Ask HN: How do I protect my parents from the internet?

[throwawaywxc]

I recently came home to find the home PC has been bricked - the boot layer has somehow been corrupted.

This is pretty remarkable given that my dad only uses it watch golf videos and edit some photos in lightroom. He may occasionally indulge in some porn cough.

I figured he'd be relatively safe as I installed an Adblocker and had Norton installed on the device but I did not realise how vulnerable he was until I found out he can't tell the difference between a pop up and a genuine desktop notification. He has even clicked through on a "You have been chosen to win an iPhone 7" link recently - he saw no harm in at least seeing what might happen.

He also likes to download videos from youtube so I taught him how to use youtube-dl but ended up downloading some malware-infected ripper because it had a more convenient UI.

How do I educate someone from such a base level?

What can I put on the PC to protect them? I avoided using scriptblockers as I don't think they are tech savvy enough to work out why a page might not be working.

[Raphmedia]

I am the opposite of most comments here. Don't stupid her away to a mobile device.

We got our mom a computer, a cheap one, and told her to play with it. Break it. Click everywhere.

Soon enough she was playing with windows settings. Soon enough nothing worked. She now knew you can brick computer, she is more careful.

We fixed the computer and she explored the internet. She asked how she could download wallpapers, we introduced her to torrents and file sharing. She got viruses. She learned that you can get virus online and they will delete your hard worked wallpaper collection. She is aware of the dangers of the internet now.

For a while you would download all the free adblockers, anti-virus, etc., she could find and put them on CDs. She learned to clean her own computer.

Right now she is very comfortable with computers and it allows her to have more freedom. She will easily connect with people online, like we do here. I'm certain it has helped her keeping smart.

She even feel out pain now. Whenever one of her neighbours lady has issues with computers they call her.

[falcolas]

This assumes an interest, willingness, and time to learn. For better or worse, not everyone can/wants to become an expert in managing these buggy and vulnerable messes we call general purpose computers.

It's a big investment, an investment many of us don't remember making since it was effectively part of our childhood. That same investment, in a world with special purpose computing devices, has a very low ROI for people who would rather be doing something else.

[ralphc]

It's also assuming you live close enough to your parents that you can go over and physically revive a bricked computer.

[i336_]

I just thought of a bizarre but interesting idea - an i3/i5-capable server motherboard with IPMI, and a rock-solid router running OpenVPN in front of the IPMI port.

Maybe fractionally higher power consumption, and perhaps you'd need a GPU for it, but if both ends have really decent internet, that could very legitimately work.

[pc86]

> a rock-solid router

Make one of these and you'll end up with a lot of money.

[i336_]

Where would be a good place to start? OpenBSD? http://www.skeptech.org/blog/2013/01/13/unscrewed-a-story-ab... Another platform?

It's tricky. You could for example pick seL4, but then you have no router. That could be interpreted as an amazing opportunity to make a new stack, or a feat significantly less interesting and more strenuous than climbing Mt. Everest.

Then on the hardware side, do you pick x86 (complete with firmware that lets you use fallthru to ring -2! \o/), ARM, MIPS, or what? This is a question I've no idea how to answer.

Also, heh, I'm reminded of this:

1. Search Shodan for JAWS/1.0

2. Take one of the results, go to the IP[:port], append "/shell?" and a command, eg "/shell?ls"

3. Try running "whoami"

4. Go back and look at the number of results

5. Visit the IPs normally, and learn that these are DVRs, for security cameras; alternate between dying inside and reattaching your jaw.

[Haegin]

There's got to be money in a service where a company provides your parents with a computer that's set up to be pretty user friendly and safe. If they brick it, the computer is replaced. The company manages the machine so backups are handled and the new machine will be pretty close to whatever they lost wherever possible (in terms of content on the machine). If the hardware gets damaged that'd have to be paid for I guess.

[rthille]

Yeah, Google provides that service and many manufacturers sell the products which make use of it. (chromebooks)

[JTon]

I like this approach. But how did you mitigate the risk of a more serious data compromise like identity theft? Did you wait until she understood the dangers before allowing her to use sensitive logins like banking and email?

[Raphmedia]

Online transactions weren't as safe and ubiquitous back then. She already had a paranoia of entering those informations online and we told her that her instinct was right.

She does some Amazon orders every now and then but that's it.

[soneca]

Good question and good answer through your rhetorical question too. GP approach with your addendum is the way to do this in my opinion.

[PaulKeeble]

It is after all how the rest of us learned. Windows 95 (alpha) was so unreliable you had to reinstall it monthly as it ripped itself apart so you got to know how to reinstall windows and get it setup again. I spent time in the control panel after that because I knew how to start over.

20 years later after countless errors my computer gets reinstalled when Microsoft pushes out a garbage patch or I get new hardware.

[JadeNB]

> It is after all how the rest of us learned.

Thank you for this very important reminder. Everyone has to learn this at some point, and will necessarily start from a position of relative ignorance; the fact that someone hasn't learned it yet doesn't mean that he or she is stupid, and it's wrong to treat it as such. (Not to say that anyone here, particularly the poster, has said or even thinks this; but it's easy to fall into that mindset, at least for me.)

[ShaneOG]

> She asked how she could download wallpapers, we introduced her to torrents and file sharing

But... why?

[Raphmedia]

Ever been to those "super-awesome-hd-wallaper.com" websites? They are FILLED with ads, popups, etc.

Instead, you can safely download one of the top wallpaper torrent package on Pirate Bay and get thousands of good quality wallpapers.

[_v7gu]

I find it a bit ironic that 4chan's /wg/ of all places seems like the safest choice here. Plus, the content is always up-to-date

[amiga-workbench]

wallbase.cc used to be an archive that scraped the various wallpaper boards on the chans, it worked brilliantly with colour searching, tagging and they had a fantastic supply of dual/triple monitor papers.

[Raphmedia]

There's alpha.wallhaven.cc now but it's nowhere as good as wallbase used to be.

[_v7gu]

now that looks like something that can be a nice side-project. Thanks for the great idea!

[jonwachob91]

Or ya know... Google Images...

[dajohnson89]

Is it that hard for you to accept that people use different tools to accomplish the same task?

[CardenB]

It's a little bizarre to introduce someone to torrents when you can use google images. Especially someone who is struggling to grasp computing as a whole.

[totalZero]

That's pretty much how we all learned. Good on your mom!

[WayneBro]

Teaching someone to fish only works when they want to learn. For the vast majority of people who just want to consume the media available on the net, this would be a monumental waste of time.

It's like me trying to fix my own car just for the sake of knowing how to fix my own car. Nope. No thanks. I'll take it to the garage when it's broken.

For most people I would recommend an iPad or a smartphone.

[victorhooi]

I second what some others here are saying - get your parents a Chromebook (or Chromebox if they want a desktop).

I got a Dell Chromebook for my mother.

It's nigh on unbreakable, and is great for non-tech parents. Each tab/app runs in its own sandbox, and it allows them to do the things they want (i.e. browsing).

It automatically updates in the background (none of that Windows update rubbish), it has inbuilt malware block lists (via Chrome Safe Browsing), it's fast, doesn't bog down over time etc.

Even if by some magic they brick it, a simple Powerwash (https://support.google.com/chromebook/answer/183084?hl=en) and 5 minutes later, it will be back to a pristine state, they log in with their Google account, and it pulls down their settings again.

Also, if you want to see the latest and greatest coming in ChromeOS - try the Canary channel =). (But be prepared for rough edges).

Feel free to ask any questions.

[quasse]

My findings have been that old folks (and even some middle aged folks) are still able to be completely bamboozled by popups on Chromebooks.

Those popups that hijack the back button and pop up an alert when you try to close them are enough to get them calling the phone number they see in the window and pulling out their credit card to "have their computer fixed".

[victorhooi]

Yes, it's unfortunate that crooks are pretty creative and will always find a way. I've seen some pretty innovative phishing scams.

However, the Chrome browser uses a Safe Browsing list which blocks many known malware/phishing sites.

https://www.google.com/transparencyreport/safebrowsing/

The list is constantly being updated, both by automated and manual means.

You can also submit bad sites here:

https://safebrowsing.google.com/safebrowsing/report_badware/... https://safebrowsing.google.com/safebrowsing/report_phish/?h...

If you find one that isn't blocked, I'd definitely encourage you to do your bit and submit it.

Firefox also uses the same Safe Browsing service:

https://support.mozilla.org/en-US/kb/how-does-phishing-and-m...

[gruez]

>Each tab/app runs in its own sandbox, and it allows them to do the things they want (i.e. browsing).

doesn't really help when rogue extensions can still do a lot of harm (ie. log passwords)

[victorhooi]

Chrome extensions are installed via the Chrome Web Store - so much like say, the Apple App Store, you'd need to get it past both the automated checks, as well as the manual checks.

To be honest, I've yet to actually see any rogue extensions on the store - have you seen any?

Furthermore, each time you install an extension, you need to explicitly grant it rights to various things. So there's definitely some user attentiveness needed there, just in case.

But if you want to be heavy-handed (and have GSuite and a Chrome management license) - you can actually set it up so they can only install whitelisted Chrome extensions. So you could whitelist all the common ones you think they'd install, and if they want additional ones, they can request them:

https://support.google.com/chrome/a/answer/1375694?hl=en

A lot of corporate/school environments have it setup this way - they whitelist known good ones, and the admin will add more when people request it.

To be honest though, most non-tech savvy parents probably don't need extensions - my mother for one hasn't installed any. The Chrome browser itself covers most of their use-cases.

[BorisMelnik]

just out of curiosity, which model of Dell Chromebook did you get?

[jtnews]

The 11 is solid, but a little thick and chunky. The 13 is one of the nicest laptops I've used. I mean its no MacBook, but for $429 you get 12 hours of battery and a 1920x1080 screen.

[thomaskcr]

Use Deepfreeze or something similar. You'll mark a their documents directory as excluded and then every time they restart their machine it'll be back to the exact state it was in when you first set it up.

You don't want to have to support them using a new OS for the first time - you'll be in for a headache. I use Deepfreeze for anyone who is a "problem user" and most don't even realize they have it if it's set up right.

[protomyth]

We run Deepfreeze in our library and its cut out all of the problems we were having. Very solid product, but a little spendy. We will probably deploy it a bit more widely when we go to Windows 10.

[ZenoArrow]

Maybe I'm being dumb, but couldn't you just lock down the level of user access on the machine?

As another option, assuming you can use Linux, could go down the route of using Tails or another live distro:

https://tails.boum.org/

[protomyth]

Your not being dumb, but....

Locking down the machines is fine if you don't get any privilege exploits that take over the machine. Plus, this puts the machine in a known, good state every time we reboot or have a new user.

Cannot use Linux (I would use PC-BSD given our BSD infrastructure).

[gruez]

>Locking down the machines is fine if you don't get any privilege exploits that take over the machine

but in that case deepfreeze isn't going to save you either.

privilege exploits = SYSTEM access = kernel mode access = ability to bypass deep freeze (by circumventing their IO driver)

[protomyth]

So far it has been one layer too far. plus I don't have to worry about any saves to the HD.

[danieltillett]

What does it cost? The faronics website seems to avoid minor details like pricing.

[thomaskcr]

$45, I believe there are alternatives I just don't really know anything about them.

You're right about their site though, every single time they've changed it the site has looked more scammy/crappy and been harder to get where I need to go. If I hadn't used their product before I would go to that site and immediately leave.

[protomyth]

$45 w/1 year maintenance https://store2.esellerate.net/store/checkout/CustomLayout.as...

[bsenftner]

This is the answer.

[mercer]

Yeah, I didn't even know this existed!

I still think that the second-best answer is to get a tablet or phablet. My grandmother has mostly switched to an iPad and the vast majority of real problems disappeared. There's the occasional 'how I do get photo <x> to target <y>', but nothing serious.

Feels a bit like defeat though.

[mabbo]

It's been around a long time- I'm 30 and my friends and I spent time trying to figure out ways around it in high school. (My little brother and his friends eventually did- they acquired the admin password).

[faitswulff]

I was really hoping for a discussion on how to keep parents from watching videos about the healing properties of crystals and government chemtrail conspiracies...

...but to answer your question perhaps you can get your parents a Chromebook? I'm not sure what photo editing options exist on the platform, but hopefully it's an obscure enough platform to avoid the majority of malware.

[Chromozon]

Related. Conspiracy theory websites are also very dangerous places to browse. My grandfather loves conspiracy theories, mostly the ones related to free energy machines, and he told me some sites that he went to. I was curious so I visited a few of them (using Firefox + AdBlock). This was the first time I actually got a virus just by browsing a site. It used an exploit that bypassed the browser download popup security mechanism, and it just installed itself. I legitimately got owned, and I was pissed because that just does not happen to me. Now I understand why my grandfather's computer is unusable nowadays.

[cheiVia0]

I hope you reported the vulnerability to Mozilla.

[dsego]

Why would people lie on the internet? - my mom

[Someone1234]

Chromebooks cannot print.

Everyone loves to recommend Chromebooks to older/less digitally literate people, and they're right to do so in most situations. However Chromebooks have one huge downside that makes them non-starters for some of that demographic: Printing is a no-go.

And don't tell me about "Google Cloud Print." Cloud Printing requires a PC or Mac connected to the printer and a copy of the Chrome browser running. In this scenario we're trying to replace a PC or Mac, not add to them, so Google Cloud Print is a non-starter.

Ultimately people who quickly jump on the Chromebook recommendation need to find out first if printing, even rarely, is a requirement. For a lot of people I've tried to move over to a Chromebook, it has been the single thing that killed the entire project.

Printing in general is a huge hole in Chromebook's offering.

[jdietrich]

>And don't tell me about "Google Cloud Print." Cloud Printing requires a PC or Mac connected to the printer and a copy of the Chrome browser running. In this scenario we're trying to replace a PC or Mac, not add to them, so Google Cloud Print is a non-starter.

There are a huge number of affordable wifi-enabled printers that support Google Cloud Print. Replacing your existing printer isn't ideal, but it's not a total dealbreaker.

[colanderman]

My mom has one of those, a Brother model that loudly proclaims it supports Google Cloud Print. Doesn't work with her Chromebook at all.

(Unfortunately we bought it well before she owned a Chromebook so returning is not an option.)

[hawski]

There is API for printers on ChromeOS - printerProvider. There are some apps that use it, maybe something will work for you:

https://chrome.google.com/webstore/detail/ipp-cups-printing-...

https://chrome.google.com/webstore/detail/wifi-printer-drive...

[tpoindex]

I used the IPP / CUPS extension for a while, but now use the HP Print for Chrome application. Obviously this is an HP-only printer solution, but seems to work a little better for me. I had to route IPP / CUPS through my Linux home server running cupsd. The HP Print application prints directly to the printer, one less thing to go wrong.

https://chrome.google.com/webstore/detail/hp-print-for-chrom...

[colanderman]

Thank you for those suggestions, I will try them.

[voxic11]

I have a brother printer with cloudprint. It's my favorite printing experience bar none (there is however that creepy part where you send all your documents to google...) but it definitely works with my Samsung chromebook.

[dragonwriter]

> And don't tell me about "Google Cloud Print." Cloud Printing requires a PC or Mac connected to the printer and a copy of the Chrome browser running.

You are mistaken. While that's an option, the primary option is to use a printer that directly supports Google cloud print.

https://www.google.com/cloudprint/learn/printers.html

[PascLeRasc]

Chromebook ($200)+ wifi printer ($50) is still cheaper and smoother than a workable Windows laptop.

[vortico]

$200 Windows laptops exist and work perfectly fine, having the same specs as the Chromebooks.

[nameless912]

A 200 dollar windows laptop with the same specs as a chromebook will be pathetically slow.

[vortico]

Since the kernel is Linux, can you access USB devices in /dev/? In theory you could design a userspace generic driver which just sends Postscript to printers. Advanced features wouldn't be supported, but basic PDF printing would work. So it might be technically feasible to print from ChromeOS---someone would just have to build a friendly wrapper around it.

[spikej]

Well, a cloud-ready printer would solve that issue... One hurdle I've faced is lack of things like Skype. OP mentioned lightroom. Sometimes, the alternatives are not good enough, or not user-friendly enough for parents who insist on say Skype instead of hangouts

[jdietrich]

Some Chromebooks now support Android apps, with more to come over the next year.

https://www.chromium.org/chromium-os/chrome-os-systems-suppo...

[mundo]

I just switched my mom from Skype to talky.io and I'm never going back. Try it out (or any of the million other free webrtc sites)!

[kleigenfreude]

You don't have to run Chrome OS. You can install Elementary or another Linux distro.

[vortico]

Well, that defeats the point of making an easy sandboxed OS for elders.

[user5994461]

> Chromebooks cannot print.

+1. I can vouch for that.

Source: We bought 5 chromebooks to trial at our company.

[theandrewbailey]

tldr: Linux.

I had more or less the same issue (except things still booted) with my parents about 5 or 6 years ago. In a move I thought was insane, I put them on Xubuntu. I moved them to Mint for a while, but they are back to Xubuntu. It's my preferred distro, and the Ubuntu base (for good support) and XFCE (Windows familiarity) made me comfortable it was Mom and Dad proof. Aside from showing them where things are, there have been zero problems. Turns out that Linux is just as good for email, web browsing, Youtube, and solitare.

I haven't used Lightroom, but how does (say) RawTherapee compare?

[uabstraction]

Darktable is where it's at. I also haven't used Lightroom for more than 5 minutes, but Darktable covers all my RAW developing needs. If you're not shooting for money, it should suffice. (If you ARE shooting professionally, it might(?) fall short, but I only shoot for myself.)

[lucaspiller]

This is what I did. Originally my parents were on Xubuntu, then I gave them an old Mac a few years ago, and now they are back on Linux Mint. My dad had no issues switching from iPhoto to Shotwell.

[DanielleMolloy]

I had a set up of my old computer with xubuntu for my mum for 1.5 years and had to learn that Linux is just not stable enough in the long run if installed for a novice user or as a "parent PC". Don't be naive here; even automatic updates will too often either break something or confuse users unfamiliar with computers. And you will need to be around to fix it or they won't be able to use that computer anymore.

I ended up buying her a second-hand MacMini for 110€ more than 2 years ago. Old enough that it still was a PowerPC version. It still works very well, never needed to fix something, it is fast enough for her use cases (e-mail, digital camera, some internet surfing), and she loves it. If things get messed up on OS X they do that in a "user friendly" way, and she (before being mostly annoyed by computers) has started to become quite proud if she can fix such minor issues by herself, or with only little guidance. I'd say she acquired some general computer literacy through using OS X, but not through using either Linux or Windows. She now likes Steve Jobs.

[dsr_]

My father has now been through two laptops and a NUC running Debian, with me supporting him remotely. 12 years now? He's much happier than my mother is with her Windows hardware.

[noufalibrahim]

Same here. I bought a computer for my folks in around 2009 and installed Ubuntu on it. Some youtube and other tube sites, gnome-games, look at some photos off a camera/phone. That's almost all of what they need it for. The computers been running just fine for almost a decade now.

[Piskvorrr]

This. I have an order of magnitude more issues with Windows (8.1, GWX, Anniversary Edition, oy vey!) than with Lubuntu (I support the same number of both box types for family). To wit, I'm typing this while restoring a WinX box to a point pre-Anniversary: Windows has become more of a bother than it's worth, sometime around Win8.

[psibi]

Same here. My dad has been using Ubuntu for more than 5 years now.

[pmlnr]

Same here.

Give them a Mint with MATE or XFCE; closer to Windows XP than anything else out there. Ublock + Chrome, make sure unattended upgrades are running and they are good to go.

You may want to add a dyndns entry and an ssh running with key-only auth, just in case you need to fix anything remotely for them.

[jlarocco]

RawTherapee and the other Linux RAW software can't hold a candle to Lightroom. I don't even like Lightroom, but the Linux RAW editors are just not very good.

My advice to the OP is to tell them to buy a Mac, get Apple Care and let Apple Genius Bar deal with it.

[type0]

> RawTherapee and the other Linux RAW software can't hold a candle to Lightroom.

This is just plain false. I used AfterShot Pro and I think it's better than Lightroom. The only reason that I switched back to Darktable is because I don't want to locked in the proprietary software.

[davio]

After my mom got scammed online, I had "the talk" with my parents and we agreed that they would just use iPads and iPhones.

I've had no tech support calls for a couple of years now.

I think a chromebook is a good option if a keyboard is required.

It's a losing battle at this point. Your time is better spent educating them against social engineering attacks (I'm still afraid my mom is going to return a call to the voicemail the "IRS" left)

[knz]

> It's a losing battle at this point. Your time is better spent educating them against social engineering attacks (I'm still afraid my mom is going to return a call to the voicemail the "IRS" left)

The "This is Microsoft calling..." scams are even worse. Many older people have very little understanding of what is actually installed on their computer and what the various pieces do. My mother in law has fallen for the fake AV popup advert multiple times this year.

[ben_jones]

To go into detail, you'll get a call from "Microsoft", generally with a foreign accent, and they'll have you sit at your computer, screen share, and give them root access. Then they'll do some powershell command that makes scary messages flash on the screen and have you buy whatever plan in order for them to "clean" it. Usually a couple hundred bucks.

My deeper fear is that they rooted my dad's machine and have been up to nefarious stuff ever since, but i'll never know. He won't let me touch it.

Oh and the IRS is now contracting private debt collectors, so there may now be "legitimate" calls regarding the IRS....

[baby]

Story time:

My father complained of virus and malwares on his computer.

I came home, formatted his hard drive and re-installed windows.

I go to eat lunch with my mother in the kitchen, a few minutes later I hear "[baby], I have a virus on my computer!". WHAT?

The first thing he did was to google for "chrome" on internet explorer and use the first result. The first result is a google ads for a malware containing chrome. Had to reformat his computer one more time. I think that's the moment where he got it.

[antisthenes]

This might be the best argument for using an adblocker indiscriminately.

For whatever reason, the web got to this point where non-technical people get infected within minutes, whatever advertising revenue is lost by content creators isn't worth my headaches providing tech support to family members and friends.

[imadfy]

It's truly pathetic that Google is selling ads that respond to a search for "Chrome" with malware.

[andrewf]

to google for "chrome" on internet explorer

Is google being used as a generic verb here, in relation to Internet Explorer's default search engine?

[totalZero]

I prefer to bing things on duckduckgo.

[chipperyman573]

Bing is selling ads for "Chrome" searches, not Google. IE/Edge default to Bing.

[baby]

(for the story my father used google.com to search for "chrome")

[nickcw]

How about a Chromebook?

Cheap, keeps itself up to date, fully cloud based.

It wouldn't tick the Lightroom box but it does the internet based stuff extremely well with low maintenance.

[jrockway]

I got my mom a Chromebook. It's the most successful computing experience so far, but I was quite surprised by a few things.

She didn't realize that the password to log in to your computer was the sync'd to her Google password. So she would type some random password 5 times, until the Chromebook said "use your Google password to reset your Chromebook password", and would then log in with that. Every single time.

Some website managed to convince her to switch to developer mode to install a non-web-store extension that overwrites the new tab page and search functionality with ads. Chrome is a little more aggressive about not letting you change the New Tab page these days, asking you occasionally if you still want the extension to control it (even for the new tab page I use, an extension from Google).

But despite that, she got a lot out of the computer, so overall it worked quite well. And we fixed those two issues, so I don't think there are any problems now.

[jff]

> Some website managed to convince her to switch to developer mode to install a non-web-store extension that overwrites the new tab page and search functionality with ads

I'm not even mad, I'm honestly impressed both that your mom went to such lengths and that a website managed to convince a layperson to do such a thing.

[victorhooi]

Wow, that is some seriously impressive social engineering...lol. And some determination from your mother =).

I assume this wasn't a device where she had to open the case and short out some jumpers to enable Developer Mode? =)

[i336_]

Is it really harder to change the new tab page in Chrome OS anymore? Wow.

[jlgaddis]

I wanted a completely blank, empty new tab page, nothing on it whatsoever.

I had to create my own "extension" and load it up in developer mode to get the exact functionality I wanted (an empty page).

[i336_]

Ah, gotcha. That's not the absolute end of the world.

I've been using https://chrome.google.com/webstore/detail/jonikckfpolfcdcgdf... (on standard Linux) for ages myself.

[matwood]

I literally bought my wife's parents a Chromebook yesterday. Their really old computer finally bit the dust, and when I asked them what they did on the computer it was all very simple stuff around the internet. Maps, web, email, and pictures.

Lightroom to me means the user is in the more advanced category. I'm routinely amazed at what Google photos does without any input (tagging, grouping, enhancing), and if I want to tweak pics Snapseed works really well. The only time I startup LR now is if I pull the DSLR out.

[GeneticGenesis]

I do this for my family these days, virtually zero maintainance.

Biggest word of warning though is that Google are totally happy to change things with no warning or how or why, which can be very confusing.

For example, they stopped a direct route to import photos from an SD card or alike to google photos. No automated replacement workflow.

[spikej]

That's the biggest concern: being able to use the interface the way you have for ages without having to RE-familiarize yourself. This seems to be a harder hurdle for non-technical older folks. The gmail app interface changing every so often on android tablet would cause parents so much confusion that I finally replaced the tablet with a linux laptop with thunderbird

[breatheoften]

I think we are doing a disservice if we restrict this question to only refer to the standard malware/technological attacks. The real space for risk to our parents goes beyond damage to the computer or identity theft. There's some seriously weird content on the internet -- and some seriously strange ways it can interact with our parents aging brains.

I had an "oh shit" moment when my mom described a website that added automated popups over a text editor field -- as she typed it would periodically throw up a pop up with encouraging commentary and editing advice "good idea, can you elaborate" etc -- and it took her a long time to realize that the intellectual/emotional support she was feeling wasn't actually coming from anywhere ... she also got severely addicted to the political campaigns and facebook -- and ended up with a news feed that absolutely barraged her with a constant stream of fake political news stories ... got her down from her 4-6 hours per day of internet usage but it was so fast -- really scary stuff.

[bsenftner]

In this respect, the FTC has failed 100% in their mission. Normal, non-tech consumers cannot use the Internet without falling prey to the outlaw landscape that is the WWW.

I think you need to explain to them that the Internet is too much like the Wild West, and they need to stick to trusted web sites, as their "sight" is not tuned to see the dangers. Leaving them too scared to randomly surf might not be a bad thing, in this situation. I have the same type of situation with my 85 year old mother. She is somewhat tech savvy, but not enough. Her browser has every possible 3rd party toolbar, no matter how much I educate her on the situation...

[Florin_Andrei]

> He has even clicked through on a "You have been chosen to win an iPhone 7" link recently - he saw no harm in at least seeing what might happen.

Show him one of those videos with deep-sea fish that use a luminescent lure to eat smaller fish. The pop-up is the lure. The small fish is him. The Internet is like the deep sea, and it's full of lures like that.

One simple criterion I give non-technical people: if it's unsolicited, it's hostile. End of story. No exceptions.

[peterwwillis]

Plus these:

* If it sounds too good to be true, it is.

* If anything related to it says Nigeria, run screaming.

* Nothing is free and you will never win anything.

* Never enter your social security number at any time for anything.

* Surfing the Internet is like walking down a back alley in Hong Kong. They claim to have everything, but you probably aren't going to like it when you get it.

* Illegal software and marginally legitimate sites are breeding grounds for viruses.

* Even if it seems legitimate, make sure it comes from a source you have heard of.

* Always check the URL bar. Just because the website looks like Paypal doesn't mean it is Paypal.

* Get on all of the 2nd factor auth.

* Never download anything.

* Never run anything.

* Learn to close windows without clicking on anything (Alt+F4 or similar)

* If you enter your credit card anywhere, just assume that number is now compromised.

[nitrogen]

Learn to close windows without clicking on anything (Alt+F4 or similar)

One has to be careful with this one; this can get you auto-upgraded to Win10, which not everybody wants.

[reitanqild]

This sysadmin/programmer enjoy Windows 10.

Finally I can have multiple desktops on a stock Windows PC.

[drdaeman]

> says Nigeria

After a recent review of my spam folder (totally biased and subjective) I believe the princes are actively exploring another castles. Saw UAE sheikhs (surely, having the same last name as mine - proves the email's totally legit!) and even Russian billionaires in UK, all asking for my help to unlock transfer of a few bajillion dollars. ;) So, I don't think this recipe works reliably here.

(Guess, normal Nigerians must be really upset by 419 scammers.)

[nickpsecurity]

"if it's unsolicited, it's hostile."

I like that. It's simpler than what I was saying. Should be true vast majority of the time. Only modification I'd make is explaining updates, which ones to trust, and to ignore any of "updates/upgrades" that pop up in the web pages.

[rwhitman]

My mom has had various Windows PCs since the late 90's. About every 3 to 6 months or so I get a call that it's "stopped working" and has either locked up completely or is moving at a crawl.

Nearly every time it takes me hours if not days to do a bunch of scans, install updates and purge whatever garbage has been installed by various malware that she's somehow managed to find. I've done more than a few clean wipes, bought her new machines and yet still she figures out how to kill it again. Most of the time it's caused by her playing some silly online puzzle game, or clicking a link in an email or some sort of fake notification... or AOL, which she refuses to ditch even though it's a huge vector.

It's been decades and she still hasn't learned how to avoid this stuff correctly. I've tried every malware scanner & notification software on the market, and each one of them is eventually bypassed by clever malware or in some cases like AVG or Norton, BECOMES the friggin problem.

Basically, my conclusion is if your parent has a problem like this the only solution is refuse to help them anymore if they insist on using Windows as their primary web device and make them get a Mac and/or an iPad, maybe a Chromebook as others suggested. Then get rid of the Windows PC or simply tell them not to use it for anything other than printing / scanning etc. There is no winning otherwise. Windows for some folks is just plain bad news

[daddykotex]

I'm genuinely not sure this is a Windows problem. They might get infected on pretty much any OS if they navigate anywhere without precautions (as most parents do, including mine).

I'd like to see if a something like DeepFreeze could help here (there are probably alternatives here, DeepFreeze just came first in my mind).

[chadgeidel]

It's absolutely not a Windows problem, my dad managed to click through some "malware" (i didn't see it, but i'm thinking it was a cleverly crafted web page) and give his credit card to someone... on his iPad.

[ben_jones]

You should try to automate that? Maybe auto-backup anything important and just have the ability to re-image remotely?

[fredgrott]

or if they use MS Windows make them switch browsers to Google's Chrome

[rwhitman]

OMG, that's what I thought too! But no, no, no. Chrome became her BIGGEST vector for malware! She was installing Chrome plugins, and they in turn installed a modded copy of Chromium with all kinds of toolbars and spyware, which set itself as the default. Chrome became a total disaster, worse than IE ever was. I think recent security patches have helped a bit though

[i336_]

Wow. This kind of thing is not particularly easy to google for - know anywhere I might be able to find out more about this?

[techload]

I see this all the time with client's computers that I must clean.

[i336_]

Huh.

I never really thought of the practical ramifications of a fully open-source browser...

Although now I'm wondering what API keys they compiled Chromium with. :v

[bpc9]

An interesting question. I haven't had to do any of this for my folks, but i'd probably do something like the following:

-Setup a network and computers that I can admin remotely. Probably Ubiquiti Unifi gear (great wifi APs, powerful router with DPI / firewall, where I have admin access from my Unifi Controller install. Then I could handle all network troubleshooting remotely, unless their ISP is down or hardware has physically failed (unlikely with the ubiquiti gear)

-Look at something like OpenDNS personal configured on the gateway to help protect against malicious stuff in browser

-Set up any Desktop PC to run a hypervisor, and keep the OS they use as a VM that I could access and administer remotely, and that I could quickly reset to a known-working state.

-Have them use gdrive / dropbox / onedrive to keep documents backed up and accessible across machines

-For laptop / portable, see if I could get them to use chromebooks, or I'd need to replicate the VM setup from the desktop PCs

[Zyst]

Linux machine, subscribe to more adblocker malware prevention lists - my mother's laptop has more ticks on the adblock subscription lists than squares - and in case of my father an awkward conversation where I told him a list of safe porn sites.

[throwawaywxc]

This sounds very useful - do you mind giving some more flavour? What exactly did you implement?

[sathishvj]

I faced similar challenges with my mom, especially since she lives in a different state. She confessed though that she would only ask me. And I'm able to help because I'm in the tech field. I realized that all her neighbors and my other relatives, and parents of my friends & acquaintances, and millions of others would have absolutely no way to get help and protect themselves against online scams and threats.

So I started a free service http://www.littlecaution.org/ where I do talks and seminars about remaining safe online. Since it's just me on my personal time for now doing the workshops, growth and reach is slow. But I continue to work on it.

My belief is that using the right tools is of great importance but raising awareness is a bigger need. All the best tools are no match against human fallibility. So in these talks, the direction I take is about knowing the issues, being aware, and then followed by using the right tools.

[walrus01]

give them a desktop that is basically xubuntu amd64 (xfce4 desktop on xorg) + firefox + chrome, and then install all of the best adblock extensions in both browsers. Even the most clueless parents can't successfully download and run windows binary malware/ransomeware/viruses on that.

the xfce4 GUI is close enough to traditional windows98/windows2000/winXP models that most older non technical users have no problem with it.

the best thing for non technical users/older users/ignorant users is to give them the closest approximation to a thin terminal web browser, whether it is a linux desktop or a chromebook type thing.

[xd1936]

That eliminates Lightroom support, however.

[Diederich]

https://appdb.winehq.org/objectManager.php?sClass=applicatio... shows it as 'gold' for the currently highest 32 bit version.

[contingencies]

Darktable is pretty good these days.

[raverbashing]

This would be my suggestion as well

Also might be useful to get a hosts file mapping bad domains to localhost

[xd1936]

Or block them at the DNS level for the whole network with something like Pihole[1]

[1] https://github.com/pi-hole/pi-hole

[walrus01]

opendns

[raverbashing]

Yes, but you want that configured outside of the machine preferably (and maybe block other DNS servers)

[johngalt]

Here are your options:

Revoke local admin privileges. It will stop a lot of the click-click to install bullshit, but it also means you will get a lot of calls about "access denied" whenever they want to update an app that needs admin rights. Give them an admin account to install/update software separate from their normal account.

Simplify the device by going tablet/chromebook. Probably means you will get a lot of questions regarding how to use/setup the new OS.

Shorten the loop on backup/rebuild and let them hit the iceberg. Good backups and fast imaging with drivers pre-loaded can make cleanup a lot easier/faster.

[paullth]

In addition to the stuff you mentioned, for my mother in law I:

removed her user's admin privileges

install flashblock - one of the ones where you have to click on the video to make it run

spent a long time explaining that you will never be chosen to win something, MS support never rings you to tell you have a virus, if something takes over the whole screen and tells you anything suspicious/implausible to press alt+f4

convinced her free music isnt worth the risk of downloading something that trashes the machine. installed spotify

[tbyehl]

1) No local Admin rights.

2) Chrome + uBlock Origin w/ Malware filters.

3) Sophos Home[1] which has the bonus feature of being cloud-managed and not providing any control to the local interactive user.

4) Sophos XG Firewall Home Edition[2] on whatever $100-ish hardware the pFense crowd is currently in love with. Web filtering for Advertising and Threats, AV scanning.

5) Backups!

[1] https://www.sophos.com/lp/sophos-home.aspx [2] https://www.sophos.com/en-us/products/free-tools/sophos-xg-f...

[clentaminator]

It makes me smile that while proponents of censorship and blocking of parts of the Internet use the "Think of the children!" argument, I never hear anyone shouting "Think of the adults!"

Of course, in this case we're trying to protect people from themselves rather than the outside world, but still...

[philip1209]

Have you considered using OpenDNS? They used to focus just on protecting family members from internet threats, and it's still a great (paid) product for that:

https://www.opendns.com/home-internet-security/

[spikej]

Or private internet access VPN (https://www.privateinternetaccess.com/blog/2016/07/pia-adds-...)

[davidgerard]

A Mac. If you live with him, Ubuntu.

If there's that Just One Piece of Windows software he needs, do try it in Wine - Wine works more often than not these days.

I never did viscerally understand how literally 25% of Windows XP installations could be botnet members until I saw my sister's computer in 2010. Oh my goodness. The disk was full because they never emptied the rubbish bin. And I don't think there's ever been a piece of crapware that my brother-in-law didn't download to try. The only thing saving them was that they were still on dialup. They're on broadband now (it turns out the killer use case for videophones is our mother Skypeing her grandchildren), and I shudder to think what it's like. Normal people do not use computers like we do.

[webwanderings]

Chromebook.

I bought the cheap one (Lenovo) sometime ago. It has a good battery life, very lightweight and compact. I have seen the same being used by many people (in the same category). It is the most trouble free and productive piece of material there is. Ignore all these security software and Linux etc. Just hookup uBlock and Ghostery into the user's Google Chrome account and you're done.

[djaychela]

Very similar here. Got a Chromebase for my Mum (77) who has previously had an original iMac (she loved) and a Windows 7 PC (which she tolerated). Both iMac and PC had issues, and I'd often have to fix stuff. There was a bit of a learning curve for her (cloud print is a mystery to her, not helped by it breaking about 2 weeks in and needing a powerwash to sort that), and she couldn't have Skype on it which was the one initial sticking point, but since her getting going with it I've not had any issues.

Indeed, a couple of weeks ago when she thought she'd killed it because she'd fallen for clickbait that then said she had viruses on the computer, she was pleasantly surprised that powering it up again showed it was fine. For the £220 it cost, it was money well spent - she can do what she needs/wants to online without issues, and TBH I think that a LOT of "normal computer use" people would be better off with one rather than the PC they think they need (usually when asked it turns out that internet and email with the odd bit of word processing and printing is what people do).

[RankingMember]

While I'm loathe to recommend a walled garden solution and not a particularly big Apple fan, this is exactly where such a solution shines. An iPad is perfect for this situation.

[mercer]

I feel conflicted about such advice too... but honestly I've resorted to using my iPad for stuff like streaming video just because it's safer out of the box. I figure if I'm doing that, I might as well suggest others do the same.

[akerro]

Install them Ubuntu, KDE Neon or Mint. Works for my parents since... I dropped Windows XP.

[reacweb]

Idem for me. I have installed Ubuntu-gnome. sshd, wine and powerpoint viewer are the main customization. When the computer is started, I receive a SMS so that I can perform updates or backups.

[akerro]

I did similar. PC has static IP in LAN, there is raspberry pi with duckdns and ssh waiting for me. I just login on rpi, then ssh to parents PC and do what I need. I can do updates, remove files, monitor activity and all other things, easily, for free. It's Ubuntu, they don't have sudo/root password so can't break anything, ever.

[thght]

A virtual machine might be a solution, just leave it full screen for them when you leave home. I've given up trying to educate my parents best practice with pc's, it doesn't seem to work.

[borgchick]

That's what I've always thought, haven't tried it with my parents. Idea is, set up a vm, snap shot it, have their save folder somewhere outside of the VM, and then if they manage to mess up the VM, just restore the snapshot.

Honestly, it is when I am trying to teach my parents how to use computers do I realize how annoying computers are. I mean, some of the simplest things we take for granted are pretty dumb if you have to explain it to someone.

[SimonPStevens]

I think all the people recommending Chromebooks or Linux are entirely missing the point. Those are only viable alternatives within small niche uses for people who literally only use email and facebook. It's the 80/20 fallacy. 80% of the people only use 20% of the features, but for each person in that 80% they use a slightly different 20% subset. It's the same here. Most people only use a very small subset of the internet, and most things they do would work fine on a Chromebook, but each of them has that one thing they just can't live without that only works on Windows.

I have this exact problem with several family members PCs who come to me regularly with messed up machines.

It's not just old people either. One problem person for me is a 10 year old who always insists that all he downloaded was just that one minecraft mod and it was definitely a safe mod, honest, because he downloaded found it on google, or he saw stampy using it on youtube, oh and a java update because the mod says it needed it, oh and forge, and optifine, and, and, and... He's loosely tech savvy, but in a way that doesn't make him any safer, he still gets his computer into a mess. He's not going to switch to a Chromebook. No minecraft, and none of the other games his peers are into. (On a related note, the minecraft modding community is one of the most vile den of scam-mongery I've ever had the misfortune to stumble into)

The older people all require MS Word/Excel (And don't tell me LibreOffice is a replacement, it's not even close if you expect file compatibility with other people who use MS products).

Windows only plugins for specific websites, that's another one that is hopefully getting much rarer, but I still do see from time to time.

I've tried setting up restricted accounts and keeping the admin account password secret, but it always eventually has to get given out. Last time it was because their son needed to do submit his homework on the schools website, but the submission processes required a Windows only plugin which needed admin access to install. They were all panicked because I hadn't been answering my phone and his homework was due the next day. After that I gave up and stopped using restricted accounts.

I've tried disk imaging software, but it's typically a lot more work than it's worth with the images quickly getting out of date and needing redoing with new versions constantly.

This is a big big problem that I just don't have a good solution for.

[skybrian]

Even if it doesn't work for everything, a backup computer in the house might still be useful? If you get a Chromebook, they will have a browser to use when the other one gets messed up and you can't fix it right away.

[iamcreasy]

How about a Mac? MS products like Word/Excel runs on macOS. Usually other software/plugin do support macOS.

[rihegher]

You can start with ubuntu that is immune to most of malware and enough if your parents needs are internet + video palying and downloading + office suite

[chejazi]

Maybe replace his pc with an android powered device like http://www.toysrus.com/product/index.jsp?productId=101695486

[GFischer]

Unfortunately Android has its own malware :( and plenty of sites redirect to the Play Store.

I've seen Android phones constantly opening popups.

[greggman]

I am going to answer that pretty much nothing will save your parents from the internet.

While I agree a chromebook won't get owned your parents will still likely get phished. I have no idea how to solve that.

http://blog.greggman.com/blog/getting-phished/

http://blog.greggman.com/blog/how_to_detect_e_mail_scams__ph...

[zupreme]

There are some good suggestions here but I will give you one based on the assumption that your parents won't want to leave the familiarity of Windows.

0) Deny them admin rights to the machine. 1) Create a second profile for each of them 2) Write a quick batch or PowerShell script to copy the contents of their Desktop, Documents, Favorites, Pictures, Music, and Vidoes folders (not the entire profile) from their profile to the second profile you created for each of them. Make sure your script only copies new or changed items (so it runs faster) Store this script outside of either profile. 3) Schedule the script to run every hour on the hour. 4) In the event that they brick their profile with adware, malware, etc, simply login as an administrator, delete the first profile, rename the second profile to whatever the first one was called and then create a backup profile with the same username that the previous backup profile had (so you don't have to edit your script).

Notes: For your script if you are more comfortable with batch scripting then use "Robocopy". If you are more comfortable with PowerShell use "copy-item". I cannot stress enough how important it is that you ONLY copy the folders I mentioned above. If you get lazy and copy the entire profile you will bring over the folders viruses, adware, and malware hide in (like AppData). For the love of God make sure you have up to date antivirus on the machine. That's so basic that I didn't mention it above but I feel compelled to do so here. If you don't want to spend money just install Security Essentials or AVG.

[hayleox]

I'm gonna have to disagree with this one. There are tons of great, battle-tested backup tools out there -- rolling your own solution seems to just be asking for something to go wrong.

[zupreme]

This isn't backup. It's user profile element duplication on the same machine. As long as they are not admins or power users on the system then they can't do much damage outside of their profiles.

Backup is another matter entirely.

[EnderMB]

In my experience, don't. Offer them your best solution for a novice user, which for me is usually an up-to-date machine with an ad blocker, and make sure that you're open for

Ultimately, they're adults, and the last thing your father will want is to be treated like a child on his own machine. If he fucks something up, fix it, and tell him what he can do to not have that issue come up again.

[throwawaywxc]

This is good advice in principle but my parents are from a different world they grew up in a world without fridges, TVs or electronics.

I am all for them learning and making their own mistakes but I know them well enough to know that this wouldn't really work in their case - I know them well enough that ultimately they want something that just works with minimal effort, the stakes are also high in that I don't want them bricking a PC (100s of $) or getting hit by identity fraud.

I'd go mac if my dad didn't hate it so much.

[yathern]

If simply educating them on what not to do (clicking on 'free' stuff, downloading without discretion) won't work, I'd suggest switching out the OS to something a little less targetted by malware. I recently got my mom a chromebook, which she loves. You say your dad uses lightroom though, so that might not work for your use case.

[ChrisNorstrom]

I've got 2 computer-illiterate parents and I can confirm the following works very well:

1) Create a user account in Windows that is NOT an administrator account, that way they can't install things without an admin username and password. The PCs admin account should be password protected.

2) Enable the highest level of windows alerts (those "this program wants to make changes or modifications to this PC, cancel or allow" messages). Teach your parents to always click no/cancel/do not allow.

3) Ad blockers like uBlock. Remove shortcuts to, or uninstall Internet Explorer.

4) Use software like DeepFreeze http://www.faronics.com/products/deep-freeze/standard/ it restores the computer to a snapshot you saved every time you restart it. No matter what they mess up or install or screw up, it'll be fixed with a restart.

[hawski]

I am currently working on experimental Linux distribution for my parents that would be a bit ChromeOS-like.

Ideally for my mom ChromeOS device would be ideal. For my dad it would be not enough as it seems in your case. Maintaining my parents computer is something that always gets back to me. Now I am also living few hours worth of travel from them so it is even less convenient.

Older computer couldn't handle Ubuntu of the time. So always something was not working correctly. Updates on every system are constant source of headaches. My dad got used, but much more powerful machine. I installed Windows 10 for them thinking that Windows is now better and that with perpetual updates it will be out of trouble for me. I installed also Chrome Remote Desktop for service. My dad preferred Linux experience. I hoped that he just needs to get used to it. He was happy with Windows Store for a while, until few of the games he enjoyed playing failed in strange ways. It would not be that bad, but updates on Windows 10 are huge and with 20-30GB free space left after installation it does not update anymore. It only downloads the update, tries to update and fails - on every reboot. My dad bought an external HDD so probably it could be resolved. However he still would like to have Linux in there - old computer was very slow, but it did not fail in such magical ways. For now I plan to install Ubuntu for him and see how it will behave.

For my own learning experience and a bit of enjoyment I started working on my own Linux distribution. The most important thing for me is to have hassle-free updates like on Chromebook. I prepared squashfs image with Firefox and intend to have two partition scheme for rootfs. Updates would be then just download and restart away - completely automatic and in case of failure you would still have previous working image. I could test the image locally and optimize it for fun and profit. For now I base it on Gentoo to build lean system in a similar fashion to ChromeOS build.

[slight EDIT]

[pryelluw]

I bought my dad a chromebook. Problem solved.

[instanton]

I'd recommend you sandbox his favorite browser in sandboxie: http://www.sandboxie.com/ I believe the free version allows you to use one sandbox session.

Run him through the process of recovering downloaded files and you should be a lot safer.

[atmosx]

Here's what worked for me:

1) Install GNU/Linux, most click adds target windows users.

2) Install an ad-blocker at DNS level. I use a custom variation of this: https://pi-hole.net/ (by default logs DNS requests, mind you. You can disable logging though).

3) Spent some time to educate him on what to avoid online

4) Lastly, I have an RPi running on a VPN exit node (actually I have an RPi cluster, but anyway). When I had an openWRT-based router, I had a script which was fetching porn/torrents/etc. IP addresses and adding routes to the router redirecting connections via VPN.

5) A separate guest network with radius accounting can go a long way into securing your network and help control access (I have a radius RPi server but my APs do not support accounting. I felt kinda screwed when I realised)

[zerognowl]

Put your parents on a VPN, great idea, instead of the other way around where I am the sole VPN user and pay more for my Internet connection because surfing without a VPN just feels weird these days. Also five minutes of OSINT on Google tells me I share my ISP-Issued IP with at least 1000 other paying subscribers, whereas a VPN can run into the millions of users, albeit not all using that VPN-Issued IP at the same time.

[atmosx]

Putting everything behind a VPN might a bit too drastic as it might start disrupting services relying o geolocation for fraud detection etc. But at least some traffic, for many reason, it's better to be shipped via vpn.

[namank]

This is a very important conversation for this decade. Do post your solution on HN once you have it.

[Too]

* Set a password on UAC (windows sudo equivalent) and teach him that if the background ever goes black and asks for a password he should be very aware. The default is just a yes/no popup and is very easy to just click yes, even accidentally for tech savy users. For extra protection, don't give him the password.

* Remove the anti virus and tell him that you did so. It just gives a false sense of security and introduces more popups which teaches users to ignore prompts. If he knows it's not there he might be more careful.

* Install ublock origin. It blocks known badware domains and reduces the amount of clutter/ads on almost every web page you browse, making it easier for him to identify weird stuff.

[tikwidd]

I made a really simple UI for youtube-dl in WPF a few weeks ago. It just has a text field for the youtube link, a "download" button and a checkbox for downloading audio only. If you like I can chuck the source and binaries on github.

[SturgeonsLaw]

I'd be interested in this

[whyagaindavid]

You dont need to even buy a new chromebook. Just install cloudready (which is compiled from chromiumOS) for all generic PC/laptops. Many schools are even using this. www.neverware.com/ I am not involved with them. Just a user.

[ben_jones]

Great post. My father is similar to yours, but is also incredibly vehement about his privacy. A few years ago he fell victim to a fake microsoft support scam (foreign accent, cc details over the phone, etc.) and gave them full root access over whatever screen share software they used. He paid a few hundred bucks for them to fix fake problems on the PC, and I could never convince him that it was in fact a scam.

I've since given up completely on locking down the computer or protecting them from themselves in that regard. I occasionally get talked into basic tech support, but thats it.

It's really a relationship problem if anything (IMO).

[perakojotgenije]

Use Linux. If he only uses his computer for browsing the Internet and editing photos linux mint (mate or cinnamon) will do fine. Show him how to use darktable instead of lightroom and that's it. No more problems.

[techload]

I have (had?) one client that every week or the other would come back for a Windows reinstall. Since he only browsed the internet and did not use any particular software, I installed Linux Mint and he never came back! I lost that steady 'revenue' though.

[victorhooi]

Lightroom is on Android now:

http://www.theverge.com/2016/11/9/13577740/adobe-lightroom-a...

If you have a recent Chromebook, they can run Android apps =):

https://support.google.com/chromebook/answer/7021273?hl=en

[aibottle]

A friend of mine once explained to me, that in order to make the internet and computing environments safer we have to stop making things easier but educate the people (e.g. don't put the single-point-of-failure antiviruses on the computers teach people not to trust links/emails/usb/devices but to check the source and acutally think). I think you should educate them on the topic, and help them to learn it.

[pksadiq]

One way would be installing some good GNU/Linux (Mint is good for windows users, or Debian Stretch with GNOME classic mode).

And thus your dad can't install any software he just downloaded from some random website. And the GNOME sofware center is great in Debian Stretch (to be released though, sorry).

create scripts using zenity as a GUI for youtube-dl (and any other command you wish him to run)

Also, I would recommend uBlock to Adblockplus.

[serg_chernata]

There are already good solutions below. The one thing I would add is that this may not be a "silver bullet" kind of problem. I'd throw everything I can into the mix to create layers of protection. Educate them but also add software solutions to the mix.

A small addition, how often do they need to install new software after initial setup? Maybe take away admin privileges?

[throwawaywxc]

Should hardly ever need to - but I am rarely at home so would prefer not to be in a position where any time they need to do something I need to be present.

The only real software he would need at the moment is for photoediting

[namuol]

I installed Ubuntu on my parents' laptop years ago. They didn't notice the difference until they tried to print something.

[konradb]

Not the answer you want but an ipad might limit the damage that can be done. It would remove the need for education.

[throwawaywxc]

Thanks for the reply! This is not at all a bad suggestion - my mum is on an iPad and actually since this happened, I realised that actually she is nowhere near as big a vector as my dad despite the fact that she doesn't know what an app is nor what a browser is.

My dad is more dangerous because he has some some idea of what he has just enough of an idea to know what he is doing but not enough of an idea to actually protect himself. He also despises all Apple products alas...

[dudul]

Is it still true? I would have thought that by gaining popularity Apple devices would become the target of malwares as well.

[palunon]

It's not that easy to break into the walled garden. There are fundamental differences between a iPad and a PC (or a Mac, if the distinction still makes sense).

[sakopov]

I'm sort of in the same boat with my folks who are pretty much computer-illiterate. After wiping malware a few times I ended up simply installing a VM image for them for internet browsing and downloading content. It takes a bit of getting used to but after explaining how to use it it's worked out great.

[Tinned_Tuna]

The best thing I can suggest is regular, invisible backups. Ensure that it's very difficult for them to avoid doing the backups, and make sure that what ever holds the backups is a battle-hardened.

Social engineering is a broad problem right now, and all you can really do is be prepared to pick up the pieces after the fact.

[nxm]

Get them a Chromebook - perfect for their needs and no yearly formatting required from my side

[AlexeyBrin]

You could limit his user rights, make him a Standard user and don't let him install new software.

Also, have a look at how suitable a Chromebook will be for his workflow (simpler to maintain from your perspective and harder to infect).

[type0]

> This is pretty remarkable given that my dad only uses it watch golf videos and edit some photos in lightroom. He may occasionally indulge in some porn cough.

Teach him how to use Linux. He can use Darktable instead of Lightroom.

[peterwwillis]

Linux? Or a Chromebook.

They'll only be able to do like, two things with it, but at least Google has tools that replace most office-type apps. I'm going to say Chromebook is the slower but simpler solution.

[chrsstrm]

I've started remapping certain file types to open with Notepad instead of the default. I covered all the .js variants but does anyone have a more comprehensive list of file types to address?

[Mz]

I will suggest you put together some tutorials on some of the basics. Preferably keep them to one page and include screen shots.

You cannot protect people from their own ignorance.

[knguyen0105]

I have the same problem. For now, I use Firefox + adblock + noscript + public fox (to disable download and exe). Not fool-proof but it's enough

[elchief]

I made myself admin and my dad a regular user so he'd stop installing malware. So he threw out his computer and bought another one...

[colemickens]

I've never seen someone screw up a Chromebook and it takes less than 120 seconds to reset it to scratch and reload your profile.

[shmerl]

May be propose for them to use Linux. It should cope better. No lightroom for it though, but there are other good photo editors.

[vgallur]

If you are stuck on Windows or Mac you can try a program that restores the computer to a safe state on reboot, like Deep Freeze.

[throwawaywxc]

Not a bad idea.

What are your thoughts on file-syncing using DropBox? Solutions have to be easier than breathing - I used to take a regular image of the PC for backup purposes but then my dad would complain he couldn't actually view the files.

[rcamp]

File syncing should not be confused with file backup. You should leverage both as apart of a comprehensive solution.

https://www.us-cert.gov/sites/default/files/publications/dat...

[sandGorgon]

Use Linux. Seriously. I installed Fedora 24 in my dad's PC and I haven't had a support call in 3 years.

[rovr138]

Does he use it?

I installed Ubuntu LTS on my mom's. If it weren't for the SSH connection that always calls a server I have and I can use it to log back to her computer, I would have to get a sister to drive there in order to walk me through what she's seeing.

With the SSH tunnel, I can just SSH to her computer through my server and fix almost everything.

[sandGorgon]

its brilliant. It has gnome and he loves it - he says its better than hunting through "my programs".

Windows 10 and Gnome have fairly convergent UI. And all the software is already built into Linux

[baronseng]

maybe try this? https://ma.ttias.be/pi-hole-dns-based-blacklist-ads-tracking...

[dfischer]

Get them iPads

[egypturnash]

Ditch the PC and get them an iPad.

[akulbe]

Another vote for a Chromebook.

[amelius]

Kids filter?

[joesmo]

Here's a couple of things you can try:

* Drop linux on it with a simple GUI on it and lock the machine down. Don't give him root access or admin rights. Make sure the machine updates and backs itself up without intervention. * Set up his browsing inside a vm that gets recreated on boot (any host OS, linux as guest would be ideal but any will do).

[olivercreashe]

Take it away from them. Really, if it means that their identities are at risk, I would not put your parents at risk and persuade or force them to not use the interwebs until they get educated.

Btw, a chromebook does nothing to protect them against identify theft. Don't get them anything, better teach them what they might lose.

[pikachu_is_cool]

Get rid of Windows. Problem solved.

[ciupicri]

And replace it with what?

[hayleox]

Nothing. You can't brick the OS if you don't have one! /s

[rcamp]

I specifically wrote my book, Digital Survival Guide, to help address this knowledge gap in digital security and safety that our society has. However, education may not be enough for everyone and you may need to take a sandbox approach. Have them use a VM and expect to refresh it from a snapshot often. Check out my book, you and your parents will find many useful tips.

http://amzn.to/2fkervN

[throwanem]

No ebook version? In current year? Are you even serious right now?