Personally I use Kerio Personal Firewall for that side of things. As discussed elsewhere I also have the Windows machine behind a linux firewall, but the KPF lets me set things up so no new or changed binaries can run without me confirming it. Should help against malware if I somehow get it (I don't use IE except for Windows Update ).
Oh, and there are a few more tricks you can pull. First one is IE's zones. Go to the Local Zone and lock it down TIGHT. Unless you use some Intranet application it's highly unlikely you'll need this, however a lot of malware works by tricking IE to run it (from the internet) in the Local Zone. If that is locked down it won't run.
Next up is DO NOT HAVE YOUR REGULAR USE BE AN ADMINISTRATOR. Note that to do this you need at least one non-default user who is Administrator, else it won't let you un-Admin your current user. I simply created 'Admin' with the same password as 'Administrator' (the default created admin account, although it'd hidden by default) and made it admin, then un-adminned my own account.
Yes, there are some things that won't play nice with this. Punkbuster for Battlefield 1942 was one, although a workaround was documented, but this entailed giving your non-Admin user sufficient rights to debug any process that you may as well just make the user Admin. Those problems aside it does also mean you'll have to switch to Administrator so as to install things. You may also want to set up some Local Groups (note you can add a user to the group at creation time) for pieces of software that you DO want the user to be able to update (I've done this for BF1942, Steam and WoW) and put your user in the group. You will of course need to sort out the permissions on the necessary files/directories.
Oh and all this does rather assume you're using NTFS, not VFAT/FAT32 for the filesystem else I believe you lose a lot of the protection, but I'm no expert on winblows adminning.
-Ath, who set up the 'non-Admin' user thing last night and is waiting to see how long it is before he gives up on it again.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.