Internet cafe security

i thought the only possible way to block that kind of stuff was by having firewall, and so forth.
i doubt that there is another way.
though, there are times when you do have to delete viruses and stuff, because the ad-ware and firewall thingos can't always do it without the users permission

vonderjohn, see THIS

well im basically looking for an essential and effective SOFTWARE that would protect me from the worms, viruses, adware programs that dominate the internet. Paying money for security hardware logistics is beyond my budget..can't there be a less expensive way??

Not that works reliably. A measure of protection would be gained via Spybot S&D, SpywareBlaster, IE Spyad, Microsoft Antispyware, and a good, aggressive antivirus, a good software firewall, along with an email spamblocker, on each machine, but you'd still have vulnerabilities and you'd be looking at lotsa downtime for updates and scans.

Zone Alarm on each computer?

ZoneAlarm Free is better than nothing, but it'll do little to protect you from the sorta stuff most likely to afflict your system, and with 20 machines, would be a fairly hefty time investment to deploy, configure, and maintain. A user with moderate savvy can defeat it from inside or outside (though defeating t from outside is a little trickier). In additionto a firewall, you need robust, reliable antivirus, anti-spam, anti-adware, and anti-pyware applications as well, all with real-time active protection. Over and above that, you also should have a convenient disaster-recovery protocol in place, since no defense is perfect. You are running what amounts to a small enterprise network, and that calls for an enterprise solution. You really gotta stop the nasties before they get 6to your network, and thats what a gateway appliance does.

You could go with free apps of the various required types on each machine, limit user-level privileges (which you really oughtta be doing anyway - your customers should not have Administrator access - which is Windows default - on the public machines, they should be allowed only "guest" permssions) and really lock down your browser and your email client with very restrictive privacy/security settings and a good hosts file, but that again means time and effort deploying, configuring, and maintaining, and will negatively impact your customers' legitimate web, email, and chat access, apart from imposing a hefty resource load on the computers in the network.

very interesting and useful replies...

but I have a question to you all guys:

won't this big amount of software (adware +antivirus + + + + + .. ) won't this slow down my system? and i.e the internet in the whole cafe? I mean there are a lot of resources demanded here...don't you think that this will slow the system and exhaust the hardware of my computers?
Or is there a 'minimal' set of software or a 'lite' kind of software that might do the job?

I'm just worried to weaken the performance of my systems and slowdown the internet. Any additional measures to avoid that?

big thanks

Yeah, some performance hit can be expected. I take it you wanna go with free stuff for your security suite. A problem arises in that free stuff mostly is free for personal use only, which pretty much doesn't happen to be what you're doing; you really need what amounts to an enterprise, or at least small office, solution.

For a while yet, Windows OneCare is free - its in Public Beta now, and works fairly well and reliably. It combines a firewall, an antivirus, and a rudimentary system maintenance (updater, junk file cleanup, defrag, and backup) into an integrated package, and its designed to work with the successor to Microsoft Antispyware Beta, Windows Defender, nown in Public Beta 2; both can be downloaded and used for free. They're Betas, so support is by newsgroup and forum only, but they're in late beta, and seem to have most of the really entertaining idiosynchrocies sorted out. Once their beta periods are over - this summer, prolly - and they go to commercial public release versions, they'll be fee-for-subscription software, with a generous discount available to registered beta users. Designed to work together and to be used by folks who are less than computer geeks, they could be of interest to you provided your machines are running Win2K or later (they're not for Win9x or NT family platforms). I've been a member of their beta communities quite a while, and I think they're just about ready for prime time.

One drawback is that the antivirus lacks real-time inbound/outbound email scanning - something which prolly will be incorporated along the development chain before public commercial release. Another is that they're intended to be used by folks who aren't very computer savvy, so they're not blessed with a buncha user-configurable options and tweaks. On the plus side, they're easy to deploy and reasonably reliable and effective without imposing a huge resource load on the system.


Wilso's suggestion sorta makes sense, provided you have a Unix or Linux-based server-class machine to serve as a gateway, and that you're comfortable with doing some fairly tweaky twiddling to set up and administer your virtual server.

All that said, I really think your best solution is a one-step, one-point hardware gateway appliance. Your machines should still be locked down, with strong browser, email and chat client and operating system security settings, and they should be using a comprehensive HOSTS file (kept updated, of course). Sure, you're looking at a few hundred dollars - but that money will get you what you're after. You don't need a high-end device, entry-level will do for your situation.