Locking down the PC

The more experience I have with introducing computers to non-technically-literate folks, the more I realize that safe computing is beyond the abilities of most people.

Like little children being told not to talk to strangers, PC users have to be taught not to trust every offer to “make your computer faster” or “fix your clock” or “increase your internet speed.”

It's a well known fact that a lot of free software is ad-supported these days, and that there are also a lot of shady companies / products that will try to hijack your computer to show you ads.  It doesn't take long between the time a new user starts using their PC, and when they've installed so much crap that they want to throw the computer out the window.

This is a Windows problem for now, but it will happen to whatever the most popular OS is should any other OS become common on the desktop.  It's not a technological problem, it's a user problem - users have no way of knowing what's really useful and what's not.  The users that do know enough not to install stuff randomly often don't install anything, and wind up with systems way out of sync with recent security patches, which is worse than having adware installed.

Most novice users have their “computer guy” that they trust to fix their PC problems and keep their computers working.  If I set (hypothetical) Bob up with a computer, set it up to automatically install updates, and locked Bob's system down so he couldn't install anything without my permission, Bob would have a hassle-free computing experience.

Corporations have admins whose job it is to be the “computer guy” for the whole network. 

What we need, I think, is a service that offers to be the “computer guy” for everyone else. 

Not just someone who sets up the computer or maintains it, but someone who keeps control of the user's computer.  Let's say a company called SafePC offers this service.   Bob buys a computer from Dell which comes with 3 years worth of the SafePC service.  For these three years, Bob doensn't have admin rights over his own computer (unless he abandons the service altogether and reinstalls the OS, which he's probably not going to do).  In exchange for this loss of rights, SafeCorp would:

  • Make sure he always has anti-virus software and that it's up to date.

  • Lock down his mail clients so that he can't run any attachments.

  • Maintain a list of “approved” software.  Non-approved software is prevented from installing.

  • Keep the PC patched / updated.

Some users would be quite happy with this sort of arrangement.  OTOH, others would point out that this is a huge loss of rights and introduces much potential for abuse by SafePC.

Would it work?  I think it would if there were a trusted name behind it.. I'm sure anyone selling computers would love the decrease in support calls, and novice users wouldn't have to be afraid that they were going to break their computer (most of them are!).  But would anyone pay for it?