Arch Linux

arch_fuz

Member

Registered: 2015-01-31

Posts: 53

Securing Sys to prevent him from getting Remote Control App installed

Hi.
I need to protect my father from being tricked again. He was before on a Windows System when "Microsoft Support" called him and he followed their instructions. Bank detected something was going on and stop a transfer of 50K in last minute. I switched him to Linux and it works all good. I thought everything is fine now...

He is old and he is easy to manipulate and the Hackers seem to know it. Now I found a current version of anydesk.tar.gz in his Download folder. I saw that this software can be installed and run as a regular user. My father's user has shell access. I can not see that any installation of the app has happend so far.

I am afraid of that they trick him into installing a browser plugin or some remote control app like anydesk.

Do you have an advice what can be done best to avoid this? I won't get him from doing online banking and playing around with the computer.

Thanks,
_fuz

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 72,938

Re: Securing Sys to prevent him from getting Remote Control App installed

https://wiki.archlinux.org/title/Security#Mount_options
But he's still gonna be able to run "bash -c evilscript.sh" and browser plugins typically don't require execution permissions - you're looking for enterprise profiles here, https://wiki.archlinux.org/title/Firefo … e_policies

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 14,745

Re: Securing Sys to prevent him from getting Remote Control App installed

maybe Firefox in kiosk mode  is enough for them ?

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

schard

Forum Moderator

From: Hannover

Registered: 2016-05-06

Posts: 2,505

Website

Re: Securing Sys to prevent him from getting Remote Control App installed

Maybe instead of focusing on the technical aspect, you should also keep the social aspect in mind.
If your dad wants to use online banking and tinkering with the computer, he maybe should attend a computer course, ideally one for senior citizens.
No amount of technical limitations can prevent compromising your own user account via PEBKAC (except for maybe a completely read-only kiosk system as suggested, which would prevent tinkering with the PC on the other hand).

---

Inofficial first vice president of the Rust Evangelism Strike Force

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 72,938

Re: Securing Sys to prevent him from getting Remote Control App installed

He is old and he is easy to manipulate

That's not fixed with a computer course - the problem isn't that he doesn't know how to run a shell script, the problem is that he will follow malicious instructions to do so.
The sensible thing to do is to take away the car… errr… computer keys and offer to do this together - but even in shouldland™ your average dad isn't gonna hear any of this nonsense

It's a complete perversion of the label, but struck me that https://wiki.archlinux.org/title/Parental_control is probably useful here.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc