My kids are getting more sophisticated in their computer usage. I was hoping I could put off the implementation of draconian security controls on their computers for a while. More because I’m lazy and it will dramatically increase the amount of time I spend supporting the in-house computers. But hope is not a strategy, my oldest will be 10 this year, and she is curious – so it’s time.
The first thing I did was configure the Mac’s Parental Controls on the kid’s machine. That was a big pile of fail. Locking down email pretty much put her out of business. All her email went to me, even when I whitelisted a recipient. The web whitelist didn’t work very well either. The time controls worked fine, but I don’t need those because the computer is downstairs. So I turned it off Apple’s Parental Controls.
I did some research into the parental control options out there. There are commercial products that work pretty well, as well as some free stuff (seems Blue Coat’s K9 web filter is highly regarded) that is useful. But surprisingly enough I agree with Ed over at SecurityCurve, Symantec is doing a good job with the family security stuff.
They have not only a lot of educational material on their site for kids of all ages, but also have a service called Norton Online Family. It’s basically an agent you install on your PCs or Macs and it controls web browsing and email, and can even filter outbound traffic to make sure private information isn’t sent over the wire. You set the policies through an online service and can monitor activity through the web site.
It’s basically centralized security and management for all your family computers. That’s a pretty good idea. And from what I’ve seen it works well. I haven’t tightened the controls yet to the point of soliciting squeals from the constituents, but so far so good.
But it does beg the question of why a company like Symantec would offer something like this for free? It’s not like companies like NetNanny aren’t getting consumers to pay $40 for the same stuff. Ultimately it’s about both doing the right thing in eliminating any cost barrier to protecting kids online, and building the Big Yellow brand.
Consumers have a choice with their endpoint security. Yes, the yellow boxes catch your eye in the big box retailers, but ultimately the earlier they get to kids and imprint their brand onto malleable brains, the more likely they are to maintain a favorable place there. My kids see a big orange building and think Home Depot. Symantec hopes they see a yellow box and think Symantec and Internet Security. Though more likely will think: that’s the company that doesn’t let me surf pr0n.
As cynical as I am, I join Ed in applauding Symantec, Blue Coat, and all the other companies providing parental control technology without cost.
Reader interactions
8 Replies to “Doing Well by Doing Good (and Protecting the Kids)”
Our home sometimes becomes the hang out for our kid’s friends and we love it. Although we have open discussions with our kids on proper Internet use and safety, we still have content filtering (using OpenDNS) in place to cover their friend’s use. Helps avoid those embarrassing phone calls from their parents.
@steve, the crux of the decision isn’t really about trust. I trust that my kids will do the right thing, but only if they understand what they are doing is wrong. I have conversations as well with the kids about what is appropriate and what isn’t. When they should set up a user account on a site and when they shouldn’t.
But I’d rather be in a postion to show them something they did was wrong **before** the damage is done. With today’s phishing sites and malware networks, it’s hard for even us to know what is a legit site and what isn’t. Kids have no chance.
Am I being draconian? Not right now. I’ve just got the generic filters set up (to keep them off obviously bad sites) and reserve the right to monitor their chats and emails. They don’t do much chat and email now, so it’s not a big deal, but at some point they will.
And I want to make the discussion about safety, not about trust. I don’t let them roam around the mall alone, not because I don’t trust them, but because it’s not a good decision based on my #1 priority, which is keeping my kids safe.
I know I can’t keep them in a bubble forever, but I don’t need to throw them to the sharks either. At least until I’m pretty sure they know how to swim and know what a shark looks like.
Mike, I’ve followed your writings for a long time and generally agree with your stance on a lot of things. But here I take exception. Other than enabling the software firewall and installing basic anti-malware, I don’t do any kind of monitoring of the PCs my kids (who are 11 and 13) use. I don’t even know their passwords.
I engage my children in brief periodic security lessons and they really seem to grok it very well. When my older wanted to join Facebook, we had a chat about risks and threats unique to that environment.
Whatever happened to trusting your kids? When they first started using PCs I told them I wasn’t going to monitor their activity or demand their account information (although they’re fully aware of what I do for a living, heh). I’ve found that by taking this approach, my children feel far more comfortable coming to me whenever they have questions about something. One time my older kid accidentally landed on a page with pr0n. He didn’t tell us until a few days later when the guilt simply overwhelmed him. I just laughed and said no big deal.
Mike,
Thanks for the post. As a father with two little ones, these issues are coming faster than I would like. We appreciate the information!
I’ve had a surprisingly good bit of luck with NetNanny. I use it to screen my own MacBook, 2x Vista machines, and my 8 year old’s Windows 7 box.
They give you 30+ categories all of which I turned to Permit with the exception of “Hate” and “Pornography”. This setup catches 99.9% of the crap.
My kids only tried gaming the filters a time or two. It helps when you can show them their actual Google search string. Embarrasses them into not trying again. Evil but effective.
BTW: I get about 1x emails a day from someone in the house hitting a filter false positive, 50%+ of the false positives are on YouTube content.
It’s not begging the question, it’s raising the question.
I somewhat respectfully disagree. OK, not so respectfully because you didn’t have the common courtesy to put your name down. But we accept anonymous comments, so that’s what you get.
The question gets back to risk management. Of course I could block overly bad sites at the network (my AP allows me to do that), I don’t need to worry about 3rd party DNS facilities. I’ve got two machines that the kids use, so I choose to work on the endpoints.
Not sure what makes you think I’m not interested in monitoring. The service logs all the sites and emails any of the kids peruse. If we are talking about attack monitoring, then I have other defenses on the network to look at that.
The other issue of why I favor endpoint solutions for kid’s machines is for educational purposes. When they get an alert saying they’ve done something bad, it gives me as a parent an opportunity to explain what it was, and why it’s not a good idea.
And finally, I’m not blaming anyone for anything. I’ve personally found the Mac parental controls to be lacking. I like the Symantec offering (so far). I have lots of other defenses on my network to block attacks. This post was about trying to provide a safe environment for my kids to be online.
I’m done with this.
Mike,
The simple issue is that you’re doing it wrong from the beginning. You’re trying to control the endpoint – and as an analyst one should be able to assume you’ve already wrapped your head around not trusting that particular piece of the puzzle.
If all you’re wanting to do is control web activity and you’re not concerned about monitoring why don’t you just control what she gets from a DNS perspective and use the oft-hated (and in this case it’s very useful) NXDOMAIN that so many 3rd party DNS facilities provide. (i.e. this and plenty more where that came from: http://www.opendns.com/solutions/household/parental/)
The disturbing part about this is that if you’re really too lazy to figure out how to block pr0n from your daughter that’s that say for an analyst to delve into actually complex problems? You blame it on the companies providing the solution, when all you did was what every other parent in the world can do.