
Ask HN: How do I protect my parents from the internet? - throwawaywxc
I recently came home to find the home PC has been bricked - the boot layer has somehow been corrupted.<p>This is pretty remarkable given that my dad only uses it watch golf videos and edit some photos in lightroom. He may occasionally indulge in some porn <i>cough</i>.<p>I figured he&#x27;d be relatively safe as I installed an Adblocker and had Norton installed on the device but I did not realise how vulnerable he was until I found out he can&#x27;t tell the difference between a pop up and a genuine desktop notification. He has even clicked through on a &quot;You have been chosen to win an iPhone 7&quot; link recently - he saw no harm in at least seeing what might happen.<p>He also likes to download videos from youtube so I taught him how to use youtube-dl but ended up downloading some malware-infected ripper because it had a more convenient UI.<p>How do I educate someone from such a base level?<p>What can I put on the PC to protect them? I avoided using scriptblockers as I don&#x27;t think they are tech savvy enough to work out why a page might not be working.
======
Raphmedia
I am the opposite of most comments here. Don't stupid her away to a mobile
device.

We got our mom a computer, a cheap one, and told her to play with it. Break
it. Click everywhere.

Soon enough she was playing with windows settings. Soon enough nothing worked.
She now knew you can brick computer, she is more careful.

We fixed the computer and she explored the internet. She asked how she could
download wallpapers, we introduced her to torrents and file sharing. She got
viruses. She learned that you can get virus online and they will delete your
hard worked wallpaper collection. She is aware of the dangers of the internet
now.

For a while you would download all the free adblockers, anti-virus, etc., she
could find and put them on CDs. She learned to clean her own computer.

Right now she is very comfortable with computers and it allows her to have
more freedom. She will easily connect with people online, like we do here. I'm
certain it has helped her keeping smart.

She even feel out pain now. Whenever one of her neighbours lady has issues
with computers they call her.

~~~
falcolas
This assumes an interest, willingness, and time to learn. For better or worse,
not everyone can/wants to become an expert in managing these buggy and
vulnerable messes we call general purpose computers.

It's a big investment, an investment many of us don't remember making since it
was effectively part of our childhood. That same investment, in a world with
special purpose computing devices, has a very low ROI for people who would
rather be doing something else.

~~~
ralphc
It's also assuming you live close enough to your parents that you can go over
and physically revive a bricked computer.

~~~
i336_
I just thought of a bizarre but interesting idea - an i3/i5-capable server
motherboard with IPMI, and a rock-solid router running OpenVPN in front of the
IPMI port.

Maybe fractionally higher power consumption, and perhaps you'd need a GPU for
it, but if both ends have really decent internet, that could very legitimately
work.

~~~
pc86
> a rock-solid router

Make one of these and you'll end up with a lot of money.

~~~
i336_
Where would be a good place to start? OpenBSD?
[http://www.skeptech.org/blog/2013/01/13/unscrewed-a-story-
ab...](http://www.skeptech.org/blog/2013/01/13/unscrewed-a-story-about-
openbsd/) Another platform?

It's tricky. You could for example pick seL4, but then you have no router.
That could be interpreted as an amazing opportunity to make a new stack, or a
feat significantly less interesting and more strenuous than climbing Mt.
Everest.

Then on the hardware side, do you pick x86 (complete with firmware that lets
you use fallthru to ring -2! \o/), ARM, MIPS, or what? This is a question I've
no idea how to answer.

Also, heh, I'm reminded of this:

1\. Search Shodan for JAWS/1.0

2\. Take one of the results, go to the IP[:port], append "/shell?" and a
command, eg "/shell?ls"

3\. Try running "whoami"

4\. Go back and look at the number of results

5\. Visit the IPs normally, and learn that these are DVRs, for security
cameras; alternate between dying inside and reattaching your jaw.

------
victorhooi
I second what some others here are saying - get your parents a Chromebook (or
Chromebox if they want a desktop).

I got a Dell Chromebook for my mother.

It's nigh on unbreakable, and is great for non-tech parents. Each tab/app runs
in its own sandbox, and it allows them to do the things they want (i.e.
browsing).

It automatically updates in the background (none of that Windows update
rubbish), it has inbuilt malware block lists (via Chrome Safe Browsing), it's
fast, doesn't bog down over time etc.

Even if by some magic they brick it, a simple Powerwash
([https://support.google.com/chromebook/answer/183084?hl=en](https://support.google.com/chromebook/answer/183084?hl=en))
and 5 minutes later, it will be back to a pristine state, they log in with
their Google account, and it pulls down their settings again.

Also, if you want to see the latest and greatest coming in ChromeOS - try the
Canary channel =). (But be prepared for rough edges).

Feel free to ask any questions.

~~~
quasse
My findings have been that old folks (and even some middle aged folks) are
still able to be completely bamboozled by popups on Chromebooks.

Those popups that hijack the back button and pop up an alert when you try to
close them are enough to get them calling the phone number they see in the
window and pulling out their credit card to "have their computer fixed".

~~~
victorhooi
Yes, it's unfortunate that crooks are pretty creative and will always find a
way. I've seen some pretty innovative phishing scams.

However, the Chrome browser uses a Safe Browsing list which blocks many known
malware/phishing sites.

[https://www.google.com/transparencyreport/safebrowsing/](https://www.google.com/transparencyreport/safebrowsing/)

The list is constantly being updated, both by automated and manual means.

You can also submit bad sites here:

[https://safebrowsing.google.com/safebrowsing/report_badware/...](https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en)
[https://safebrowsing.google.com/safebrowsing/report_phish/?h...](https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en)

If you find one that isn't blocked, I'd definitely encourage you to do your
bit and submit it.

Firefox also uses the same Safe Browsing service:

[https://support.mozilla.org/en-US/kb/how-does-phishing-
and-m...](https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-
protection-work)

------
thomaskcr
Use Deepfreeze or something similar. You'll mark a their documents directory
as excluded and then every time they restart their machine it'll be back to
the exact state it was in when you first set it up.

You don't want to have to support them using a new OS for the first time -
you'll be in for a headache. I use Deepfreeze for anyone who is a "problem
user" and most don't even realize they have it if it's set up right.

~~~
danieltillett
What does it cost? The faronics website seems to avoid minor details like
pricing.

~~~
thomaskcr
$45, I believe there are alternatives I just don't really know anything about
them.

You're right about their site though, every single time they've changed it the
site has looked more scammy/crappy and been harder to get where I need to go.
If I hadn't used their product before I would go to that site and immediately
leave.

------
faitswulff
I was really hoping for a discussion on how to keep parents from watching
videos about the healing properties of crystals and government chemtrail
conspiracies...

...but to answer your question perhaps you can get your parents a Chromebook?
I'm not sure what photo editing options exist on the platform, but hopefully
it's an obscure enough platform to avoid the majority of malware.

~~~
Chromozon
Related. Conspiracy theory websites are also very dangerous places to browse.
My grandfather loves conspiracy theories, mostly the ones related to free
energy machines, and he told me some sites that he went to. I was curious so I
visited a few of them (using Firefox + AdBlock). This was the first time I
actually got a virus just by browsing a site. It used an exploit that bypassed
the browser download popup security mechanism, and it just installed itself. I
legitimately got owned, and I was pissed because that just does not happen to
me. Now I understand why my grandfather's computer is unusable nowadays.

~~~
cheiVia0
I hope you reported the vulnerability to Mozilla.

------
Someone1234
Chromebooks cannot print.

Everyone loves to recommend Chromebooks to older/less digitally literate
people, and they're right to do so in most situations. However Chromebooks
have one huge downside that makes them non-starters for some of that
demographic: Printing is a no-go.

And don't tell me about "Google Cloud Print." Cloud Printing requires a PC or
Mac connected to the printer and a copy of the Chrome browser running. In this
scenario we're trying to replace a PC or Mac, not add to them, so Google Cloud
Print is a non-starter.

Ultimately people who quickly jump on the Chromebook recommendation need to
find out first if printing, even rarely, is a requirement. For a lot of people
I've tried to move over to a Chromebook, it has been the single thing that
killed the entire project.

Printing in general is a huge hole in Chromebook's offering.

~~~
spikej
Well, a cloud-ready printer would solve that issue... One hurdle I've faced is
lack of things like Skype. OP mentioned lightroom. Sometimes, the alternatives
are not good enough, or not user-friendly enough for parents who insist on say
Skype instead of hangouts

~~~
jdietrich
Some Chromebooks now support Android apps, with more to come over the next
year.

[https://www.chromium.org/chromium-os/chrome-os-systems-
suppo...](https://www.chromium.org/chromium-os/chrome-os-systems-supporting-
android-apps)

------
theandrewbailey
tldr: Linux.

I had more or less the same issue (except things still booted) with my parents
about 5 or 6 years ago. In a move I thought was insane, I put them on Xubuntu.
I moved them to Mint for a while, but they are back to Xubuntu. It's my
preferred distro, and the Ubuntu base (for good support) and XFCE (Windows
familiarity) made me comfortable it was Mom and Dad proof. Aside from showing
them where things are, there have been zero problems. Turns out that Linux is
just as good for email, web browsing, Youtube, and solitare.

I haven't used Lightroom, but how does (say) RawTherapee compare?

~~~
jlarocco
RawTherapee and the other Linux RAW software can't hold a candle to Lightroom.
I don't even like Lightroom, but the Linux RAW editors are just not very good.

My advice to the OP is to tell them to buy a Mac, get Apple Care and let Apple
Genius Bar deal with it.

~~~
type0
> RawTherapee and the other Linux RAW software can't hold a candle to
> Lightroom.

This is just plain false. I used AfterShot Pro and I think it's better than
Lightroom. The only reason that I switched back to Darktable is because I
don't want to locked in the proprietary software.

------
davio
After my mom got scammed online, I had "the talk" with my parents and we
agreed that they would just use iPads and iPhones.

I've had no tech support calls for a couple of years now.

I think a chromebook is a good option if a keyboard is required.

It's a losing battle at this point. Your time is better spent educating them
against social engineering attacks (I'm still afraid my mom is going to return
a call to the voicemail the "IRS" left)

~~~
knz
> It's a losing battle at this point. Your time is better spent educating them
> against social engineering attacks (I'm still afraid my mom is going to
> return a call to the voicemail the "IRS" left)

The "This is Microsoft calling..." scams are even worse. Many older people
have very little understanding of what is actually installed on their computer
and what the various pieces do. My mother in law has fallen for the fake AV
popup advert multiple times this year.

~~~
ben_jones
To go into detail, you'll get a call from "Microsoft", generally with a
foreign accent, and they'll have you sit at your computer, screen share, and
give them root access. Then they'll do some powershell command that makes
scary messages flash on the screen and have you buy whatever plan in order for
them to "clean" it. Usually a couple hundred bucks.

My deeper fear is that they rooted my dad's machine and have been up to
nefarious stuff ever since, but i'll never know. He won't let me touch it.

Oh and the IRS is now contracting private debt collectors, so there may now be
"legitimate" calls regarding the IRS....

------
baby
Story time:

My father complained of virus and malwares on his computer.

I came home, formatted his hard drive and re-installed windows.

I go to eat lunch with my mother in the kitchen, a few minutes later I hear
"[baby], I have a virus on my computer!". WHAT?

The first thing he did was to google for "chrome" on internet explorer and use
the first result. The first result is a google ads for a malware containing
chrome. Had to reformat his computer one more time. I think that's the moment
where he got it.

~~~
antisthenes
This might be the best argument for using an adblocker indiscriminately.

For whatever reason, the web got to this point where non-technical people get
infected within minutes, whatever advertising revenue is lost by content
creators isn't worth my headaches providing tech support to family members and
friends.

~~~
imadfy
It's truly pathetic that Google is selling ads that respond to a search for
"Chrome" with malware.

~~~
andrewf
_to google for "chrome" on internet explorer_

Is _google_ being used as a generic verb here, in relation to Internet
Explorer's default search engine?

~~~
totalZero
I prefer to bing things on duckduckgo.

------
nickcw
How about a Chromebook?

Cheap, keeps itself up to date, fully cloud based.

It wouldn't tick the Lightroom box but it does the internet based stuff
extremely well with low maintenance.

~~~
jrockway
I got my mom a Chromebook. It's the most successful computing experience so
far, but I was quite surprised by a few things.

She didn't realize that the password to log in to your computer was the sync'd
to her Google password. So she would type some random password 5 times, until
the Chromebook said "use your Google password to reset your Chromebook
password", and would then log in with that. Every single time.

Some website managed to convince her to switch to developer mode to install a
non-web-store extension that overwrites the new tab page and search
functionality with ads. Chrome is a little more aggressive about not letting
you change the New Tab page these days, asking you occasionally if you still
want the extension to control it (even for the new tab page I use, an
extension from Google).

But despite that, she got a lot out of the computer, so overall it worked
quite well. And we fixed those two issues, so I don't think there are any
problems now.

~~~
jff
> Some website managed to convince her to switch to developer mode to install
> a non-web-store extension that overwrites the new tab page and search
> functionality with ads

I'm not even mad, I'm honestly impressed both that your mom went to such
lengths and that a website managed to convince a layperson to do such a thing.

------
breatheoften
I think we are doing a disservice if we restrict this question to only refer
to the standard malware/technological attacks. The real space for risk to our
parents goes beyond damage to the computer or identity theft. There's some
seriously weird content on the internet -- and some seriously strange ways it
can interact with our parents aging brains.

I had an "oh shit" moment when my mom described a website that added automated
popups over a text editor field -- as she typed it would periodically throw up
a pop up with encouraging commentary and editing advice "good idea, can you
elaborate" etc -- and it took her a long time to realize that the
intellectual/emotional support she was feeling wasn't actually coming from
anywhere ... she also got severely addicted to the political campaigns and
facebook -- and ended up with a news feed that absolutely barraged her with a
constant stream of fake political news stories ... got her down from her 4-6
hours per day of internet usage but it was so fast -- really scary stuff.

------
bsenftner
In this respect, the FTC has failed 100% in their mission. Normal, non-tech
consumers cannot use the Internet without falling prey to the outlaw landscape
that is the WWW.

I think you need to explain to them that the Internet is too much like the
Wild West, and they need to stick to trusted web sites, as their "sight" is
not tuned to see the dangers. Leaving them too scared to randomly surf might
not be a bad thing, in this situation. I have the same type of situation with
my 85 year old mother. She is somewhat tech savvy, but not enough. Her browser
has every possible 3rd party toolbar, no matter how much I educate her on the
situation...

------
Florin_Andrei
> _He has even clicked through on a "You have been chosen to win an iPhone 7"
> link recently - he saw no harm in at least seeing what might happen._

Show him one of those videos with deep-sea fish that use a luminescent lure to
eat smaller fish. The pop-up is the lure. The small fish is him. The Internet
is like the deep sea, and it's full of lures like that.

One simple criterion I give non-technical people: if it's unsolicited, it's
hostile. End of story. No exceptions.

~~~
peterwwillis
Plus these:

* If it sounds too good to be true, it is.

* If anything related to it says Nigeria, run screaming.

* Nothing is free and you will never win anything.

* Never enter your social security number at any time for anything.

* Surfing the Internet is like walking down a back alley in Hong Kong. They claim to have everything, but you probably aren't going to like it when you get it.

* Illegal software and marginally legitimate sites are breeding grounds for viruses.

* Even if it seems legitimate, make sure it comes from a source you have heard of.

* Always check the URL bar. Just because the website looks like Paypal doesn't mean it is Paypal.

* Get on all of the 2nd factor auth.

* Never download anything.

* Never run anything.

* Learn to close windows without clicking on anything (Alt+F4 or similar)

* If you enter your credit card anywhere, just assume that number is now compromised.

~~~
nitrogen
_Learn to close windows without clicking on anything (Alt+F4 or similar)_

One has to be careful with this one; this can get you auto-upgraded to Win10,
which not everybody wants.

~~~
reitanqild
This sysadmin/programmer enjoy Windows 10.

Finally I can have multiple desktops on a stock Windows PC.

------
rwhitman
My mom has had various Windows PCs since the late 90's. About every 3 to 6
months or so I get a call that it's "stopped working" and has either locked up
completely or is moving at a crawl.

Nearly every time it takes me hours if not days to do a bunch of scans,
install updates and purge whatever garbage has been installed by various
malware that she's somehow managed to find. I've done more than a few clean
wipes, bought her new machines and yet still she figures out how to kill it
again. Most of the time it's caused by her playing some silly online puzzle
game, or clicking a link in an email or some sort of fake notification... or
AOL, which she refuses to ditch even though it's a huge vector.

It's been decades and she still hasn't learned how to avoid this stuff
correctly. I've tried every malware scanner & notification software on the
market, and each one of them is eventually bypassed by clever malware or in
some cases like AVG or Norton, BECOMES the friggin problem.

Basically, my conclusion is if your parent has a problem like this the only
solution is refuse to help them anymore if they insist on using Windows as
their primary web device and make them get a Mac and/or an iPad, maybe a
Chromebook as others suggested. Then get rid of the Windows PC or simply tell
them not to use it for anything other than printing / scanning etc. There is
no winning otherwise. Windows for some folks is just plain bad news

~~~
daddykotex
I'm genuinely not sure this is a Windows problem. They might get infected on
pretty much any OS if they navigate anywhere without precautions (as most
parents do, including mine).

I'd like to see if a something like DeepFreeze could help here (there are
probably alternatives here, DeepFreeze just came first in my mind).

~~~
chadgeidel
It's absolutely not a Windows problem, my dad managed to click through some
"malware" (i didn't see it, but i'm thinking it was a cleverly crafted web
page) and give his credit card to someone... on his iPad.

------
bpc9
An interesting question. I haven't had to do any of this for my folks, but i'd
probably do something like the following:

-Setup a network and computers that I can admin remotely. Probably Ubiquiti Unifi gear (great wifi APs, powerful router with DPI / firewall, where I have admin access from my Unifi Controller install. Then I could handle all network troubleshooting remotely, unless their ISP is down or hardware has physically failed (unlikely with the ubiquiti gear)

-Look at something like OpenDNS personal configured on the gateway to help protect against malicious stuff in browser

-Set up any Desktop PC to run a hypervisor, and keep the OS they use as a VM that I could access and administer remotely, and that I could quickly reset to a known-working state.

-Have them use gdrive / dropbox / onedrive to keep documents backed up and accessible across machines

-For laptop / portable, see if I could get them to use chromebooks, or I'd need to replicate the VM setup from the desktop PCs

------
Zyst
Linux machine, subscribe to more adblocker malware prevention lists - my
mother's laptop has more ticks on the adblock subscription lists than squares
- and in case of my father an awkward conversation where I told him a list of
safe porn sites.

~~~
throwawaywxc
This sounds very useful - do you mind giving some more flavour? What exactly
did you implement?

------
sathishvj
I faced similar challenges with my mom, especially since she lives in a
different state. She confessed though that she would only ask me. And I'm able
to help because I'm in the tech field. I realized that all her neighbors and
my other relatives, and parents of my friends & acquaintances, and millions of
others would have absolutely no way to get help and protect themselves against
online scams and threats.

So I started a free service
[http://www.littlecaution.org/](http://www.littlecaution.org/) where I do
talks and seminars about remaining safe online. Since it's just me on my
personal time for now doing the workshops, growth and reach is slow. But I
continue to work on it.

My belief is that using the right tools is of great importance but raising
awareness is a bigger need. All the best tools are no match against human
fallibility. So in these talks, the direction I take is about knowing the
issues, being aware, and then followed by using the right tools.

------
walrus01
give them a desktop that is basically xubuntu amd64 (xfce4 desktop on xorg) +
firefox + chrome, and then install all of the best adblock extensions in both
browsers. Even the most clueless parents can't successfully download and run
windows binary malware/ransomeware/viruses on that.

the xfce4 GUI is close enough to traditional windows98/windows2000/winXP
models that most older non technical users have no problem with it.

the best thing for non technical users/older users/ignorant users is to give
them the closest approximation to a thin terminal web browser, whether it is a
linux desktop or a chromebook type thing.

~~~
xd1936
That eliminates Lightroom support, however.

~~~
Diederich
[https://appdb.winehq.org/objectManager.php?sClass=applicatio...](https://appdb.winehq.org/objectManager.php?sClass=application&iId=5839)
shows it as 'gold' for the currently highest 32 bit version.

------
johngalt
Here are your options:

Revoke local admin privileges. It will stop a lot of the click-click to
install bullshit, but it also means you will get a lot of calls about "access
denied" whenever they want to update an app that needs admin rights. Give them
an admin account to install/update software separate from their normal
account.

Simplify the device by going tablet/chromebook. Probably means you will get a
lot of questions regarding how to use/setup the new OS.

Shorten the loop on backup/rebuild and let them hit the iceberg. Good backups
and fast imaging with drivers pre-loaded can make cleanup a lot easier/faster.

------
paullth
In addition to the stuff you mentioned, for my mother in law I:

removed her user's admin privileges

install flashblock - one of the ones where you have to click on the video to
make it run

spent a long time explaining that you will never be chosen to win something,
MS support never rings you to tell you have a virus, if something takes over
the whole screen and tells you anything suspicious/implausible to press alt+f4

convinced her free music isnt worth the risk of downloading something that
trashes the machine. installed spotify

------
tbyehl
1) No local Admin rights.

2) Chrome + uBlock Origin w/ Malware filters.

3) Sophos Home[1] which has the bonus feature of being cloud-managed and not
providing any control to the local interactive user.

4) Sophos XG Firewall Home Edition[2] on whatever $100-ish hardware the pFense
crowd is currently in love with. Web filtering for Advertising and Threats, AV
scanning.

5) Backups!

[1] [https://www.sophos.com/lp/sophos-
home.aspx](https://www.sophos.com/lp/sophos-home.aspx) [2]
[https://www.sophos.com/en-us/products/free-tools/sophos-
xg-f...](https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-
home-edition.aspx)

------
clentaminator
It makes me smile that while proponents of censorship and blocking of parts of
the Internet use the "Think of the children!" argument, I never hear anyone
shouting "Think of the adults!"

Of course, in this case we're trying to protect people from themselves rather
than the outside world, but still...

------
philip1209
Have you considered using OpenDNS? They used to focus just on protecting
family members from internet threats, and it's still a great (paid) product
for that:

[https://www.opendns.com/home-internet-
security/](https://www.opendns.com/home-internet-security/)

~~~
spikej
Or private internet access VPN
([https://www.privateinternetaccess.com/blog/2016/07/pia-
adds-...](https://www.privateinternetaccess.com/blog/2016/07/pia-adds-ad-
blocker-introducing-private-internet-access-mace/))

------
davidgerard
A Mac. If you live with him, Ubuntu.

If there's that Just One Piece of Windows software he needs, do try it in Wine
- Wine works more often than not these days.

I never did viscerally understand how literally 25% of Windows XP
installations could be botnet members until I saw my sister's computer in
2010. Oh my goodness. The disk was full because they never emptied the rubbish
bin. And I don't think there's ever been a piece of crapware that my brother-
in-law didn't download to try. The only thing saving them was that they were
_still on dialup_. They're on broadband now (it turns out the killer use case
for videophones is our mother Skypeing her grandchildren), and I shudder to
think what it's like. _Normal people do not use computers like we do._

------
webwanderings
Chromebook.

I bought the cheap one (Lenovo) sometime ago. It has a good battery life, very
lightweight and compact. I have seen the same being used by many people (in
the same category). It is the most trouble free and productive piece of
material there is. Ignore all these security software and Linux etc. Just
hookup uBlock and Ghostery into the user's Google Chrome account and you're
done.

~~~
djaychela
Very similar here. Got a Chromebase for my Mum (77) who has previously had an
original iMac (she loved) and a Windows 7 PC (which she tolerated). Both iMac
and PC had issues, and I'd often have to fix stuff. There was a bit of a
learning curve for her (cloud print is a mystery to her, not helped by it
breaking about 2 weeks in and needing a powerwash to sort that), and she
couldn't have Skype on it which was the one initial sticking point, but since
her getting going with it I've not had any issues.

Indeed, a couple of weeks ago when she thought she'd killed it because she'd
fallen for clickbait that then said she had viruses on the computer, she was
pleasantly surprised that powering it up again showed it was fine. For the
£220 it cost, it was money well spent - she can do what she needs/wants to
online without issues, and TBH I think that a LOT of "normal computer use"
people would be better off with one rather than the PC they think they need
(usually when asked it turns out that internet and email with the odd bit of
word processing and printing is what people do).

------
RankingMember
While I'm loathe to recommend a walled garden solution and not a particularly
big Apple fan, this is exactly where such a solution shines. An iPad is
perfect for this situation.

~~~
mercer
I feel conflicted about such advice too... but honestly I've resorted to using
my iPad for stuff like streaming video just because it's safer out of the box.
I figure if I'm doing that, I might as well suggest others do the same.

------
akerro
Install them Ubuntu, KDE Neon or Mint. Works for my parents since... I dropped
Windows XP.

~~~
reacweb
Idem for me. I have installed Ubuntu-gnome. sshd, wine and powerpoint viewer
are the main customization. When the computer is started, I receive a SMS so
that I can perform updates or backups.

~~~
akerro
I did similar. PC has static IP in LAN, there is raspberry pi with duckdns and
ssh waiting for me. I just login on rpi, then ssh to parents PC and do what I
need. I can do updates, remove files, monitor activity and all other things,
easily, for free. It's Ubuntu, they don't have sudo/root password so can't
break anything, ever.

------
thght
A virtual machine might be a solution, just leave it full screen for them when
you leave home. I've given up trying to educate my parents best practice with
pc's, it doesn't seem to work.

~~~
borgchick
That's what I've always thought, haven't tried it with my parents. Idea is,
set up a vm, snap shot it, have their save folder somewhere outside of the VM,
and then if they manage to mess up the VM, just restore the snapshot.

Honestly, it is when I am trying to teach my parents how to use computers do I
realize how annoying computers are. I mean, some of the simplest things we
take for granted are pretty dumb if you have to explain it to someone.

------
SimonPStevens
I think all the people recommending Chromebooks or Linux are entirely missing
the point. Those are only viable alternatives within small niche uses for
people who literally only use email and facebook. It's the 80/20 fallacy. 80%
of the people only use 20% of the features, but for each person in that 80%
they use a slightly different 20% subset. It's the same here. Most people only
use a very small subset of the internet, and most things they do would work
fine on a Chromebook, but each of them has that one thing they just can't live
without that only works on Windows.

I have this exact problem with several family members PCs who come to me
regularly with messed up machines.

It's not just old people either. One problem person for me is a 10 year old
who always insists that all he downloaded was just that one minecraft mod and
it was definitely a safe mod, honest, because he downloaded found it on
google, or he saw stampy using it on youtube, oh and a java update because the
mod says it needed it, oh and forge, and optifine, and, and, and... He's
loosely tech savvy, but in a way that doesn't make him any safer, he still
gets his computer into a mess. He's not going to switch to a Chromebook. No
minecraft, and none of the other games his peers are into. (On a related note,
the minecraft modding community is one of the most vile den of scam-mongery
I've ever had the misfortune to stumble into)

The older people all require MS Word/Excel (And don't tell me LibreOffice is a
replacement, it's not even close if you expect file compatibility with other
people who use MS products).

Windows only plugins for specific websites, that's another one that is
hopefully getting much rarer, but I still do see from time to time.

I've tried setting up restricted accounts and keeping the admin account
password secret, but it always eventually has to get given out. Last time it
was because their son needed to do submit his homework on the schools website,
but the submission processes required a Windows only plugin which needed admin
access to install. They were all panicked because I hadn't been answering my
phone and his homework was due the next day. After that I gave up and stopped
using restricted accounts.

I've tried disk imaging software, but it's typically a lot more work than it's
worth with the images quickly getting out of date and needing redoing with new
versions constantly.

This is a big big problem that I just don't have a good solution for.

~~~
skybrian
Even if it doesn't work for everything, a backup computer in the house might
still be useful? If you get a Chromebook, they will have a browser to use when
the other one gets messed up and you can't fix it right away.

------
rihegher
You can start with ubuntu that is immune to most of malware and enough if your
parents needs are internet + video palying and downloading + office suite

------
chejazi
Maybe replace his pc with an android powered device like
[http://www.toysrus.com/product/index.jsp?productId=101695486](http://www.toysrus.com/product/index.jsp?productId=101695486)

~~~
GFischer
Unfortunately Android has its own malware :( and plenty of sites redirect to
the Play Store.

I've seen Android phones constantly opening popups.

------
greggman
I am going to answer that pretty much nothing will save your parents from the
internet.

While I agree a chromebook won't get owned your parents will still likely get
phished. I have no idea how to solve that.

[http://blog.greggman.com/blog/getting-
phished/](http://blog.greggman.com/blog/getting-phished/)

[http://blog.greggman.com/blog/how_to_detect_e_mail_scams__ph...](http://blog.greggman.com/blog/how_to_detect_e_mail_scams__phishing_/)

------
zupreme
There are some good suggestions here but I will give you one based on the
assumption that your parents won't want to leave the familiarity of Windows.

0) Deny them admin rights to the machine. 1) Create a second profile for each
of them 2) Write a quick batch or PowerShell script to copy the contents of
their Desktop, Documents, Favorites, Pictures, Music, and Vidoes folders (not
the entire profile) from their profile to the second profile you created for
each of them. Make sure your script only copies new or changed items (so it
runs faster) Store this script outside of either profile. 3) Schedule the
script to run every hour on the hour. 4) In the event that they brick their
profile with adware, malware, etc, simply login as an administrator, delete
the first profile, rename the second profile to whatever the first one was
called and then create a backup profile with the same username that the
previous backup profile had (so you don't have to edit your script).

Notes: For your script if you are more comfortable with batch scripting then
use "Robocopy". If you are more comfortable with PowerShell use "copy-item". I
cannot stress enough how important it is that you ONLY copy the folders I
mentioned above. If you get lazy and copy the entire profile you will bring
over the folders viruses, adware, and malware hide in (like AppData). For the
love of God make sure you have up to date antivirus on the machine. That's so
basic that I didn't mention it above but I feel compelled to do so here. If
you don't want to spend money just install Security Essentials or AVG.

~~~
oxguy3
I'm gonna have to disagree with this one. There are tons of great, battle-
tested backup tools out there -- rolling your own solution seems to just be
asking for something to go wrong.

~~~
zupreme
This isn't backup. It's user profile element duplication on the same machine.
As long as they are not admins or power users on the system then they can't do
much damage outside of their profiles.

Backup is another matter entirely.

------
EnderMB
In my experience, don't. Offer them your best solution for a novice user,
which for me is usually an up-to-date machine with an ad blocker, and make
sure that you're open for

Ultimately, they're adults, and the last thing your father will want is to be
treated like a child on his own machine. If he fucks something up, fix it, and
tell him what he can do to not have that issue come up again.

~~~
throwawaywxc
This is good advice in principle but my parents are from a different world
they grew up in a world without fridges, TVs or electronics.

I am all for them learning and making their own mistakes but I know them well
enough to know that this wouldn't really work in their case - I know them well
enough that ultimately they want something that just works with minimal
effort, the stakes are also high in that I don't want them bricking a PC (100s
of $) or getting hit by identity fraud.

I'd go mac if my dad didn't hate it so much.

------
yathern
If simply educating them on what not to do (clicking on 'free' stuff,
downloading without discretion) won't work, I'd suggest switching out the OS
to something a little less targetted by malware. I recently got my mom a
chromebook, which she loves. You say your dad uses lightroom though, so that
might not work for your use case.

------
ChrisNorstrom
I've got 2 computer-illiterate parents and I can confirm the following works
very well:

1) Create a user account in Windows that is NOT an administrator account, that
way they can't install things without an admin username and password. The PCs
admin account should be password protected.

2) Enable the highest level of windows alerts (those "this program wants to
make changes or modifications to this PC, cancel or allow" messages). Teach
your parents to always click no/cancel/do not allow.

3) Ad blockers like uBlock. Remove shortcuts to, or uninstall Internet
Explorer.

4) Use software like DeepFreeze [http://www.faronics.com/products/deep-
freeze/standard/](http://www.faronics.com/products/deep-freeze/standard/) it
restores the computer to a snapshot you saved every time you restart it. No
matter what they mess up or install or screw up, it'll be fixed with a
restart.

------
hawski
I am currently working on experimental Linux distribution for my parents that
would be a bit ChromeOS-like.

Ideally for my mom ChromeOS device would be ideal. For my dad it would be not
enough as it seems in your case. Maintaining my parents computer is something
that always gets back to me. Now I am also living few hours worth of travel
from them so it is even less convenient.

Older computer couldn't handle Ubuntu of the time. So always something was not
working correctly. Updates on every system are constant source of headaches.
My dad got used, but much more powerful machine. I installed Windows 10 for
them thinking that Windows is now better and that with perpetual updates it
will be out of trouble for me. I installed also Chrome Remote Desktop for
service. My dad preferred Linux experience. I hoped that he just needs to get
used to it. He was happy with Windows Store for a while, until few of the
games he enjoyed playing failed in strange ways. It would not be that bad, but
updates on Windows 10 are huge and with 20-30GB free space left after
installation it does not update anymore. It only downloads the update, tries
to update and fails - on every reboot. My dad bought an external HDD so
probably it could be resolved. However he still would like to have Linux in
there - old computer was very slow, but it did not fail in such magical ways.
For now I plan to install Ubuntu for him and see how it will behave.

For my own learning experience and a bit of enjoyment I started working on my
own Linux distribution. The most important thing for me is to have hassle-free
updates like on Chromebook. I prepared squashfs image with Firefox and intend
to have two partition scheme for rootfs. Updates would be then just download
and restart away - completely automatic and in case of failure you would still
have previous working image. I could test the image locally and optimize it
for fun and profit. For now I base it on Gentoo to build lean system in a
similar fashion to ChromeOS build.

[slight EDIT]

------
pryelluw
I bought my dad a chromebook. Problem solved.

------
instanton
I'd recommend you sandbox his favorite browser in sandboxie:
[http://www.sandboxie.com/](http://www.sandboxie.com/) I believe the free
version allows you to use one sandbox session.

Run him through the process of recovering downloaded files and you should be a
lot safer.

------
atmosx
Here's what worked for me:

1) Install GNU/Linux, most click adds target windows users.

2) Install an ad-blocker at DNS level. I use a custom variation of this:
[https://pi-hole.net/](https://pi-hole.net/) (by default logs DNS requests,
mind you. You can disable logging though).

3) Spent some time to educate him on what to avoid online

4) Lastly, I have an RPi running on a VPN exit node (actually I have an RPi
cluster, but anyway). When I had an openWRT-based router, I had a script which
was fetching porn/torrents/etc. IP addresses and adding routes to the router
redirecting connections via VPN.

5) A separate guest network with radius accounting can go a long way into
securing your network and help control access (I have a radius RPi server but
my APs do not support accounting. I felt kinda screwed when I realised)

~~~
zerognowl
Put your parents on a VPN, great idea, instead of the other way around where I
am the sole VPN user and pay _more_ for my Internet connection because surfing
without a VPN just feels weird these days. Also five minutes of OSINT on
Google tells me I share my ISP-Issued IP with at least 1000 other paying
subscribers, whereas a VPN can run into the millions of users, albeit not all
using that VPN-Issued IP at the same time.

~~~
atmosx
Putting everything behind a VPN might a bit too drastic as it might start
disrupting services relying o geolocation for fraud detection etc. But at
least _some_ traffic, for many reason, it's better to be shipped via vpn.

------
namank
This is a very important conversation for this decade. Do post your solution
on HN once you have it.

------
Too
* Set a password on UAC (windows sudo equivalent) and teach him that if the background ever goes black and asks for a password he should be very aware. The default is just a yes/no popup and is very easy to just click yes, even accidentally for tech savy users. For extra protection, don't give him the password.

* Remove the anti virus and tell him that you did so. It just gives a false sense of security and introduces more popups which teaches users to ignore prompts. If he knows it's not there he might be more careful.

* Install ublock origin. It blocks known badware domains and reduces the amount of clutter/ads on almost every web page you browse, making it easier for him to identify weird stuff.

------
tikwidd
I made a really simple UI for youtube-dl in WPF a few weeks ago. It just has a
text field for the youtube link, a "download" button and a checkbox for
downloading audio only. If you like I can chuck the source and binaries on
github.

~~~
SturgeonsLaw
I'd be interested in this

------
whyagaindavid
You dont need to even buy a new chromebook. Just install cloudready (which is
compiled from chromiumOS) for all generic PC/laptops. Many schools are even
using this. www.neverware.com/ I am not involved with them. Just a user.

------
ben_jones
Great post. My father is similar to yours, but is also incredibly vehement
about his privacy. A few years ago he fell victim to a fake microsoft support
scam (foreign accent, cc details over the phone, etc.) and gave them full root
access over whatever screen share software they used. He paid a few hundred
bucks for them to fix fake problems on the PC, and I could never convince him
that it was in fact a scam.

I've since given up completely on locking down the computer or protecting them
from themselves in that regard. I occasionally get talked into basic tech
support, but thats it.

It's really a relationship problem if anything (IMO).

------
perakojotgenije
Use Linux. If he only uses his computer for browsing the Internet and editing
photos linux mint (mate or cinnamon) will do fine. Show him how to use
darktable instead of lightroom and that's it. No more problems.

~~~
techload
I have (had?) one client that every week or the other would come back for a
Windows reinstall. Since he only browsed the internet and did not use any
particular software, I installed Linux Mint and he never came back! I lost
that steady 'revenue' though.

------
victorhooi
Lightroom is on Android now:

[http://www.theverge.com/2016/11/9/13577740/adobe-
lightroom-a...](http://www.theverge.com/2016/11/9/13577740/adobe-lightroom-
android-raw-file-support-photography)

If you have a recent Chromebook, they can run Android apps =):

[https://support.google.com/chromebook/answer/7021273?hl=en](https://support.google.com/chromebook/answer/7021273?hl=en)

------
aibottle
A friend of mine once explained to me, that in order to make the internet and
computing environments safer we have to stop making things easier but educate
the people (e.g. don't put the single-point-of-failure antiviruses on the
computers teach people not to trust links/emails/usb/devices but to check the
source and acutally think). I think you should educate them on the topic, and
help them to learn it.

------
pksadiq
One way would be installing some good GNU/Linux (Mint is good for windows
users, or Debian Stretch with GNOME classic mode).

And thus your dad can't install any software he just downloaded from some
random website. And the GNOME sofware center is great in Debian Stretch (to be
released though, sorry).

create scripts using zenity as a GUI for youtube-dl (and any other command you
wish him to run)

Also, I would recommend uBlock to Adblockplus.

------
serg_chernata
There are already good solutions below. The one thing I would add is that this
may not be a "silver bullet" kind of problem. I'd throw everything I can into
the mix to create layers of protection. Educate them but also add software
solutions to the mix.

A small addition, how often do they need to install new software after initial
setup? Maybe take away admin privileges?

~~~
throwawaywxc
Should hardly ever need to - but I am rarely at home so would prefer not to be
in a position where any time they need to do something I need to be present.

The only real software he would need at the moment is for photoediting

------
namuol
I installed Ubuntu on my parents' laptop years ago. They didn't notice the
difference until they tried to print something.

------
konradb
Not the answer you want but an ipad might limit the damage that can be done.
It would remove the need for education.

~~~
dudul
Is it still true? I would have thought that by gaining popularity Apple
devices would become the target of malwares as well.

~~~
palunon
It's not that easy to break into the walled garden. There are fundamental
differences between a iPad and a PC (or a Mac, if the distinction still makes
sense).

------
sakopov
I'm sort of in the same boat with my folks who are pretty much computer-
illiterate. After wiping malware a few times I ended up simply installing a VM
image for them for internet browsing and downloading content. It takes a bit
of getting used to but after explaining how to use it it's worked out great.

------
Tinned_Tuna
The best thing I can suggest is regular, invisible backups. Ensure that it's
very difficult for them to avoid doing the backups, and make sure that what
ever holds the backups is a battle-hardened.

Social engineering is a broad problem right now, and all you can really do is
be prepared to pick up the pieces after the fact.

------
nxm
Get them a Chromebook - perfect for their needs and no yearly formatting
required from my side

------
AlexeyBrin
You could limit his user rights, make him a Standard user and don't let him
install new software.

Also, have a look at how suitable a Chromebook will be for his workflow
(simpler to maintain from your perspective and harder to infect).

------
type0
> This is pretty remarkable given that my dad only uses it watch golf videos
> and edit some photos in lightroom. He may occasionally indulge in some porn
> cough.

Teach him how to use Linux. He can use Darktable instead of Lightroom.

------
peterwwillis
Linux? Or a Chromebook.

They'll only be able to do like, two things with it, but at least Google has
tools that replace most office-type apps. I'm going to say Chromebook is the
slower but simpler solution.

------
chrsstrm
I've started remapping certain file types to open with Notepad instead of the
default. I covered all the .js variants but does anyone have a more
comprehensive list of file types to address?

------
Mz
I will suggest you put together some tutorials on some of the basics.
Preferably keep them to one page and include screen shots.

You cannot protect people from their own ignorance.

------
knguyen0105
I have the same problem. For now, I use Firefox + adblock + noscript + public
fox (to disable download and exe). Not fool-proof but it's enough

------
elchief
I made myself admin and my dad a regular user so he'd stop installing malware.
So he threw out his computer and bought another one...

------
colemickens
I've never seen someone screw up a Chromebook and it takes less than 120
seconds to reset it to scratch and reload your profile.

------
shmerl
May be propose for them to use Linux. It should cope better. No lightroom for
it though, but there are other good photo editors.

------
vgallur
If you are stuck on Windows or Mac you can try a program that restores the
computer to a safe state on reboot, like Deep Freeze.

~~~
throwawaywxc
Not a bad idea.

What are your thoughts on file-syncing using DropBox? Solutions have to be
easier than breathing - I used to take a regular image of the PC for backup
purposes but then my dad would complain he couldn't actually view the files.

~~~
rcamp
File syncing should not be confused with file backup. You should leverage both
as apart of a comprehensive solution.

[https://www.us-
cert.gov/sites/default/files/publications/dat...](https://www.us-
cert.gov/sites/default/files/publications/data_backup_options.pdf)

------
sandGorgon
Use Linux. Seriously. I installed Fedora 24 in my dad's PC and I haven't had a
support call in 3 years.

~~~
rovr138
Does he use it?

I installed Ubuntu LTS on my mom's. If it weren't for the SSH connection that
always calls a server I have and I can use it to log back to her computer, I
would have to get a sister to drive there in order to walk me through what
she's seeing.

With the SSH tunnel, I can just SSH to her computer through my server and fix
almost everything.

~~~
sandGorgon
its brilliant. It has gnome and he loves it - he says its better than hunting
through "my programs".

Windows 10 and Gnome have fairly convergent UI. And all the software is
already built into Linux

------
baronseng
maybe try this? [https://ma.ttias.be/pi-hole-dns-based-blacklist-ads-
tracking...](https://ma.ttias.be/pi-hole-dns-based-blacklist-ads-tracking-
raspberry-pi/)

------
dfischer
Get them iPads

------
egypturnash
Ditch the PC and get them an iPad.

------
akulbe
Another vote for a Chromebook.

------
amelius
Kids filter?

------
joesmo
Here's a couple of things you can try:

* Drop linux on it with a simple GUI on it and lock the machine down. Don't give him root access or admin rights. Make sure the machine updates and backs itself up without intervention. * Set up his browsing inside a vm that gets recreated on boot (any host OS, linux as guest would be ideal but any will do).

------
olivercreashe
Take it away from them. Really, if it means that their identities are at risk,
I would not put your parents at risk and persuade or force them to not use the
interwebs until they get educated.

Btw, a chromebook does _nothing_ to protect them against identify theft. Don't
get them anything, better teach them what they might lose.

------
pikachu_is_cool
Get rid of Windows. Problem solved.

~~~
ciupicri
And replace it with what?

~~~
oxguy3
Nothing. You can't brick the OS if you don't have one! /s

------
rcamp
I specifically wrote my book, Digital Survival Guide, to help address this
knowledge gap in digital security and safety that our society has. However,
education may not be enough for everyone and you may need to take a sandbox
approach. Have them use a VM and expect to refresh it from a snapshot often.
Check out my book, you and your parents will find many useful tips.

[http://amzn.to/2fkervN](http://amzn.to/2fkervN)

~~~
throwanem
No ebook version? In current year? Are you even serious right now?

