In this case, me wife's Grandmother has several behaviors that increase the likelihood that she will be infected.
- She installs random software that she downloads from the Internet.
- She often runs her programs using "Run as Administrator"
I am tempted to remove Windows from these computers, and install Ubuntu, but I think that this would be a steep learning curve for her, and I would still need to set up a way for her to run windows programs (Wine or VMWare)
If I had more time to dedicate to support, I could change her account to a non-Administrator account level. But then, everytime she wanted to install some softeare, or run a Windows Update that prompts for administrator access, I would have to do that. Unfortunately, we are local to her, and I don't have the time to manage all of these things remotely.There are several things that Microsoft could do to make this type of support easier
- Create a new type of user, lets call it "sub-administrator". This user would have the following behaviors
- Would not be able to use the "Run as Adminstrator" command
- Would only be able to install applications that are signed
- The developer would sign their app with a private key, where the public key is registered with Microsoft.
- Microsoft would only allow public keys to be registered from "reputable" developers
- The application would only install if the signature matches what is expected
- This user wouldn't be able to modify backup or virus scanner settings
- Create a new "Safe-mode" setting. In addition to the Safe-mode with Networking, there would be a "Safe-mode with Networking and secure-RDP". This would allow the person responsible for support to be able to log in, even when in safe mode
- Allow an administrator to specify that "Safe-mode" should be entered on the next boot. This would eliminate the need to be physically present to enter "Safe-Mode"
Even with this scare, I don't think that she will change her behavior, unless Microsoft adds some features that I listed above, I am thinking that either I will have to revoke administrator privileges from her account, or stop offering support.