I've never had any trouble with my kids or friends I've set up
that way. One key is giving them the root pswd so they don't
feel disempowered. And explaining the security benefits.
One person wanted _two_ user accounts, one for everyday and
a second for only secure surfing. A good idea!
Users aren't idiots even if they are ignorant. They _are_
deeply concerned (paranoid) about security, and user isolation
is a significant improvement. They see the benefits.
Funny there are so many infected systems all over then. You must be
dealing with a umm, better class of user.
I've been stunned at some of
the risks that people are willing to take... even with company systems.
Zero-day infection is a term which they refuse to incorporate in their
lexicon - if it interferes with their ability to install/run P2P,
(early)Skype, game DLs, favorite freeware, "improved shopping experience"
etc. etc. they won't have it.
There *are* of course often serious corporate political issues involved but
I'd be willing to bet that most infections of corporate LANs got entry
through a notebook which goes home with its user every day. How do you
tell a $$ successful "road warrior' that he's a corporate LAN rogue? The
contortions currently being implemented by some corps to protect againt
this err, situation are, when you boil it down, utterly *NUTS*.
For the last 10 years I' ve been running Linux. Do you think
I spend all my time logged on as 'root'? H3ll no! I find the
additional security well worth the occasional inconvenience.
Linux !== Windows XP though and for someone who has never used a real OS,
it seems nuts to have to logoff/logon/logoff/logon to install some SW...
which usually needs repeating 2/3 times to get right. However depressing,
it does seem to me that most users are indeed lusers - too stupid to be
using software at all and most AV software is beyond their competence...
you can show them but somehow, it just doesn't "take". Though we are a SW
development operation, we get calls from people who "found us in the yellow
pages" all the time... wondering if we can help them with an "infected
computer".
I talked recently to a local system builder and he gets this stuff multiple
times per day - he tells them they can't afford a "clean-up" -- literally
the cost of a new home computer -- but he will reformat and reinstall
Windows for them. This *is* ultimately the fault of M$!.. who on top of
all this want to police those same lusers like thieves. To me it does beg:
who is the thief here?