Re: Internet Explorer, again
From: Abdullah Ramazanoglu (abdullah_at_ramazanoglu.tr)
Date: Mon, 16 Aug 2004 05:54:19 +0300
Chris Carlen <crobc@BOGUS_FIELD.earthlink.net> dedi ki:
> A while ago I asked about how to secure a LAN with one client running IE
> to access a site using Active X controls. In the past we ran Windows in
> VMware on Linux, so most of the time my wife used Linux.
> The solution I came to was this:
> My wife's computer now has a hardware switch to allow her to select hard
> drives. One for Linux, and one for Windows.
> The way the switch works is it switches the power to either the Linux
> hard drive, or the Windows one. The intention was that if she wants to
> use the Thai TV web site, she boots Windows, and the Linux hard drive is
> unpowered. Also, the other Linux box on the LAN would not be running
> when she uses Windows/IE.
> So Windows with IE would only ever run in a completely isolated
> environment, while when she runs Linux, then the other hard drive would
> be used, and the LAN would be in "trusted" mode. In that mode, only
> very limited Windows access to the internet (MSN messenger only) and
> none with IE would be permitted.
> Problem: Now that the switch is installed she only uses Windows, and it
> is impossible to have her use of her computer not coincide with my use
> of my computer. Thus the problem is now worse in terms of security, and
> worse in that my wife's usage patterns have now drifted almost entirely
> to Windows.
IMHO your solution was a bit fussy both socially and technically.
Technically so because it depends on mutual exclusion. Socially so because
you shouldn't be trying to keep a convert when she doesn't care. Oh, I
forgot about multiple desktops. If a user points out virtual desktops as
an important feature in selecting a working environment, then it's better
let her do whatever she likes.
What I would suggest is this, FWIW :
Forget VMware and two-way power switch, even dual hard disks. Just install
her a dual boot system and configure the Linux part as user friendly as
you can do (don't know what distro you use, but I suggest Mandrake for her).
For the security, you appear to connect through NAT (ADSL/Cable router?),
so you are not exposed to direct outside attack. And I wouldn't be
worrying a spyware or agent running on her box would be able to get at
your box. However a spyware could wreak havoc on her side (no problem, see
below) and sniff the LAN and report home whatever it deems valuable. I
would be worried though, for my passwords used on *internet* (not local
passwords), so use https whenever applicable, don't let her access an
important bank account from her Windows box, optionally setup your
firewall and you're done.
As for her, I would only advocate on the merits of Linux, help on Linux
matters whenever called for, but don't touch her Windows partition no
matter what happens. Better yet, never use Windows at home and gradually
give the impression that you are a complete Windows-illiterate, but a
Linux-genius. Let her hire a technician to deal with her Windows woes.
Help her in carrying the PC to the local computer repair shop, but don't
be able to help her in dealing with the problem in the first place. Try
hard, if you must, pathetically hard, but unfortunately without success.
Well, maybe your dignity gets a scratch or two down the road, but it's
better than trying to pull someone to your side without success. Let her
get infected as much as she likes. If her machine grinds to a crawl, if
she loses her months of work, if she can not run a couple of apps
concurrently anymore, c'est la vie. Your Linux, which you have setup and
customized for her, sits there all brilliant, fully functional and
woe-free. Then she would have strong motivations to use Linux, if only
that Thai TV, and her sister and friends et cetera didn't insist on
Microsoft-only technologies. Then it would be her, not you, who complains
about these and fights (even if feebly) against them. And she would pay
attention to Linux compatibility next time she buys a peripheral. There
you are, instead of you trying to pull her into Linux, now she is trying
to push her correspondences out of Microsoft-only world. You have not only
won a user, but also won an indirect advocate.
Be a helpful Linux-genius but a hopeless Windows-illiterate. This is how
my sister switched to Linux. ;)
-- Abdullah | aramazan@ | Ramazanoglu | myrealbox | ________________| D-O-T cöm |