+ Post New Thread
Results 1 to 11 of 11
How do you do....it? Thread, Protecting from malware on teachers laptops. in Technical; Hello all, I am just curious what methods others use to protect teachers laptops when they are at home, other ...
  1. #1

    Join Date
    Jul 2013
    Location
    Northamptonshire
    Posts
    126
    Thank Post
    28
    Thanked 8 Times in 6 Posts
    Rep Power
    4

    Protecting from malware on teachers laptops.

    Hello all,

    I am just curious what methods others use to protect teachers laptops when they are at home, other than A/V.

    At school we have filtering to block malicious sites but at home there is no such protection. I am thinking of setting something up for the hosts file, but I wondered if anyone knew of anything that was more automatic?

    Cheers,

    Paul

  2. #2
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,016
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    Smoothwall do a client so you can block certain sites with clients off the lan.

  3. #3

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,230
    Thank Post
    13
    Thanked 230 Times in 219 Posts
    Rep Power
    68
    Sophos have a similar thing with their web control built into AV if I am right in thinking.

  4. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,080
    Thank Post
    232
    Thanked 2,724 Times in 2,009 Posts
    Rep Power
    798
    Quote Originally Posted by TheGoodGuy View Post
    other than A/V.
    Some of the things I have done...

    • Enable AppLocker and setup rules to prevent executables/scripts from running.
    • Install EMET to help protect against zero-day exploits (among other things).
    • Block adverts in Google Chrome (using the URLBlacklist policy) so there is less chance of getting infected via malicious ads.
    • Keep browser plug-ins like Flash Player and Java up-to-date.
    • Install the latest Windows hotfixes as soon as possible after Patch Tuesday.
    • All users have standard accounts. i.e. no teachers in the local admin group.

  5. #5

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,230
    Thank Post
    13
    Thanked 230 Times in 219 Posts
    Rep Power
    68
    Something basic don't make them administrators, cuts down on a lot of it I find.

  6. #6
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,016
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    Have sccm installed with a outward facing software update/management point/distribution point. Then you can keep flash/reader/windows up to date.

  7. #7

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    801
    Thank Post
    180
    Thanked 62 Times in 59 Posts
    Rep Power
    36
    As @MatthewL states, not making them administrators is a start.

    But also make sure the Stall Laptop AUP covers things like:

    The Laptop is to be used by the staff member only and not to be used by Siblings, etc.
    The Laptop cannot be used for any peer to peer sharing activities.

    I've personally found that most of the issues are caused by Siblings using the Laptop and visiting Joke sites, game hack sites, serial generators, or using Peer to Peer sharing sites.

    Just to add, having the Laptops back for Microsoft Updates and using Anti-Virus as others have said.

    But a lot can be said about the IT awareness of the end user .
    Last edited by Davit2005; 16th January 2014 at 08:03 AM.

  8. #8

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,935
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    No java.

  9. Thanks to Theblacksheep from:

    free780 (22nd January 2014)

  10. #9

    Join Date
    Jan 2014
    Location
    Bournemouth
    Posts
    34
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    2
    Don't make them administrators on their own machines, and make sure that your Windows Lockdown GPO is properly configured. Any malware would require admin rights to install, and UAC should prompt the user for admin credentials when malware tries to install. If they bring the laptops into school each day, then having them back for Windows updates should be irrelevant as long as you have WSUS configured correctly. It could also be worthwhile pushing out a group policy that uninstalls Java as it's rarely needed and has myriad security holes.

  11. #10
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,016
    Thank Post
    42
    Thanked 84 Times in 80 Posts
    Rep Power
    22
    And if java is needed lock it down. Use deployment rulesets so it only works on trusted domains.

  12. #11

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,265
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Sophos also has "live protection" which reduces the need to keep its local malware signature database updated, great for roaming clients whose update server is behind the firewall. There are of course other ways of achieving this (publishing the update distribution point on a public facing server for example.

    I do have to say that with web protection and live update the number of infected staff machines I see is massively less than even three years ago.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 3rd August 2012, 02:48 PM
  2. Replies: 8
    Last Post: 13th May 2010, 02:04 PM
  3. Teachers laptops on wireless network
    By bishopsgarthstockton in forum Wireless Networks
    Replies: 21
    Last Post: 27th February 2009, 08:53 AM
  4. Replies: 2
    Last Post: 16th January 2008, 04:25 PM
  5. Confidential information on teachers' laptops
    By laserblazer in forum General Chat
    Replies: 2
    Last Post: 11th October 2007, 05:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •