10-Step Security for your Computer

[KimB]

For a home PC, a simple software firewall is typically enough. I've had one virus on my system in something like eight years, and that was when I was downloading my firewall and other security software after a fresh reinstall of Windows (now I pre-download this stuff, obviously).

That and using Firefox, of course. Don't want to be using any security-hole-prone software for accessing the Internet.

 

[Sage]

sa-fa-ri! sa-fa-ri! sa-fa-ri!

I have FF installed but actually safari is the best browser I have yet to come accross. I didn't like it at first, wanted my good ol' FF. But, now I prefer Safari. I really cannot explain how much getting a mac has improved my life, I have had to install almost no software (do have MS Office 2004 and a free flashcard program called Genius for school) and I get more done faster than I ever did with my windows boxen.

 

[digitalwanderer]

sa-fa-ri! sa-fa-ri! sa-fa-ri!

I have FF installed but actually safari is the best browser I have yet to come accross. I didn't like it at first, wanted my good ol' FF. But, now I prefer Safari. I really cannot explain how much getting a mac has improved my life, I have had to install almost no software (do have MS Office 2004 and a free flashcard program called Genius for school) and I get more done faster than I ever did with my windows boxen.

I just don't have the words.

 

[Frank]

Huh. WSUS takes care of patching.

Which you wouldn't really need if all your users used FF/Opera. You're in charge of the firewall/virusscanner, so that will work as intended.

Roaming profiles work fine.

No, they don't. They only do, when everyone is running all the same software, on comparable hardware (like, all or none have a DVD burner, scanner, local printer or organizer attached, using the same drivers and applications) and you have all things that require a user install (like everything from Microsoft) installed from an administrative share, or patched the registry so that's where they'll look.

So does printing transparencies.

Yes, when you allow the users to change the device settings to their liking (which might cause problems for the next user), always have a tray loaded with them or don't use a print spooler.

Almost all of our users run at "User" level privledges, which means that I get to spend hours of my time figuring out what directories and reg keys stupid software devs make thier products write to. (just FYI - I am a sysadmin at a college, I deal with more dumb compter people in a day than you can want to imagine,

Yes, a college is bad. And so is getting the right software on the right box, when needed.

...but keeping our boxes secure isn't something that eats tons of my time...).
Keeping thousands of machines patched and secure takes an amazingly small amount of my time.

Really? Yes, the Windows patches are easy. But do they actually make things safer?

The main problem is in getting all the applications, drivers, utilities, extended settings, and the patches and updates for those installed. Unless you don't do that, and allow only the basics and nothing more, all computers and users are equal.

If you "forget about it" for awhile (patching, that is) on Linux, Solaris, etc, and everything is working fine, then you are lucky. That's not working as intended, thats dumb luck that you didn't get exploited.
Every OS is "on the verge" by your definitions.

Why? What has luck to do with it? Do you really think, that every security hole you don't patch must result in a breach sooner rather than later? And you don't run any good firewall, browser and virusscanner on those boxes?

Really, if you don't totally slack off with the security altogether on those boxes, they're really safe and sturdy. Especially compared to the Windows ones.

Not every patch (or even the vast majority of them) need to be installed immediately to counter impending Doom! That is just hype.

I have to deal with Windows updates at a single point in my domain (top level WSUS server), ONCE A MONTH. Patching a single Solaris or Linux box takes more time, AND happens more often. Yet Windows is "on the verge". You've got some strange definitions.

So, tell me. Which ones get infected more often? And is that because you keep everything patched to the max at all times?

Really, you don't even need XP SP 2 if you've got a good firewall and virusscanner and use FF or Opera for browsing.



An alternative approach is, to make sure that all the software and drivers the user needs when loggin in on any workstation are applied automatically, all the paths are set, all the printer drivers are installed, all the registry fixes are done. Every time, all the time. When that's an automatic process, what do you care? And if the computer breaks down, just restore the disk image (or use nLite to build an unattended setup). There. You're done.

 

[Althornin]

Which you wouldn't really need if all your users used FF/Opera. You're in charge of the firewall/virusscanner, so that will work as intended.

You can't firewall every port, some are needed, and I know firsthand that a virusscanner doesnt help much against worms that are exploiting OS vulnerabilities.

No, they don't. They only do, when everyone is running all the same software, on comparable hardware (like, all or none have a DVD burner, scanner, local printer or organizer attached, using the same drivers and applications) and you have all things that require a user install (like everything from Microsoft) installed from an administrative share, or patched the registry so that's where they'll look.

They work fine for me. You have to manage AD properly, you can handle all of the "problems" you listed (which would be problems on ANY os, so why are you singling out windows? Thats what I don't get...)

Yes, when you allow the users to change the device settings to their liking (which might cause problems for the next user), always have a tray loaded with them or don't use a print spooler.

create another printer on the server, set up to print transparencies. Call it "same name+ TRANSPARENCIES". Most modern printers will beep and wait for manual tray load, so you are fine. users just choose which printer to print to.

I'm telling you, your "problems" ARE ALL SOLVED. You just need better admins wherever you are.

Yes, a college is bad. And so is getting the right software on the right box, when needed.

push out most software with a GPO.

Really? Yes, the Windows patches are easy. But do they actually make things safer?

YES.

The main problem is in getting all the applications, drivers, utilities, extended settings, and the patches and updates for those installed. Unless you don't do that, and allow only the basics and nothing more, all computers and users are equal.

you say this, and then in a couple of sentences you are going to talk about "all flaws are not exploited" - so which is it? You can't use this as a counter argument and then counter it yourself later on. Choose.

Why? What has luck to do with it? Do you really think, that every security hole you don't patch must result in a breach sooner rather than later? And you don't run any good firewall, browser and virusscanner on those boxes?

Some ports must be open. Virus Scanners are a poor second line of defense, as I explain above.

Really, if you don't totally slack off with the security altogether on those boxes, they're really safe and sturdy.

EXACTLY LIKE THE WINDOWS ONES

Especially compared to the Windows ones.

Bullshit.

Not every patch (or even the vast majority of them) need to be installed immediately to counter impending Doom! That is just hype.

here, you counter an argument you made above.

So, tell me. Which ones get infected more often? And is that because you keep everything patched to the max at all times?

We don't have infection issues. I do my job.

Really, you don't even need XP SP 2 if you've got a good firewall and virusscanner and use FF or Opera for browsing.

right, because thats all SP2 brought to the table. pffft.

An alternative approach is, to make sure that all the software and drivers the user needs when loggin in on any workstation are applied automatically, all the paths are set, all the printer drivers are installed, all the registry fixes are done. Every time, all the time. When that's an automatic process, what do you care? And if the computer breaks down, just restore the disk image (or use nLite to build an unattended setup). There. You're done.

OMG, what have I been saying?
Are you deaf?
Alternative? Welcome to reality. Security (ESPECIALLY on Windows) is easier to do right now than its ever been. And WSUS and AD management make it light-years ahead of *nix.

 

[Sage]

I just don't have the words.

why? what's so surprising about that?

 

[Frank]

You can't firewall every port, some are needed, and I know firsthand that a virusscanner doesnt help much against worms that are exploiting OS vulnerabilities.

Yes, and they come along en masse all day long, do they?

They work fine for me. You have to manage AD properly, you can handle all of the "problems" you listed (which would be problems on ANY os, so why are you singling out windows? Thats what I don't get...)

I'm not singling out Windows at all in this respect.

create another printer on the server, set up to print transparencies. Call it "same name+ TRANSPARENCIES". Most modern printers will beep and wait for manual tray load, so you are fine. users just choose which printer to print to.

Yes, that's what I do as well, only with a tray. Like with briefhead and mixed as well.

I'm telling you, your "problems" ARE ALL SOLVED.

Agreed. I did so before SUS ea even existed, by myself, so I know how it all can be done.

You just need better admins wherever you are.

Why? Everything works fine where I work, and I do it myself for customers. Which also works fine.

push out most software with a GPO.

Yes, that's the easy way out, just don't support it. It's too hard to do well, isn't it?

Then again, it isn't, when you know how. But that's with everything.

Really? Yes, the Windows patches are easy. But do they actually make things safer?

YES.

How do you know? you never have breaches, as you said. You don't know all those patches actually help, only that you have no problems.

you say this, and then in a couple of sentences you are going to talk about "all flaws are not exploited" - so which is it? You can't use this as a counter argument and then counter it yourself later on. Choose.

I said it, so I could post the comment directly above.

Some ports must be open. Virus Scanners are a poor second line of defense, as I explain above.

Yes, you do have to make things safe initially. And look at them every once in a while, to see if they still keep up.

But than again, that's easy to say for me, as I'm actually a programmer. I know how those things all work intimately. Because I write programs that do the same things. I agree, that that is much harder for an administrator who doesn't.

Really, if you don't totally slack off with the security altogether on those boxes, they're really safe and sturdy.

EXACTLY LIKE THE WINDOWS ONES

Exactly.

We don't have infection issues. I do my job.

I don't doubt it. But the question remains: what part of it is needed? Sure, the patches are easy, but how is the support for "other" software?

right, because thats all SP2 brought to the table. pffft.

Well, what wouldn't work if you didn't use it? where is the difference?

OMG, what have I been saying?
Are you deaf?
Alternative? Welcome to reality. Security (ESPECIALLY on Windows) is easier to do right now than its ever been. And WSUS and AD management make it light-years ahead of *nix.

Yes, if you limit yourself to that and see all patches as needed. As long as you see all of that as work you're required to do, or suffer the consequences. And *nix is, to me, much easier to manage. I LIKE configuration files, and I dislike hunting down buttons. And I'll write a script or program rather than doing things by hand.

But why would you do it like that? Because Microsoft says so, and "anyone can clearly see that it's like that, because". Right. There is only the MCSE way? In such a complex framework? I can think of quite an amount of other ways to do it that all work at least as well. By myself.

And btw, that you want to patch applications doesn't mean they're security risks. They might just be buggy.

 

[Moloch]

ever since i got my mac i havent had to fix one computer problem, mess around with one annoying glitch, or anything else. everything that i want my computer to do it does, without any extra programs, and totally seamlessly. i love my mac, it has made life SO much easier never having to worry about any computer issues.




I used to work for Perot Systems. I think that certainly shows I'm qualified.

I dont know who perot systems is and based on your posts in this thread I'm still gonna assume you're a PC noob, as you've shown your self to be.
If this bothers you in any way please prove me wrong.
Ever since I started using FF I've never had a problem either and even when I used IE I never had any glitchs of the sort (win xp /2k ftw!) just the occasional spyware program.
Suggesting someone buy a computer is completely ridicules and just shows you're trying to get others to jump on the mac bandwagon.

 

[Sage]

I dont know who perot systems is and based on your posts in this thread I'm still gonna assume you're a PC noob, as you've shown your self to be.

if you have never heard of Perot Systems then apparently you don't work in the IT industry. Anyone who does care to enlighten him?

Suggesting someone buy a computer is completely ridicules and just shows you're trying to get others to jump on the mac bandwagon.

what's so rediculous about it? I suppose it would also be rediculous to suggest that someone buy a video card as well. The fact is my iBook has made my life MUCH easier.I used to be staunchly anti-mac but only out of ignorance. I'm not saying that Mac's are better for everyone but they sure have their merrits.

 

[Moloch]

if you have never heard of Perot Systems then apparently you don't work in the IT industry. Anyone who does care to enlighten him?

What does working in the IT industry have to do with the price of rice in china?
You could be the head tech for some fortune 1000 company and that doesn't change your narrow minded views!

what's so rediculous about it? I suppose it would also be rediculous to suggest that someone buy a video card as well. The fact is my iBook has made my life MUCH easier.I used to be staunchly anti-mac but only out of ignorance. I'm not saying that Mac's are better for everyone but they sure have their merrits.

If you don't know what's so stupid about it than you never will.
Congrats on being another stupid mac ******:smile:
Macs have their place, but suggesting spending over a grand (for a decent mac.. not the joke of the mac mini) to fix a problem with the user is the problem is completely outrageous.
Now if I dont work in the IT industry and I dont have a problems with windows (security wise), what does that say about the It industry

 

[Sage]

What does working in the IT industry have to do with the price of rice in china?
You could be the head tech for some fortune 1000 company and that doesn't change your narrow minded views!

well at least we're past the "I'm a noob and don't know anything about computers" debate.

If you don't know what's so stupid about it than you never will.
Congrats on being another stupid mac ******:smile:

sounds like someone is being a stupid "anti-mac ******:smile:" to me.

Macs have their place, but suggesting spending over a grand (for a decent mac.. not the joke of the mac mini) to fix a problem with the user is the problem is completely outrageous.
Now if I dont work in the IT industry and I dont have a problems with windows (security wise), what does that say about the It industry

first off, when did I say that everyone should throw out their PC's and buy a mac? Never. I just stated that buying a mac and putting it behind a good NAT will give you security. And, FYI I got my iBook for under $1000. Sure, it's not a speed demon but, like I keep saying, it does every single thing that I need / want it to and does it all reliably, with ease, and as fast as any PC I've used. Why should I be chastized for suggesting people buy a specific brand of computer when I would not be for, say, suggesting people buy a specific brand of car?

 

[Moloch]

well at least we're past the "I'm a noob and don't know anything about computers" debate.



sounds like someone is being a stupid "anti-mac ******:smile:" to me.


first off, when did I say that everyone should throw out their PC's and buy a mac? Never. I just stated that buying a mac and putting it behind a good NAT will give you security. And, FYI I got my iBook for under $1000. Sure, it's not a speed demon but, like I keep saying, it does every single thing that I need / want it to and does it all reliably, with ease, and as fast as any PC I've used. Why should I be chastized for suggesting people buy a specific brand of computer when I would not be for, say, suggesting people buy a specific brand of car?

Actually we aren't.
You're suggesting instead of say spending 50 bucks on a hardware router and updating windows to fix security holes that you spend atleast 500 on a mac.
Sounds like lazy man who doesn't spend his money wisely syndrome.
Do you get it now?
And as fast doing what?
Playing photoshop?
Apparently apple doesn't think they're fast enough or else they wouldn't have switched to intel cpus

Seriously Sage, windows isn't half as bad as mac lovers and linux lovers would like to think so.
You have to be computer illiterate to mess up a windows box with SP2..
As long as you update your windows every once in a while and have a router, you're fine.
I am an anti mac ******.
They are comparably slow and expensive compared to pcs.
the only thing they got goin for them is a pretty os, and the os is seriously slow if you ever wanna run a server.. sql performance is anemic
The whole OSX is so advanced is such a load of shit it's not even funny anymore.
What I like about it is expose (vista will have it) and spotlight or whatever.. maintains a database so searches are fast.
Being you used to be in the IT business, do you by any chance run apple x-serves?

 

[_xxx_]

Now cool down guys!

Mac has its advantages for sure. Besides being attacked less than anything windows based, it kicks any PC's arse for music recording, video stuff etc. And it's much more user-friendly.

I wouldn't buy one since I have no use for it (I own a stand-alone multitracker for my recording work), but it's a nice machine nonetheless with its own bag of goodies.

 

[KimB]

But since for a PC, games are of big importance to me, I'll never buy a Mac. For work I'll probably always use Linux.

 

[Moloch]

Now cool down guys!

Mac has its advantages for sure. Besides being attacked less than anything windows based, it kicks any PC's arse for music recording, video stuff etc. And it's much more user-friendly.

I wouldn't buy one since I have no use for it (I own a stand-alone multitracker for my recording work), but it's a nice machine nonetheless with its own bag of goodies.

I have yet to a recent real multimedia shootout.
I think any advantages apple has are purely because of software/devs choosing to go with mac.
If apple thought powerpc cpus were so good why switch?
opterons were used for a bit in lord of the rings:smile:

 

[_xxx_]

Sure its because of the SW. I wonder how many people will switch once we have Intel-based Macs with dual boot MacOS/WinXP

 

[Sage]

Actually we aren't.
You're suggesting instead of say spending 50 bucks on a hardware router and updating windows to fix security holes that you spend atleast 500 on a mac.
Sounds like lazy man who doesn't spend his money wisely syndrome.
Do you get it now?

I don't see a problem with suggesting people buy a mac. I never said that they have to buy a mac or they are sitting ducks. Obviously, if you work at McDonalds then you should probably save that 500-1000 for a new used car. Or ciggarettes. But, if you have the money then I think it's a very god buy. Maybe you work at McDonalds, I don't.

And as fast doing what?
Playing photoshop?
Apparently apple doesn't think they're fast enough or else they wouldn't have switched to intel cpus

email, browsing internet, word processing, listening to music, watching movies, printing pictures from my digital camera, watching the weather and stock charts, translating text, studying for school. Yeah, not exactly very intensive work, but that's what I need my computer to do and I need it to do it reliably and efficiently.

Seriously Sage, windows isn't half as bad as mac lovers and linux lovers would like to think so.

and MacOS X isn't half as bad as windows lovers like to think either.

You have to be computer illiterate to mess up a windows box with SP2..

now that's just not true. first of all, you're completely ignoring hardware problems when you make that statement

As long as you update your windows every once in a while and have a router, you're fine.

perhaps you should find a job as a field tech. you'd be amazed at how many problems people have with xp sp2, autoupdate on, don't ask anything more from their computer than I do, and aren't smart enough to screw anything up. When I was in that business we had a major problem in that you could get a new PC cheaper than it would be to have us fix a lot of problems. PC's are becomming disposable.

I am an anti mac ******.
They are comparably slow and expensive compared to pcs.
the only thing they got goin for them is a pretty os, and the os is seriously slow if you ever wanna run a server.. sql performance is anemic

so what? how many people here are going to be running a sql server from their desktops / laptops? I bet you haven't owned a mac in your life. Your opinion isn't really valid if you don't have any experience with both windows and mac. I still have by windows desktop running, there are a few things that I need it for still (BitTorrent doesnt seem to want to work on my apple whereas I have really tweaked it on my PC, also there's no Trillian for MacOS) so I remote into it when I need to use it. But, it's about 100 miles away from where I live.

The whole OSX is so advanced is such a load of shit it's not even funny anymore.
What I like about it is expose (vista will have it) and spotlight or whatever.. maintains a database so searches are fast.
Being you used to be in the IT business, do you by any chance run apple x-serves?

honestly, i don't care if it's super advanced. it's reliable and efficient. No, I never ran any x-servers. We ran all Windows servers (although there were some developers somewhere far away that were running their own UNIX servers but we weren't allowed anywhere near them, those guys were very possesive). If the debate was about servers then I'd recommend 2k3 unless you had a specific need for UNIX. AD makes life much much much easier for server admins.

 

[Moloch]

I don't see a problem with suggesting people buy a mac. I never said that they have to buy a mac or they are sitting ducks. Obviously, if you work at McDonalds then you should probably save that 500-1000 for a new used car. Or ciggarettes. But, if you have the money then I think it's a very god buy. Maybe you work at McDonalds, I don't.


email, browsing internet, word processing, listening to music, watching movies, printing pictures from my digital camera, watching the weather and stock charts, translating text, studying for school. Yeah, not exactly very intensive work, but that's what I need my computer to do and I need it to do it reliably and efficiently.


and MacOS X isn't half as bad as windows lovers like to think either.

now that's just not true. first of all, you're completely ignoring hardware problems when you make that statement

perhaps you should find a job as a field tech. you'd be amazed at how many problems people have with xp sp2, autoupdate on, don't ask anything more from their computer than I do, and aren't smart enough to screw anything up. When I was in that business we had a major problem in that you could get a new PC cheaper than it would be to have us fix a lot of problems. PC's are becomming disposable.

so what? how many people here are going to be running a sql server from their desktops / laptops? I bet you haven't owned a mac in your life. Your opinion isn't really valid if you don't have any experience with both windows and mac. I still have by windows desktop running, there are a few things that I need it for still (BitTorrent doesnt seem to want to work on my apple whereas I have really tweaked it on my PC, also there's no Trillian for MacOS) so I remote into it when I need to use it. But, it's about 100 miles away from where I live.

honestly, i don't care if it's super advanced. it's reliable and efficient. No, I never ran any x-servers. We ran all Windows servers (although there were some developers somewhere far away that were running their own UNIX servers but we weren't allowed anywhere near them, those guys were very possesive). If the debate was about servers then I'd recommend 2k3 unless you had a specific need for UNIX. AD makes life much much much easier for server admins.

Ya know my 2500+ is pretty fast as long as I'm not doing encoding or gaming.
But I wouldn't go on to say it's fast, it's just not needed when I'm not gaming or encoding.
Ya I work at McDonald's
Get real kid you think because you own a low end benz you're the shit?
Get the hell out of here!
What hardware problems?
If you buy no name hardware, you may end of with a company that writes shit drivers.
And if they bought a dell or HP etc they should have no problems at all with the hardware.
Is that Microsoft's fault?
No..
You don't even need that much hardware these days with everything but the kitchen sink onboard.. just buy a decent mobo and PSU and you're set.
If someone has a problem with XP SP2, it's there damn fault for being ignorant to what they're doing.
Like clicking on a popup ad that tries to install spyware and maybe it even asks, or install some of those damn IE toolbars.
If you're forced to buy new hardware to fix your problems, it's obvious where the problem lies.
Me own a man? haha.
Sorry I'm not an ignorant person, nor do I find OSX enough to spend money on a mac.
I do use macs, but I don't own them.
You don't have to own a mac to look at benchmarks showing they're not worth the price you pay.

You're still missing the point though.
Telling someone to buy a mac because they're too ignorant to use a PC without fucking it up is inane.
My neighbor had tons of shit on his systray and a few IE tool bars so I just updated his windows to SP2 and all the good stuff, ran adaware and spybot, removed a bunch of items from his startup so it didn't take all day and he hasn't had me over for a few months.
He isn't exactly a genius when it comes to computers either.

 

[boltneck]

1. Use panda Internet security 2005 or 2006.

Nothing else, over the counter, is even close to as good. Using Norton, etrust, or Macaffe, or "fill in the blank" it is like putting a screen door on a submarine. For security and anti trojan support Panda is hands down the best.

 

[Sage]

Ya know my 2500+ is pretty fast as long as I'm not doing encoding or gaming.
But I wouldn't go on to say it's fast, it's just not needed when I'm not gaming or encoding.

does it matter how fast it is at finding the answer to "what is the meaning of life, the universe, everything?" if it does everything you need it do do quickly? Apps load faster and interactivity is faster on my mac than on my PC or any other PC that I've ever used.

Ya I work at McDonald's
Get real kid you think because you own a low end benz you're the shit?
Get the hell out of here!

first of all, I don't own a cheap-ass C230. I have a fully loaded C320. Go to mbusa.com and price a loaded C350 (replaced the C320 this year, larger engine and new 7-speed tranny). Then, compare the price of that with an E-class. Furthermore, you have no idea what my financial situation is. Apparently, it's a fair bit better than yours though because I can go out and buy an iBook on a whim.

What hardware problems?
If you buy no name hardware, you may end of with a company that writes shit drivers.
And if they bought a dell or HP etc they should have no problems at all with the hardware.
Is that Microsoft's fault?
No..

obviously, you've never done field work. dells and HP's are the computers that people are having die on them. It can range from hardware to windows. If you haven't done field work then you really can't say anything about the realiability of these computers because you don't have enough experience with them. Why, if there should be no problems with this hardware, would I have anywhere from 2 to 10 people every single day with different problems. And that was just doing field work. Why, if the software and hardware are so reliable, was my call-center team of 17 kept bussy all day long?

and when did I say it was microsofts fault? with regard to hardware issues the only problem with microsoft is that windows only runs on PC's. PC's have a lot more options for hardware but with that comes the problems of having so many hardware combinations there are inevitably going to be conflicts.

You don't even need that much hardware these days with everything but the kitchen sink onboard.. just buy a decent mobo and PSU and you're set.
If someone has a problem with XP SP2, it's there damn fault for being ignorant to what they're doing.
Like clicking on a popup ad that tries to install spyware and maybe it even asks, or install some of those damn IE toolbars.

you have way too much faith in windows. Again, you must not have much experience with windows xp outside of your own use.

If you're forced to buy new hardware to fix your problems, it's obvious where the problem lies.

guess what- sometimes hardware fails. And who ever said anyone was being forced to buy a mac? It's a choice. Just like I wasn't forced to buy a MB, I could have gotten a VW. I can get to point A to point B in a WV if I want to but, doing it in my MB is much more enjoyable.

Me own a man? haha.
Sorry I'm not an ignorant person, nor do I find OSX enough to spend money on a mac.
I do use macs, but I don't own them.
You don't have to own a mac to look at benchmarks showing they're not worth the price you pay.

so benchmark performance is what determines the value of a computer?

You're still missing the point though.
Telling someone to buy a mac because they're too ignorant to use a PC without fucking it up is inane.
My neighbor had tons of shit on his systray and a few IE tool bars so I just updated his windows to SP2 and all the good stuff, ran adaware and spybot, removed a bunch of items from his startup so it didn't take all day and he hasn't had me over for a few months.
He isn't exactly a genius when it comes to computers either.

now when did I tell anyone to buy a mac just because they are too ignorant to use a PC withot screwing it up? However, you make a good point- why should someone be forced to own a PC if they aren't smart enough to keep from fucking it up? Would you give a 16 year old a jaguar (real jag, not a ford jag)?