
Ask HN: How did you set up a secure computer for your parents/grandparents? - mlac
Alright. I&#x27;m fairly technical with non-technical grandparents. My grandpa keeps getting malware on his machine and is starting to fall for scams. Most recently his Chromebook got a Windows virus so he called the number and was about to pay $300.<p>I don&#x27;t live nearby so I need a remote option. I&#x27;ve thought through some approaches I&#x27;m going to try next time I visit so I can have easier remote access, but I&#x27;d be happy to hear from anyone with recommendations or advice. What&#x27;s your solution for your parents and&#x2F;or grandparents?<p>I&#x27;d like any general or specific recommendations for Chromebooks &#x2F; iMac.
======
troydavis
This thread wasn’t exclusively about computer security, but has some ideas:
[https://news.ycombinator.com/item?id=20015775](https://news.ycombinator.com/item?id=20015775)

------
mlac
Update: thanks for the suggestions and the other thread.

I did the following: \- blocked anonymous callers from calling (unrelated but
related)

\- created an admin account on his machine and removed his admin privileges
(his use case for the computer hasn't changed in 10+ years and he can call me
if he needs to install something)

\- set up a router with a static IP that I can VPN into and SSH into his
machine to make changes if necessary

\- froze his credit (unrelated, but again...)

\- set up two factor authentication on bank and email

\- set up pihole DNS in Google cloud with ads and malware blocked. I'd
consider a whitelist but don't care to review his "normal" urls. DNS is set
from the router.

\- block extensions on chrome

I didn't get a chance to configure the DNS on the Chromebook. Overall a fun
weekend project.

------
president
Are they just browsing the internet? Easiest option would be to get them an
iPad.

~~~
mlac
That's a good call. He never got into iOS and is used to using pages and mail
on OS X to get edit documents and read email. But maybe that is the best
option...

~~~
zrobotics
You may want to reconsider an iPad (or anything touch-interface). Tried it
with some older relatives, and the UI differences ended up being too much.
Additionally, even though my grandfather is a hunt-and-peck typist, an on-
screen keyboard was far more frustrating for him to use. At least have him try
a tablet first. Consider that touchscreen keyboards in general are harder to
use for people with poor dexterity, especially for new users.

Chrome book with an adblocker should be reasonably secure, if you're worried
about scammers there are other possible attack vectors that having a secure
computer won't defend against. Consider that if he could fall victim to a
windows virus scam, he can just as easily fall prey to the myriad scam
telephone calls. Unfortunately, there is no easy tech solution for this;
either educating them or setting up financial safeguards through the bank will
solve that problem.

~~~
mlac
Fair point... And I get that education is key, but I'm trying to throw up
technical solutions as best I can so they can maintain their online freedom.

I'm thinking routing their DNS to a pihole, getting them a static IP so I can
VPN in and access their Mac, routing their Chromebook to the home network with
VPN so it goes through the pihole as well, and then locking down permissions
even further on their accounts. If I have solid remote access through VPN I'm
comfortable having him call me when there is a need to install something...
Their use case for the computer hasn't changed much so I don't anticipate they
would need to make a significant number of installs.

And in terms of banking maybe we can make a few calls to their institution.

------
zepearl
I just noticed by chance last week that when my father entered a URL in
Chrome, he entered it into the google search field instead of into the
browser's address bar => not great as at that time he was trying to connect to
his bank's online banking site so if anybody manages to show in Google's top
results some fake site he would fall for it no matter how much "hardened" his
PC could be => now I'll have to explain him the difference, and the fact that
you can as well submit a search directly in the browser's URL address bar
definitely does not make this more simple, pfff... .

~~~
mlac
Yeah. He's on a Chromebook now but there are still ways it can go sideways.
And toolbars continuously get installed (I need to lock that down next time
I'm there).

This could be a benefit of banking by App using an iPad like another user
recommended, but I'm not sure. I guess if iPad OS has mouse support then a
keyboard and mouse could be the best of both worlds...

------
pcunite
I know your question is about the assumption that a Windows machine would be
insecure (understandably so) but a properly configured Windows workstation
(using a Limited User account along with Software Restriction Policies) has
kept my parents going just fine for about 7 years now.

Why?

Don't allow directories the logged in user can write into to also be marked as
executable. Do that and it's smooth sailing.

~~~
mlac
It's not so much that. I had switched to Mac in 2007 and got them to switch.
At the time it was much different in terms of viruses, and that machine ran
smoothly until 2018 (I added ram and swapped HDD to SSD along the way I
think).

I had them upgrade last summer due to their old machine no longer receiving
updates, and ever since it's been hit or miss. I guess they can do more on the
new machine because it is faster?

I think a good Windows 10 machine that is locked down would be solid, but at
84 transitioning back to software you haven't used since you were 72 is a
challenge. They've had the Chromebook about 5 years and still haven't learned
it all (not that there is much to learn, but they still aren't clear on how
webmail on chrome lines up with the mail client on Mac, or how to get to the
Gmail web interface from the Mac, even though they've done it a few times (and
I've shown them). I convinced them to get a Chromebook so they wouldn't have
to take the iMac with them while traveling and it would be easier if it were
lost or stolen.

I would say it's time to just quit the internet and computers, but it's part
of their freedom that I think they'd like to preserve and they do use it for
light document editing, viewing photos of great grandkids, etc.

I guess I'm looking for guardrails / bumpers that I can put up to keep them on
track. And honestly if this problem was solved in a non-patronizing way it
would probably be a very successful security company that could be applied
elsewhere. At the end of the day it is least privilege and fighting adware /
malware / all the crap that most users run into who don't have good security
hygiene.

------
mlac
For more context - I was thinking of setting up a pie hole on their local
network and forcing a VPN from the Chromebook to home network, but this has
some availability downsides.

For a weekend project I was ocnsidering an AWS solution that I could use to
filter traffic. But again, something easier with less overhead would be
preferable. Happy to know what others did.

Then

------
2xThink
I got tired of the work to keep my elderly mother's windows laptop in trim, so
I had her get a Macbook. It's been smooth sailing for over a year now. No more
"can you look at my laptop" Mad Max virus of deth incidents. I'd have her use
OpenBSD, but she seems to lack the gene to roll with i3.

------
duxup
I fear any access to the internet could result in a scam popup... there isn't
anyway around that expect some sort of instruction to call you or someone
before they do anything, like pay money.

------
JamesBarney
How did his chromebook get a windows virus?

~~~
mlac
It didn't. It was a fake add pop up that said it had a Windows virus. It was
convincing enough for him to get on the phone and be ready to pay $300 to
Windows to fix the virus until my dad walked in the room and stopped him.

