TechSpot

How to keep people from installing spyware on my computers?

By cds333
Aug 22, 2008
Topic Status:
Not open for further replies.
  1. Hey there,

    I have recently been assigned the task of maintaining a few computers for use by the public. I work at a hotel, so they are open to all guests as well as their kids. Their primary purpose is to check email, print airline tickets, ect... Of course then we have these little ************* who download games, porn, and inadvertently- infect it with more than 100 spyware infections weekly.

    You all know the trick where you download a "porn video" and then it says you have to download a "special codec" for it to play; or, you download a game, and then it says "your computer is infected, click here to scan for free", and in turn the "scanner" turns out to be the spyware- well, this happens constantly, and whereas I like getting a few extra hours here and there, I don't like being called on my day off because the machine is totally fubar.

    I am looking for a way to restrict users from installing software, and especially software that installs randomly named *.dll files in the system32 folder, and then attaches those dlls to explorer.exe or some other system process(s). When I run spybot, or when I try to delete the offending .dll files manually, the hijacked processes immediately re-spawn the deleted file(s). I don't know exactly what this type of spyware is called, but it is a serious pain in the a**. Especially since the randomly generated filenames prevent searching online for a match. (What happened to the good old days where spyware was a single .exe file? )

    I have tried setting the user's permissions for system32 to nothing, save the SYSTEM user, but that just prevented the user from logging on. I have also thoroughly been through gpedit.msc's options, but nothing I have found does the trick. I also require that the user be an administrator, since the monitoring software I use seems only to work with admin privelages.

    Does anyone have any ideas? Is there any way to limit access to the Windows folder (and subfolders) and the Program Files folder so that the system can have access, but the user cannot (except for saving documents, pictures, ect... (not absolutely necessary, BTW))

    Thanks in advance!
  2. raybay

    raybay TS Evangelist Posts: 10,716   +6

    There is standard software for hotels and motels available for this. Nearly everything that works is proprietary, or costly. Check some of your hotel motel magazines and websites. Or call a very good tech
  3. cds333

    cds333 TS Rookie Topic Starter

    sorry, I should have mentioned that I have to do this all on my own, and I am not being given the option of buying software or paying someone to do it. Thanks for the suggestion however...
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  5. Justin

    Justin TS Rookie Posts: 1,595

    Programs like Deep Freeze (http://www.faronics.com/) are designed to tackle problems like this with Windows. Especially with shared machines, you can freeze profiles, let them do whatever they want, then roll it back, with varying levels of customization.

    If you're really having that much trouble, the $45 or so price tag might be worth it for a program of this nature.

    Disclaimer: I don't use this software.
  6. cds333

    cds333 TS Rookie Topic Starter

    I'm starting to think you're right...

    I'm also thinking that deepfreeze paired with anti-executable (also from the same company) is the way to go.

    If I am correct, these two apps should allow users to have admin rights, while at the same time allow me to block certain installs (Yahoo Messenger, free games, ect..), and I can just set it to revert back to a default state every day anyway, just in case I miss something.

    Any thoughts??? Thanks again.
  7. gbhall

    gbhall TechSpot Chancellor Posts: 2,344   +49

    I cannot believe that !

    There is no chance whatever of keeping 'uncontrolled' PC's safe without using some pretty special products. Just draw attention to that fact that you (not you personally, but the hotel) probably have public liability in that some unfortunate guest could have sensitive data stolen from their USB key drive, because your publicly-available PC was thoroughly infected.

    And no, I would totally deny installs of any kind whatever. If there was such a thing, I would run the internet from a ROM module.
  8. raybay

    raybay TS Evangelist Posts: 10,716   +6

    Read your hotel security and marketing journals. You can no longer get away with blocking <mostly> the uses of your guests and clients, then refusing to use your resources to make it right.
    You might get away with it, but you will watch your guest lists dwindle... as return customers do not return. Keep count. You will see that you have screwed yourself.
    Any hotel that uses an employee who has to ask the questions delivered here by you is in trouble. You will be in the news someday, or in your competitors ads.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.