how to prevent third party program installs from changing browser settings without permission

Question

I'm sure everyone knows how it is. You install a third party program and it wants to install 101 'useful' toolbars and change your search and homepage; some even install add-ons that spam you with advertisements.

I keep my own computer safe, but every now and then I still screw up and have it happen to me by accident; it's easy to fix but still a pain. Worse, my parents and other friends do the same sort of things and don't know how to fix it when it happens; so they just stick with these things installed/changed eating up screen real estate and abusing them, while the companies that do this sort of junk make advertising profits off of taking advantage of end users. I can take care of myself easy enough, but how do I take care of novice end-users who are prone to screw up AND I can't be around to fix their mistake every time they make it?

So here is my question; how do I make browsers tamper-proof? Prevent unauthorized changing of home page, search engine, or installing of add-ons/toolbars? A perfect solution may be impossible to do without teaching the user how to avoid social-engineering, but surely I can configure browsers to be more idiot-proof?

I am interested to know how to lock down any browser out there. IE is the most relevant, since the sort of people that fall prey to this stuff are usually the sort that use IE. I consider Firefox and then chrome to be the 2 & 3 priorities in order of their use by laymen. Any information and advice for how I can lock down browsers to make them tamper-proof for laymen installing suspect programs is appreciated.

Answer 1

I use a shareware program called WinPatrol. It worked so well I spent the money to get the pro version. All it does is stop any system settings it's set up to monitor from changing, and it warns you any time someone/something tries to auto change something (like free software trying to change your browser home page), it requires you to give it permission before anything is changed.

Super easy to set up and use, and once you have it configured it's brainless, working totally in the background.

Answer 2

One effective solution, I think, would be WinPatrol which is mentioned in a reply by user Mark. I have used it and even its freeware version is effective and gives you simple and direct control over what may be changed and when.

However another solution somewhat unusual and more for the tech-savvy maybe, would be this. You could install the browser of your choice, with the settings of your choice in an embedded system called "Porteus-Kiosk". This means you install a very small Linux distro exclusively tailored to this end: providing a kiosk solution for a browser (this means it can in principle be used by anyone but no one can change its settings, and the system always reboots from zero, with a clean browser) IN your OS (Windows I presume)

The way to install Porteus-Kiosk would be through an application called Qemu I believe but I am not sure, you would have to do some research to find out which is best and adequate for this end.

The end result is nothing but a browser, running in a tiny OS itself embedded in your OS but running totally separately from it.

Apart from this (technical) solution, there is one other security-related measure I would strongly advice: replace the Hosts file in your system with a list especially made for this purpose and which filters out FROM THE BASIS (even before it reaches your browser) every known source of malware. I know of two sources for this list: Pollock's, and another one which I forgot the web address of but which you should be able to find if you search for something like anti malware hosts file.

Hope this helps?