Windows 7 forum

Resolved Question

Seeking suggestions for security tune-up service

by Rhizomorph / August 23, 2013 8:14 AM PDT

Hi guys,

I would like to ask for suggestions from some experts here regarding security tweaks for Win 7. I already know of all the obvious ones. I'm kind of looking for those last few lesser-known ones that some of you might know of that I don't.

The reason is that I plan to offer a "PC security tune-up" service to local people in my area where I will examine and change several settings in Windows (7 and Vista is mostly what I believe I will encounter, probably some XP too) that tighten up security for them. I believe that there a vast number of home users out there (as many as 90% of them would be my guess) who don't have the skills or initiative to investigate their own security, and just leave their Windows settings on the defaults. As we know, this can be hazardous.

With all the new events and attention around unauthorized NSA surveillance and increasing malware and hacking problems, it seems like an excellent time to offer a service that helps people with their security.

If this plan seems odd given that I'm asking for input, note that my status regarding knowledge is that I'm in that huge middle ground between newbie and really skilled tech person. To give it a visual, I'd say it this way: if the lost newbie who can barely handle changing a setting in their browser is a "1", and a really sharp IT expert is a "10", I'm about a "5." I know way less than professional IT people, but I also know way more than most non-pro people (over 30) that I run across. I believe I can help that huge demographic of "ones through fours" because I believe I can talk to them in layman's terms and help them understand the problem (and solutions).

I also doubt that most pro IT people would be interested in making house calls for this kind of small thing anyway, and I'm more than willing to do it (I'm currently out of work).

So... any tips? I'm already going to be doing all the obvious ones like having clients set their User Account Control to the most sensitive setting, disable file sharing (provided they don't need it), disable Autorun, disable Remote Assistance (after confirming they don't use it), disable VNC, etc. Like I said above, I'm really looking for the little-known but important holes. The service will be aimed at closing off most of the vulnerabilities that for some reason Microsoft likes to leave open by default.


Rhizomorph has chosen the best answer to their question. View answer
Discussion is locked
You are posting a reply to: Seeking suggestions for security tune-up service
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Seeking suggestions for security tune-up service
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer chosen by Rhizomorph

Collapse -
The problem with that
by Jimmy Greystone / August 23, 2013 9:25 AM PDT

The problem with that is that probably 90%+ of all security issues are caused by the user. What you need to do is train people not to click on every random link that comes into the inbox or open every attachment that claims to be nude photos of some celebrity or from someone they know. People need to learn not to just keep clicking "next" when installing some bit of software, but to take a second or two on each page to make sure none of them are opting you in to some nasty bit of malware. People need to know that if someone calls them up, claiming to be from Microsoft or Symantec or any other big name company, that it's almost certainly a scam.

I get what you intend to do, but you haven't thought it all the way through. Say you perform some kind of tune up service on someone's computer. They then decide to go to some seedy porn site where they can't view the videos because of what you did. They then proceed to undo some of your tune ups to see naked women (or men), a digital STD infects their computer, they now blame you because you promised to make their computer more secure.

If computer security were as simple as changing a few settings or disabling certain programs, companies wouldn't need to spend billions of dollars a year on computer security. That part of computer security is easy, the problem is that all it really does is help mitigate the damage. USERS are the problem, USERS are the ones who do stupid things because they just want everything to be "easy to use". Those are the habits you have to beat out of people and it is something that takes a lot of time and consistent effort to accomplish. You can't just have one or two quick sessions with someone and they're "cured", never to make another security blunder in their life. You could spend years working with people and still feel like you're not making any headway. How long has it been considered best practice to have a password, let alone minimum of 8 characters, mix of letters and numbers, at least one non-alphanumeric character, etc? It's hard enough getting users to have a password that's something easy to guess like a birthday or anniversary. You can all but forget about some random string of letters and numbers along with a couple special characters. Until you can train users, you may as well be trying to empty the ocean with a drinking glass.

Collapse -
A grim assessment...
by Rhizomorph / August 23, 2013 1:58 PM PDT
In reply to: The problem with that

Hi Jimmy, thanks for the reply.

You'll get no argument from me that a lot of people don't do a lot of dumb things, but I don't think things are quite that grim.

My target clientele will be not so much the dumb sheep who clicks on every celebrity pic, but rather, people who are just a little smarter than that and are maybe even starting to get pissed about the NSA surveillance thing and wouldn't mind tightening up, but don't really know how to.

The idea is to help people improve their security, sure, but at the root of it, it's a possible way for me to get some work happening.

Collapse -
In that case
by Jimmy Greystone / August 23, 2013 10:48 PM PDT
In reply to: A grim assessment...

In that case, there's really nothing they can do because the NSA isn't secretly installing programs on people's computers, it's monitoring the traffic going between computers on the Internet. They do this by setting up what essentially amounts to a man in the middle attack. Even if you were literally next door to wherever CNet houses its servers for these forums, in order to access them the request from your computer will pass through probably at least half a dozen other computers before it gets to the CNet servers. The NSA surveillance system works by putting one of their systems in that chain and then logging everything going through it.

After the 9/11 attacks, some engineer from AT&T blew the whistle on a bunch of the same basic thing. Talking about how the NSA and FBI had these special top secret rooms inside major switching centers where all phone calls were routed. Meaning that any and every phone call going through that particular switching station was set up to be tapped. Of course back then we were all in the grip of terrorism paranoia and willing to hand over almost any freedoms the government asked for in exchange for the promise of security so the story quickly fizzled. This latest revelation is really likely just the evolution of that earlier program. It's also hardly the first time the NSA has been caught spying on US citizens without any particular good reason. It's happened multiple times since the agency was chartered, even before terrorism was the go-to buzz word for politicians to justify dubious actions.

You can get as pissed as you want about it, the only way to avoid it is to not use the Internet essentially. If they want to do something about it, put pressure on the spineless facsimiles of humans we call politicians. Make it clear you'll do everything you can to ensure they're looking for alternative employment soon if they don't do something about the whole NSA spying program. Changing a few settings in Windows is going to do exactly NOTHING to prevent or even force the NSA to work any harder to access the contents of communications from your clients.

And no offense really, this is going to sound a lot more harsh than it would if you had the benefit of non-verbal cues, but the fact that you don't know the above is one more reason why your idea is a bad one. Noble and well intentioned, but bad none the less. You'd be selling people a false hope, which is probably worse than nothing at all in this case. If people are concerned about the NSA spying on them, they may not be able to change that immediately, but they can be aware of it and be a bit more careful about what they say. So, even in this case it all comes back to training users to alter certain habits, not flipping a few switches.

Collapse -
Thanks, but not what I'm trying to get to here
by Rhizomorph / August 24, 2013 7:41 AM PDT
In reply to: In that case

The NSA is only the high-profile news aspect of this. Yes I know there is nothing you can do to tweak windows that would really keep them out. Maybe I should not have mentioned NSA at all.

You are really missing the whole point of my appeal here, which is that I want to try to do a little local small service business and am looking for the last few tweaks/tips that I might not be aware of. I was not looking for any kind of sociological opinion about why people can't be helped, I am just looking for a little tech knowledge help. I thought that was what this board is for. This isn't a political or sociological board, right? It's a windows 7 board I thought...?

Thanks for the help Jimmy...

Is there anyone else besides Jimmy on this board? Can anyone offer anything in the way of win7 security tweaks (not against NSA but against hackers, malware, etc)?


Collapse -
I think Jimmy Greystone
by itsdigger / August 24, 2013 8:09 AM PDT

Hit the nail on the head here. There are no magical tweaks to keep prying eyes from whats being seen between points A+B. You may put up some firewalls and such to keep people out of your computer but once the information is in transit to wherever it can be seen . Maybe you want everything to be encrypted but that's another subject.

Collapse -
You're not listening
by Jimmy Greystone / August 24, 2013 9:54 AM PDT

You're not listening. There is no magic list of settings to change or tweaks to apply. As I said before, if it were that easy, computer security would have been "solved" ages ago. If you try what you propose, it will backfire on you. People will think you're promising to make their computer completely secure, turn around and do something stupid because they think they're invulnerable, then blame you when it turns out they were quite vulnerable after all because otherwise they'd have to admit they made a mistake.

Any security expert will tell you the same. The biggest threat to computer security is the user. That's because they're the ones who will generally dismantle even the most expertly crafted security system if that security system makes things even a tiny bit more work for them. Anyone who's had some kind of tech support or sysadmin type job will tell you all manner of stories that back that up.

And others are always free to jump in on these forums, but typically when no one does, it's because no one else feels like he or she has anything more to add to what's already been said. If I were talking out of my posterior on this topic, you can bet there'd probably be a half-dozen people jumping in to say so. Your refusal to listen to what I've been saying is the same kind of cognitive dissonance that you will run into with users if you try what you propose. They'll interpret it as you claiming to have made their computer impervious to attack. They will then promptly go out and do something stupid because they think they're protected, quickly find out they aren't and blame you. It doesn't matter how many times you say it's not a 100% guarantee or they still have to be careful, the alternative is that they have to admit they made a mistake. It's much easier to just blame you. I'm trying to save you from yourself here, but you're not making it easy.

Collapse -
Who said anything about "magic tweaks"?
by Rhizomorph / August 24, 2013 1:53 PM PDT
In reply to: You're not listening

You did, not me. Your responses seem neurotic as they are all based on where you think I'm coming from. Thing is, that's not really where I'm coming from. You were convinced from the start in your own mind of how I'm thinking. And I wasn't asking to be "saved from myself" here, I was asking for a few windows tips. I obviously picked the wrong forum to do that...

But while I'm at your feet, wise one... I will explain (not sure why...)

I don't intend to offer anyone any unreasonable promises. I intend to try to enlighten them a bit about how things really are. If it turns out that there is no interest in such straight talk, then I will learn that when no one replies to my ads and I find no takers. At that point maybe you will turn out to have been right, but right now I'm trying to find a way to earn a little money. I've been out of work for like 3 years, okay?

Look, let's say in the future there is a hack that goes around, or even exists now, for let's say, the remote assistance feature. One that gets the attacker right inside whenever the victim has left the feature enabled and some other weakness lets the attacker in. Let's say that there are lots and lots of people out there who (1) aren't even aware of the remote assistance feature and/or never gave it a thought as a possible vector for attack, and (2) never gave any thought to turning it off. Some of those people might very well be grateful for a guy who comes along and informs them about this in addition to about 14 other settings I have so far collected that all tighten up security.

You can believe what you like, but I believe that there are tons of people in my area, and every area, who fit this description. They're my dad, they're your neighbor. You can think of them as idiots who can't be helped, but you'll have to pardon me if I see them instead as people who don't happen to know much about computers but might be educated a little and might pay me a little money in the process. I mean sh|t, I was only planning on charging people like $30 to come in and change about 15 things, and take about an hour to 1.5 hrs, explaining all along the way what the changes are and why they will help. If the people then go on to be stupid and get themselves infected after they've paid me and I've left, then hey, that's how it goes.

I figure any people who might respond to ads that I'll put out there will be people who will respond favorably to an offer to help them tighten up the security for their home PC. Of course I won't be offering to make them bulletproof and impenetrable... no one can claim to do that. But I can offer to "enhance security" and "minimize the attack surface." I hope you can see the difference there.<div>
The one thing I thing you've helped me with here though is that your comments make me see that it could be a good idea to have a little "hold harmless" agreement that I'd have the clients sign so that they don't try to blame me for something they or someone else cause later. When they ask what it's for, I'll explain it just the way you did---that if they go on to do something risky and cause themselves a problem that it won't be my fault and that I can only try to teach them to be careful and inform them of risks and semi-remedies.


Collapse -
What you have
by Jimmy Greystone / August 25, 2013 2:03 AM PDT

What you have is a social problem, but you're trying to use a technical solution. Square peg, meet round hole. Say you disable all remote access programs, install all security updates, stop the user from using Internet Explorer, the works. How is that going to help the person when someone calls them up claiming to be from Microsoft, Symantec or some other big name company and saying they detected some kind of security issue with their computer. All they have to do is download and install this other remote access program and the person on the phone will log in and fix it for them, because they're just such kind and caring people. The person you helped is probably thinking you're an idiot and missed something, maybe even made things worse instead of better and probably making a mental note to get their money back after they're done with this phone call. After all, who are they supposed to believe knows more about security? You or someone from Microsoft or Symantec? Of course it's a scam, which they'll find out soon enough if they refuse to pay up at the end. How does changing settings or disabling programs address this type of scenario?

Put another way, on a scale of 1-10 you put yourself at about a 5. I'm quite a bit higher and you're free to check my posting history if you want proof. So as someone who knows considerably more than you on the subject, I'm telling you that your plan, in its current incarnation, is a bad idea. I have no problems at all understanding what you're trying to do and I'm telling you that you're approaching this problem from the wrong direction. You have a social problem that you're trying to solve via technology. It just doesn't work that way.

Collapse -
by Rhizomorph / August 25, 2013 5:22 AM PDT
In reply to: What you have

for taking the time to comment. It's been interesting reading your take on the what you see as the extremely sorry state of the average PC user (and I grant that you may be right in a lot of cases).

I agree with some of what you say, but I think your outlook seems unnecessarily grim. Part of our difference in perspectives is that I have never in my life personally known anyone who was socially-engineered/scammed the way you describe (live on the phone). I've seen the fake antivirus scams though, where the malware takes over the machine and tries to get the person to panic and buy fake software to fix the problem.

The only problem I'm really trying to solve is my own financial problem by coming up with something that I can do as a small service business that is akin to the IT troubleshooter/problem-fixer guy who makes housecalls. I just want to find something I can do to help people, and also do no harm, get paid a little money and leave. That's it. I'm not nearly skilled enough to do a full expert role, but I'm way more advanced than the average Joe or Jane I run into who doesn't even know the first thing about the inner workings of Windows and has a hard time remembering to run their anti-malware app.

Collapse -
I see where you're coming from...
by Dafydd Forum moderator / August 25, 2013 6:09 AM PDT
In reply to: Thanks

but, legally, you would be held responsible for anybody falling foul of the internet.
I'm totally with you in your intentions. But there is a potential minefield ahead.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.