more about it and get it here http://www.toolwiz.com/products/toolwiz-time-freeze/.

    Reply
  4. I’m looking at allowing the random and unsolicited “Microsoft Tech Support” person access to a honeypot machine I set up just so I can waste more of their time than I did letting them try to convince me to click over to TeamViewer and let them in. Unfortunately I couldn’t let them in at that time since I had none of my computers isolated for the cause.

    I now have a honeypot machine running Win7 and running into a router placed between that machine and the rest of my net. (issuing it’s own DHCP) It can’t see the rest of my net but a blind poke at the IP addresses (198.168.x.x) from its 65.x.x.x (NSA type ip addy) can get to my machines.

    While I’m totally prepared to wipe that drive/system once I am done with them, I was wondering if by going to TeamViewer from a browser inside of Sandboxie would keep them from actually inflicting any harm at all outside of the sandbox.

    Any tips or ideas?
    Mike

    Reply
    • I don’t think that would work, as using TeamViewer would give them full access to your computer. A virtual machine would be safer, but I’d still be very hesitant to let them in. A dedicated machine is really your only safe bet.

      Reply
      • I agree with you about the dedicated machine. Well, almost. I’ve disconnected the regular hard drive and threw in a 40 gig with a fresh Win7 install. Since posting, I’ve pulled out the second router and hooked PTBarnum via a WiFi dongle to the guest account on the DSL router. Can’t even ping the gateway much less anything on the non-guest network. I can however see the data using Wireshark on a laptop. Now I just need to wait until they call again and then try to convince then to call me on the other line “next to my computer”… where I can enable GVoice recording what I hope to be a rather exciting time and give me material to edit together into an educational video showing people that these are not really folks who care about ridding you of viruses, so now, in a corner of my basement, I have PTBarnum connected to the 611aFolsom access point, just waiting for the day. I may try running it all inside a sandbox anyway just to see and/or document the limitations.

        Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.