Complete and secure?

[PUnitBabyDaddy]

It's really of the utmost importance to be running a reputable antivirus solution and a minimum of two antispyware products. I usually stick with Microsoft's AntiSpyware product and SpywareBlaster. SpywareBlaster isn't a true antispyware product, but more of an immunizing product. If you want, Ad-aware and Spybot are good additions. Seeing that you're behind a router, I think that the Windows Firewall should really suffice in terms of a firewalk.

This is pretty much what my dad decided on and what I did was a fresh install of XP Home, then updated it fully and to SP2. Don't have IE, MSN or OE thanks to nLite so he's using FireFox again but this time the 1.5 version and not 1.0.1. I did hook him up with the "IE Tab" extension. Installed MS AntiSpyware and Antivir Guard and have them with real-time protection of course and scheduled scans. Also we're using the Windows Firewall. Is anything else needed? SpywareBlaster, Ad-aware or Spybot?

[RogueSpear]

Is anything else needed? SpywareBlaster, Ad-aware or Spybot?

They're all free, in the case of Ad-aware there is a free version anyway, so why not. They all also happen to be relatively small and self contained, well behaved and easy to use. So it really can't hurt, but I think what you have installed now is certainly sufficient.

[atomizer]

Is anything else needed? SpywareBlaster, Ad-aware or Spybot?

i think you're already aware that removing IE doesn't remove the core files (assuming you didn't remove the core files), so make sure to configure the security options for IE. explorer will still be able to connect to the internet by keying a URL in the address bar. in my case, i set all zones to their highest, unhide the local zone and set that pretty high as well. if you're not familiar with unhiding the local zone, just do a search for something like:

unhide "local zone" ie

though i'm pretty sure you can accomplish the same thing using gpedit.msc.

personally, i don't hardly bother with anti-spyware s/w anymore, though it's not a bad idea. i'd go with RogueSpear's advise on that one.

if he's behind a router, set a static IP, disable the DHCP and DNS services and all other unnecessary services. if you want more info on services, you can d/l a spread sheet from my siggy, though it's not complete. if the router is wireless, i'd also suggest disabling the wireless SSID broadcast and enabling WEP, though WEP is easily defeated.

for another dose of security, get the "noscript" extension for FF and teach him how to use it. that will block all JS (and other stuff if you want it to) on a site by site basis. NS sits in the status bar and is easily accessible. it allows JS globally, per site, or per session for a site.

adblock plus is absolutely great as well

http://bene.sitesled.com/adblock.htm - adblock plus

https://addons.mozilla.org/extensions/moreinfo.php?id=1136 - filterset.g auto-updater for adblock plus

http://www.noscript.net/whats - noscript

with all that, he should be in good shape!

oh, if you want to have 'windows update' functionality with FF, go here:

http://windowsupdate.62nds.com/

and install the plugin.

try to just ignore the fact that you can download virus code there

Edited January 14, 2006 by atomizer

[LLXX]

You don't need to install a separate ad-blocking program, an updated HOSTS file is a simple and effective solution (and one which you can manually update yourself).

[atomizer]

@LLXX - that's one way of doing it, but adblock provides so much more functionality, auto-updates and ease of use. you can use it to block just certain elements of a webpage for instance.