Keeping kids safe on the internet

Joe Wilcox over at Microsoft Monitor recently posted an article about keeping kids safe on the internet.

It’s a good article, but I’d add one other thing to his suggestions:  If you’ve got more than one computer in your house, disable internet access to all but public computers.  And if you’ve only got one computer put it in a public location, like the kitchen.

We’ve got six different computers in our household – each kid has their own, I’ve got two, Valorie's got one, and there’s a common computer in the kitchen.  Valorie's and my computers have internet access, as does the common computer, but none of the others are allowed to access the internet – we filter it off access at the firewall.

The kids also have up-to-date virus scanners on their computer (although their signatures get a smidge out-of-date).

Once a month, after patch day, I manually enable internet access and go to windows update and ensure that they’re fully patched and their virus signatures are updated.  I know I could use SUS to roll my own update server, but it’s not that big a deal.  SImilarly, I could set one of the internet connected machines as the virus update location for the kids computers, but again, it's not that big a deal.

This works nicely for me, and the principles can be applied to anyone's computer, even without all the added hoopla I go through.  The first and most important part of the equation is that all internet browsing is done on a public computer – that means that they’re not going to be sneaking around the darker corners of the internet, with Mom and Dad in the same room.  

The other part of the equation is that all accounts on the public computer are LUA accounts, which adds an additional level of safety to browsing - nobody can accidentally install ActiveX controls or other software, which again adds a HUGE level of protection.  We have an admin account, but it's password protected and the kids don't know the password. 

Edit: Addressed Michael Ruck's comment.


Comments (25)

  1. Anonymous says:

    I think setting this kind of scheme up for a simple minded user is a bit troublesome: They have to know how to setup the firewall, setup manual virus scanner signature updates – once a month open up the doors to receive patches…

    You have setup a pretty nice environment for your kids – but I do not believe most users will be comfortable setting this up at their homes. I know enough people, who are happy that they know how to launch Word, Excel or browse the Internet – but they are unable to set this kind of environment up…

    How about extending IE (or better the Windows Firewall) to prevent it from navigating to URLs not included on a white list?

  2. Anonymous says:

    You may be right Michael.

    I’ll update the article to call out stuff that anyone can do.

  3. Anonymous says:

    Don’t you think that by limiting their access overall, that you’ll just be limiting their growth?

    Since I was 5, my parents gave me pretty much unlimited access to do what I want on the computer. When I was 12, I ran a BBS with my friend. What a cool learning experience. Sure there were things that we were "exposed" to (oh no!), but that sooner or later kids are going to run into.

    Using technology to try and guide kids… I dunno. Limit porno? If you don’t want them going to porno sites, then that’s an administrative issue, not a technical one.

    Then again, if you’re talking about small kids who might just accidentally see stuff, then sure, helping them out is a good idea. Or protecting novice users from installing spyware, that’s a separate issue.

    But how are they going to use NASA’s WorldWind (or whatever it’s called)… or Keystone? Or even Messenger? Homework?

    As they get older though… good luck. If I was 12 and someone put a firewall on, I’d compromise that machine so fast… Then again, my parents didn’t write part of Windows :/.

  4. Anonymous says:

    Michael, you might be right. Daniel’s only 13, so we may find other issues in the future. Time will tell.

    And by putting the computer in the kitchen, I apply a social solution to the looking for porn – as I said in my revision to the post, nobody’s going to be looking for porn when Mom and Dad are in the same room.

  5. Anonymous says:

    I wouldn’t have had any trouble looking for porn with my parents in the same room… I learned to be quick on the alt-tab ๐Ÿ˜‰

    So as an extra hint – make sure the public PC is the worst PC in the house with 128MB and force them to use IE, so the machine is a dogsbody if they try to switch tasks ๐Ÿ˜€

  6. Anonymous says:

    I think it isn’t a good idea to simply block their access to the darker side of internet. They can get internet access elsewhere anyway if they wants to. (I got unsupervised internet access when I was in my university, 24hrs a day. And given 1 year of massive internet access I’ve aqquired enough knowledge to render the network access monitoring policies of the computer lab. useless against myself)

    The only effective approach would be to tell them what the darker side things are and why they are bad. Self-discipline is the only protection relyable on this particular matter, and a 13-year old boy is old enough to learn control themselves from do bad things.

  7. Anonymous says:

    My 12 year old stepson has internet access in his room; we do have a "public" PC but for doing homework and the like it’s much better for him to be somewhere quiet rather than trying to compete against the TV and three other kids…

    I added some simple filtering rules to my router (a dozen keywords covers a multitude of sins) and for the first couple of days it logged a few attempts to access "dodgy" material (boys will be boys after all) but once he realised it wasn’t going to work he stopped trying.

    I’ve also installed Firefox and removed all shortcuts to IE, installed antivirus and firewall software, blocked un-needed ports at the router, and so forth. Every now and again I remote to his machine to check that nothing untoward has happened, and so far it’s all going swimmingly. Luckily he’s not very technically-minded; I know if I’d had a PC at his age I’d make it my business to circumvent the restrictions just as a matter of principle. ๐Ÿ™‚

    All these technical countermeasures, though, are no substitute for a bit of common sense and education, and I may (depending on how it goes over the next couple of months) start lifting some of the restrictions and trust him to use his judgement.

  8. Anonymous says:

    To some extent I agree with cheong. Making stuff taboo or banning stuff just makes it more exciting and alluring, especially to bright kids with a natural curiosity. That’s not to say your wrong to block these sites, and I wouldn’t dream of advising anyone on how to bring up their own children not having kids of my own, its just that in isolation blocking access simply moves or delays the problem to somewhere out of your control. Eventually everyone will come into contact with unsavorary material, and the question is how then will they handle it. Somehow children have to be warned and armed against such things so they can take it in their stride and make an informed choice not to indulge. Somehow you have to make the case that looking at porn is bad for your future relationships.

  9. Anonymous says:

    > The only effective approach would be to

    > tell them what the darker side things

    > are and why they are bad.

    Could you please explain to me why these "things" are bad. TIA

  10. Anonymous says:

    > none of the others are allowed to access the

    > internet โ€“ we filter it off access at the

    > firewall

    Your colleagues would tell you not to do that.

    Here’s our latest story from Microsoft. A recent newspaper article said that Microsoft was releasing a security patch for Windows 98. My wife clicked "Start" and "Windows Update" which opened Internet Explorer to an HTTP 404 error page. Since Windows Update gets free support and the issue involves a security patch, I told my wife to go to support. Support gave her a bunch of instructions among which fewer than half could even execute under Windows 98. And then support told her to uninstall all software firewalls (had any been installed) AND disconnect the hardware firewall and connect her Windows 98 machine directly to the internet. I forbade her to do that last part.

    You think you know why hardware firewalls have a purpose? Can you teach your colleagues?

  11. Anonymous says:

    Some of the issues discussed in this thread also apply to human children.

    Seen at Borough Market last weekend: a stall called "Pots for Tots" selling organic food for toddlers, and next to it a stall prominently advertising MINCED KID.

  12. Anonymous says:

    By stating "bad things", I do actually mean all those materials that could have bad influrence on the child, including but not limited to porns, offensive computing techniques, discriminating articles, acticles about methods commiting suicide, etc. There’s huge variety of materials avaliable on the web, isn’t there?

    Just them them what bad influrence would the materials lead to the child and advise them to be careful. As long as the child have ability to avoid being affected, I think it doesn’t harm to know more things.

  13. Anonymous says:

    I think educating the child about good and bad stuff is more important than blocking him access.

    This is what i started typing but then I thought about this.

    Think of PC as an Home Appliance that the family needs just like TV. We dont let our kids watch porn on TV right? We subscribe to healthy material.

    I guess we should follow the same principle, and probably do what Larry did. Filtering Adult content off the PC is infact a good idea and would be desired until the Kid grows into an Adult.

    And then.. leave it upto the grown ups!

  14. Anonymous says:

    Have you seen some of the parental access controls that Mac OS X (Tiger) will have?

    I’m not sure how Apple addresses the multi-computer home with permissions, but I think some of the automation of "asking permission" for certain activities is interesting.

  15. Anonymous says:

    is there a way to log internet activity that can’t be deleted? Then you just get together as a family at various times and do a review of wherever anyone in the house has gone on the internet. If I am the child and know I am not going to get away with it without being discovered, I wouldn’t go there.

  16. Anonymous says:

    Ben, not in Windows itself. And if the kids are logging in as an admin in front of the computer, not there.

    Some firewalls have this ability, as do some 3rd party firewalls but I’ve not investigated the ability.

  17. Anonymous says:

    I think the part that is getting missed here in the "we are too protective of the kids" is the fact that the internet on the publically available PC is unfiltered. We don’t filter sites on keywords or have rating limitations. It’s open access in a public place.

    By having the PC in a publicly viewable space, when inappropriate content or questions come up, there are people to ask what to do. I view this as an essential part of teaching the kids how to deal with what’s out there. It’s not just porn sites that need some discussion but also wacko sites. How do the kids know what they are reading is accurate? Part of the reason for having the access public is to help teach critical reading and research skills. Just because the information is on the Internet doesn’t make it accurate, but most kids do believe whatever they read.

    Just as when we see adult bookstores, the kids get an honest answer of what’s in there and the appropriateness of its contents, the kids get an honest answer of why their search turned up lots of porno or wacko sites. We get to talk about why there are breast augmentation ads on a site talking about breast cancer and also on a site talking about Marilyn Monroe. We get to talk about why someone would create just before Black History month.

    I don’t consider it "limiting" the kids so much as encouraging necessary conversations. Is it sometimes a pain that our kids have to leave there computer to use the public one? Maybe, but when they have a report due, that 2 minutes of exercise every hour is a good thing, even if it is only walking 20 feet.

  18. Anonymous says:

    Just wanted to thank you for posting this — I’m still a couple of years out from having children, but it’s a question that I’ve thought about a bit, and wondered how I’ll handle when the time comes — particularly since internet socializing is a notable part of my life, and so the "deny the kids access completely" model seems a bit hypocritical. What you do sounds like it would work for me, and it’s comforting to see "yes, there’s an answer that works".

    Of course, fifteen years from now when I need to worry about it, the technology and problems and possible solutions are liable to be quite a bit different!

  19. Anonymous says:

    Speaking as the father of a 6 year old, what I would like to see is simple built-in management of opt-in functionality so I can grant access to specific sites or parts of sites.

    OK, being a developer, I can figure out solutions but I want simple ways that other parents can do same. SP2 is so unnecessarily complex here.

  20. Anonymous says:

    If you have not read Jen’s article on LUA, you should be asking yourself why not?

    This article…

Skip to main content