Non-Profit, 22-volunteers - Security configuration suggestions

[roge46]

Basic Situation…
a) I recently began volunteering at a non-profit organization with (5) donated computers…(3) desktops + (2) laptops.
b) (2) computers have Win-XP Pro with IE-8, (2) have Vista with Firefox, (1) has Windows 7 Home Premium.
c) There are approx. 22.

PC ENVIRONMENT… Non-Profit organization, 22-volunteers non-salaried, 5 computers. We have 22 people that work with the different computers each week as (4-5) people work each day. Each computer has average use of 4-5 hours per day, primarily for word processing and internet searches primarily on state and federal websites.
GENERAL COMPUTER KNOWLEDGE…Intermediate/Advanced (my level) ; Beginner (for most other volunteers).
LEVEL OF SECURITY RISK…Low (22-different users on 5 computers…but they usually do not install any new software).
OPERATING SYSTEM(s)…Windows XP 32-bit SP3, Windows Vista 32-bit SP2 & Windows 7 64-bit.
ADMIN CONTROL…I believe that I have Admin Control over all computers
REAL-TIME PROTECTION… (free, all computers) Microsoft Security Essentials + Malware Bytes + Spybot S+D
FIREWALL… Microsoft Firewall.
SCANNERS… MalwareBytes Free.
BROWSER… Win-XP uses IE-8, Vista + Win-7 use IE-9
TOOLS… CCleaner plus REVO (to search & remove unapproved software; no unauthorized software found in the past 4-months)
SOFTWARE UPDATES…weekly (I am there one day per week) as I unable to depend on anyone to properly update any program. The "issue" is that when they start working…they turn the computers "on" and try to access the internet immediately… auto-updates would consume limited RAM…and frustrate the volunteers. XP machines have 1MB of RAM, the Vista & Win-7 each have 2MB RAM. On the day I am there, I arrive early and update all computers.

When I started, some computers had literally not been updated on the Microsoft website in anywhere from 18 to 38+ months. Only (3) had basic anti-virus programs that were 2+ years old, without updates. Just another day at a non-profit that must depend on donated equipment and very little in funds because we deal with very low income clients.

I started be taking one computer at a time home, to fully update the operating system, conduct an on-line system scan, install basic (AKA "free") antivirus programs & utilities (Spybot, Malwarebytes, Microsoft Security Essentials, CCleaner, Revo, etc). One computer had (5) different toolbars loaded on it. Each computer took between 20-40 hours to scrub, de-frag, re-load/install new/updated software, etc.

Then I started getting complaints about "I want IE" or "I want Firefox" or "Where is my old browser"?

I am attempting to standardize on one or two browsers (such as IE-9 and Firefox, if logical), with free antivirus program(s) and utilities so that I can easily maintain all (5) computers with the least amount effort as I have other tasks at the organization beyond being an IT person. I am not a total IT geek, but my experience is way more than all others in the group. They do not understand about software updates.

I do not want my personal preferences to cloud my judgment….so…

My questions… (not just "what", but please… more importantly… "why")
1. Which browser / antivirus / utilities should be installed on the Win-XP machines and "why"?
2. Which browser / antivirus / utilities should be installed on the Vista machines and "why"?
3. Which browser / antivirus / utilities should be installed on the Windows-8 machine and "why"?
4. Is there a reliable utility that I can use to notify me for updated software and drivers on all 5-machines ?

Since I have $0 budget, every program has to be free.

Your thoughts and comments would be sincerely appreciated.

Regards - Florida Gray Beard

 

[Deleted member 178]

First in all machines, remove Spybot S&D, its technology is average, it afford nothing better than MSE could give already. also you will free some RAM.

in all machines:
- set a standard account for the users; only you will have an admin account.
- install a free system-wide virtualization software like Timefreeze ( http://www.toolwiz.com/products/toolwiz-time-freeze/ )
set it to be launched at the boot, so all changes are negated at each reboot.
Exclude one folder on the data partition, so the users can keep their works.
- install Sandboxie Free and teach (force ^^) them to use it with their favorite browser. Tweak it properly for ease of use.


in all XP machines:

Install MSE with a light firewall (Zone Alarm free for example http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm ), XP built-in firewall is weak.

in all Vista/win7 machines:

- keep MSE + Windows Firewall,
- set the UAC properly


In all Win8 machines

- Keep Windows Defender and Windows Firewall
- Set the UAC properly


for the update r software you can use Secunia PSI (it is security-oriented) and will notify you.

 

[BSOD]

Before you install TimeFreeze, etc. as Umbra suggested, may I ask what work would these people be doing on their machines exactly?

Haha, and I sincerely hope you mean GB of RAM instead of MB!

- Use Microsoft Security Essentials and Windows Firewall in Windows 7, Windows Vista.
- Use MSE with Comodo/ZoneAlarm in Windows XP. You can use a third party defragmenting software on XP like Auslogics Disk Defrag or Ultradefrag.

You can keep MBAM as an on-demand when you do your weekly check-ups.
Use CCleaner regularly.

You can install all three browsers, really. Let them use whatever they are comfortable with. Install AdBlock.

I personally use Filehippo Update Checker to tell me about the available software updates.

 

[roge46]

Before you install TimeFreeze, etc. as Umbra suggested, may I ask what work would these people be doing on their machines exactly?

Haha, and I sincerely hope you mean GB of RAM instead of MB!

TYPE WORK...
a) MS WORD 2007 documents & forms (55%) + occasional EXCEL files (2%)
b) Minimal e-mail in our Yahoo.com account (3%) (I now require them to log-out of e-mail at the end of each day).
c) google searches for laws & regulations pertaining to stae & federal medicare & elder care topics (20%).
d) research on State of Florida websites + federal (social sec & medicare) (20%)
Yeah...I meant GB (sometimes it acts as though is is actually MB of RAM).

--> would this work "mix" change any of your recommendations ??

Thanks - FL Grey Beard

 

[roge46]

I appreciate all your comments.

What is the basic function of "Timefreeze" ?

Basic question... pls define "set the UAC properly" ?

Thanks - FL Gray Beard

 

[BSOD]

--> would this work "mix" change any of your recommendations ??

Nope, my recommendation is pretty straightforward and simple. I don't think you need TimeFreeze but other members will probably have other opinions. Visit the Toolwiz TimeFreeze website and check it out for more info.

Basic question... pls define "set the UAC properly" ?

The User Account Control can be found in your Control Panel. Keep the settings on default or maximum as per your requirement.

 

[Deleted member 178]

What is the basic function of "Timefreeze" ?

To be simple, it put your drives/partitions in a virtual environment; all the changes (infections, softs installations, modified files, etc...) that will happen next will be discarded at each reboot.

Basic question... pls define "set the UAC properly" ?

set it to match the habits of the user; for example, set it at max for a user who like to install/execute many unknown softwares ; to default for the basic user.

 

[Ink]

How are the computers networked? Are they connected wirelessly to a router, or through cable?

Do you know if your router has a Firewall (also known as a Hardware Firewall)?

By the way, welcome!

 

[McLovin]

How are the computers networked? Are they connected wirelessly to a router, or through cable?

As Earth said are the computers networked, if so instead of having single AV programs like Avast Free, why not install McAfee Endpoint protection or something on a business level? I know they cost, but it would be worth it as you can monitor other computer from one.

 

[Deleted member 178]

why not install McAfee Endpoint protection or something on a business level? I know they cost, but it would be worth it as you can monitor other computer from one.

He specifically want Free softwares.

 

[McLovin]

He specifically want Free softwares.

Yeah, woops didn't see that part. Jumped straight to the next post.

Since I have $0 budget, every program has to be free.

 

[roge46]

(A) How are the computers networked? Are they connected wirelessly to a router, or through cable? REPLY..Computers are not networked to each other, but they all have high spped i-net access. We are all networked to a common printer.

Do you know if your router has a Firewall (also known as a Hardware Firewall)? REPLY... not sure if the network routers has a firewall,as the router (D-Link Ethernet Router Model DI-604) was installed by the building comm person. We are a small tenant in a larger non-profit organization building) However, if there is a method to determine...let me know and I will determine.

By the way, welcome!

Thanks for your interest, patience & support.
Regards - Florida Gray Beard

 

[illumination]

Some good suggestions already... Might i suggest on the windows xp computers, to switch to either firefox or google chrome, "chrome" preferred, as IE8 is a vulnerability waiting to happen any more.. With minimum security running, you could also think of a few extensions such as HTTPS Everywhere, as well as adblock plus to eliminate those annoying, sometimes dangerous ads, and Lastpass "secure password manager", maybe WOT or Bitdefenders Traffic Light for checking webpages/urls. These are some basic additions that will help increase security without increasing the load on the older systems.

These addons/extensions work on either Firefox or Google Chrome. I read that some of the people are obviously "set" in their choices, you will need to explain to them, that security comes first, and you are working with minimal resources to do so..

 

[roge46]

Some good suggestions already... Might i suggest on the windows xp computers, to switch to either firefox or google chrome, "chrome" preferred, as IE8 is a vulnerability waiting to happen any more..

Illumination...thanks for your comments. Why "chrome" instead of Firefox for WinXP machines? Asking simply because I know nothing about either Firefox nor Chrome.

I do appreciate all comments/suggestions/recommendations.

Regards - Florida Gray Beard

 

[illumination]

Some good suggestions already... Might i suggest on the windows xp computers, to switch to either firefox or google chrome, "chrome" preferred, as IE8 is a vulnerability waiting to happen any more..

Illumination...thanks for your comments. Why "chrome" instead of Firefox for WinXP machines? Asking simply because I know nothing about either Firefox nor Chrome.

I do appreciate all comments/suggestions/recommendations.

Regards - Florida Gray Beard

Both firefox and Chrome are good browsers, each have their points. Out of the box "default install" with no addons, Chrome would be the more secure of the two choices. Chrome also has the Flash player & PDF reader built in, no worrying about having to update these.