I wish I’d posted this last week, since many of us see one set of relatives at Thanksgiving and a different set at Christmas (and perhaps New Year’s). Here are things you can do as preventative maintenance for relatives whose computers could use a little help.
Windows XP. Yes, it’s time for that talk. Support for XP is ending in April. Sometime next year it’s going to be time to migrate to Windows 7, Windows 8.1, Linux, or something else–anything else. If you’re like me and think the new Windows 8.1 user interface is really just Microsoft Bob 2.1, install Classic Shell to make it look a lot more like XP, or 7 if they like that interface better. Windows 8.1 is the best bet from a security standpoint if they have Windows apps they need to keep using. You don’t necessarily need new hardware–anything with 2 GB of RAM and 2 CPU cores will run 8.1 as adequately as it runs XP, and even some high-end P4s do OK with 8.1. But if you’re facing hardware that just won’t handle it, here’s a $72 Celeron 847 motherboard that will do the job. Just add memory and plug in the old hard drive.
Download the newly released EMET version 4.1 and just enable the recommended settings. You can get more aggressive but it’s more likely to break stuff. Flash crashes all the time even with the recommended settings, but it keeps everyone from getting pwned by Flash exploits, which are never-ending. It’s better than uninstalling Flash, which will cause howls. Until HTML5 becomes universal and saves us from Flash, this is the solution. And it will continue to provide protection beyond that–Flash is just the worst offender.
Install and run Secunia PSI and let it update everything it finds. Then it will keep things up to date. My mother in law had tons of outdated Adobe plugins. Flash and Acrobat do a decent job on their own of staying up to date, but the rest don’t, and this is the remedy. You can uninstall them, but then web sites will just put them back, so an automated way to keep them up to date is the solution. It will also keep Java up to date, if they have Java. And speaking of Java…
Check out the antivirus software. Install Microsoft Security Essentials if they’re running something that’s expired. I’m no longer convinced that running a secondary antivirus scanner is worth the effort. MSE is the least common denominator, but it doesn’t nag and doesn’t expire.
Block malicious hosts. Here’s a list of bad domains, and a tool to keep the file updated. This will provide a layer of protection beyond antivirus software for threats like Cryptolocker by making it harder to download them and making it much harder for them to communicate with their command and control networks if you do get infected. This helps plug the hole between your antivirus software and your firewall.
Run My Defrag. The difference between it and Microsoft’s built-in utility is staggering. Run it once a year and the difference is unbelievable. Skip it if your relatives have SSDs of course.
Run Windows Update. This should go without saying.
Make sure router firmware is up to date, and if no updates are available, consider installing DD-WRT if it’s compatible. Almost nobody pays attention to the security of routers, and this is going to bite us. Many routers are atrociously insecure–less secure than the computers they’re supposed to protect, in most cases.
Router worms are fairly common, and the reason nobody notices is only because they’re less likely to destroy the host than the worms that forced Microsoft to get religion about security a decade ago. The attackers are smarter now.