Shared computer

[{aspiring_to_clarity}]

I have a computer which I share with my boyfriend. His brother sometimes uses it also. That's fine, but I worry that either of them might download stuff that's not safe or make changes I don't want to the computer. None of us are extremely knowledgeable about these issues, but I am certainly thinking about it more than they do.

I've already made my account the admin and set up a seperate user for them to log in under. I am currently using Windows Vista. I have McAfee Internet Security suite. I would also like any tips that pertain to Ubuntu Linux as I am planning to switch soon. I am not even sure they have a feature to set up several users? My questions are:

Can I make it impossible for them to change the preferences as far as internet goes (history, security level, etc.) in Firefox? Can I somehow stop them from using Internet Explorer? I don't have it installed currently, but I wouldn't put it past them to do so because it's familiar.

Can I make it so they cannot download files? Is there an automatic way to determine what files are safe and only allow those?

Do they have the ability to change their own user password? If so, wouldn't that mean I am unable to monitor whether they are doing anything that would harm the computer or change settings I want?

I don't care what they search for on the internet, so I am not looking to block certain sites by keyword or content, just to prevent them changing any of the settings on the computer or downloading dangerous files.

Any help will be appreciated. Maybe you can answer a question I didn't even ask as far as keeping my computer safe and keeping my settings intact.

Maybe I am being too paranoid, you can tell me that too . Thanks!

[Minsc]

If you're going to be using Linux, you don't really have to worry about them screwing up your computer as long as your permissions are set up right(meaning the file permissions). Security in Windows is pretty much a joke although I hear it's better in Vista. (in XP they can either change settings or they can't)

For Linux, they should be fine downloading and running whatever as long as:
-Linux does support multiple accounts. You'll want them to have their own accounts.
-They shouldn't really need write access outside of their home directory(basically any random directory that's meant to be only for their files that you've configured as home, but it's usually in /home/) and with the sticky bit in some temp/var folders(which should already be configured).
-Without write access it's impossible for them to screw anything up but there could still be some data mining attempts. There's no reason to have read access to /etc/passwd and /etc/shadow if it exists since those have your user's passwords in them. Do the same for any other sensitive data. Users also probably shouldn't be able to read each other's home directories or yours.
-If you're really paranoid then you could make thier shell chroot.
-There aren't really any viruses for Linux.
-Make sure you don't let them change which commands grub executes if you use grub to boot.

Anyway, XP security is a joke and they'll probably be able to do whatever they want. I mean, there's even an Administrator account, with no password, that they can use to log in as an admin and basically do whatever. It's completely hidden normally... Now, anyone who boots your computer can pust F8 before they see the Windows loading bar and boot in safe mode, and then log in with the account without any password. To date I have no idea how to actually put a password on it. Never used Vista.

I think IE might force them to log in as an admin before they install it.

Users can change their own password. Not sure what you mean by monitoring them... You could log everything they do with some 3rd party program. Logging in as them from time to time sounds kind of ineffective.

[{aspiring_to_clarity}]

Thanks. I don't mean I want to log everything they do, just somehow be able to see if anything malicious has been downloaded which it seems like I can do from the admin account.

I seriously doubt that they would know about the F8 thing, but thanks for pointing that out. I guess the best thing would just be to make the switch...seems like I'd have much less to be concerned with.

I'll still take any other info about dealing with this stuff in Vista though, just cus it's all very interesting to me and I may still be using it for a while.

Thanks.

[Jennihul]

The now-and-then sharing of computers can be very dangerous. If the feds find child porn on your PC, they aren't going to care that creepy uncle Larry did it when he was here for Thanksgiving. YOU go to jail.

To me, computers are like toothbrushes.

My husband just built a decent one for $288, without a monitor. At that price, they don't need to be shared.

Jennifer

[Danni4343]

Quote:

Originally Posted by {aspiring_to_clarity}

Thanks. I don't mean I want to log everything they do, just somehow be able to see if anything malicious has been downloaded which it seems like I can do from the admin account.

I seriously doubt that they would know about the F8 thing, but thanks for pointing that out. I guess the best thing would just be to make the switch...seems like I'd have much less to be concerned with.

I'll still take any other info about dealing with this stuff in Vista though, just cus it's all very interesting to me and I may still be using it for a while.

Thanks.

I am a xp fan and haven't switched to vista and don't plan to, until SP1. I am assuming there is something similar in vista and xp.

In xp, if you are an Admin, you can go into other user accounts via the C:/user folder. As the second post mentioned, security in XP is a joke. You don't have many features at your disposal. All you can do is change/remove their password or delete their accounts.

[aussieNickuss]

Probably irrelevant for this thread, but maybe something to keep in your mind when it comes times to buy a new computer.

Mac OS X has a really detailed and easy to use parental control system. You can lock a lot of the systems functionality as well as set specific permissions (ie... what software they can use, what websites they can visit, who they can send emails to etc.).

The fact that there are no known viruses, adware or malicious software for the Mac is a bonus, as there is no risk for them to install anything that is no good.

[{aspiring_to_clarity}]

Thanks everyone.

Yeah, when I bought this computer I really wanted a Mac, but it was prohibitively expensive!

The thing is, I've already mentioned being careful about what they download and not going to the kind of sites that tend to have malicious stuff. They are agreed, but the knowledge is just not there for them to be 100% safe. That's why I wanted to reign in the permissions a little.

I am going to read up on some of this further, but I still welcome any suggestions.

Thanks again.

[Rosie]

I'm no computer expert, but I think there's a way to check the sites that people have gone on, even after they've cleared the history.

[Caveman Joe]

Yup - in IE, check index.dat. File locations are noted here:

Deleting Index.dat--What is index.dat? How to delete index.dat file?

Don't download or buy any software for viewing these files. Just open them up in any plain-text editor.

(yup, Internet Explorer is an absolute joke)