My roommate is a security risk!

Hello All
Some advice needed here --- my roommate is a bit of a security risk--- as he refuses to use anti virus because, in his own words, it's a "pain in the ass", takes up sys resources, and is expensive.
I agree with the resources, and sometimes "pain in the ass" but I told him about free alternatives like AVG.
He always mentions system performance issues to me, and even has told me about a couple virus like systems (like that nasty Facebook virus of recent) he has experienced.

He is a good guy though, and we are moving to a new place soon --- the whole point is --- this gives me an opportunity to design some type of network where I will be safe and he can still have internet access ---

What do you all think?
network segmentation?

What do you all do for secure systems? In other words, the systems you keep your financial data, check your bank accounts, etc on?

Thanks for any recommendations in advance.:D
2017 Goals:
[ ] Security + [ ] 74-409 [ ] CEH
Future Goals:


  • unsupportedunsupported Member Posts: 192
    Setting up security measures will have no effect if you do not have a sound security policy in place. When you sign the lease on the new place, make him sign a network user security policy saying he needs to install anti-virus and patch his machine if he wants it to be on the network.

    Nist is a good resource for templates.

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Put him in a dmz and only allow access to the internet.
    An expert is a man who has made all the mistakes which can be made.
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure / Core Infrastructure, MCSA: Windows Server 2003/2012/2016 Bay Area, CaliforniaMod Posts: 5,161 Mod
    The simple solution is to put him on a seperate layer 3 broadcast domain. Get yourself a Catalyst 2950 switch from eBay and something like a Cisco 1721 router, (they're cheap,) and set up two VLANs. One is yours, where you allow whatever access you want. The other is his, which allows him free-reign to go on the internet, but no access to your machine at all.

    The hardware recommendation is just an example. You can pick up a used SonicWall and do zones, which will accomplish the exact same thing as VLANs, and there are a slew of other routers/switches out there that can accomplish the same thing. The important thing is to get the two of you off the same wire, and put him in a DMZ (a router with three ports - one for your connection, one for his, and one for the internet - would do the trick as well). The only other alternatives would be to have seperate internet connections or spend a whole lot of time securing your machine and double/triple-checking it for viruses every time he downloads something nasty.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • maumercadomaumercado Member Posts: 163
    Format his computer and say it was a virus... works like a charm! hehehe

    No, but seriously most people would only learn the hard way, me included! :)
  • msteinhilbermsteinhilber Member Posts: 1,480 ■■■■■■■■□□
    You can download virus and/or malware archives from Offensive Computing for analysis purposes, you could always just "analyze" viruses on his computer over and over until he finally uses some A/V software.

    Offensive Computing | Community Malicious code research and analysis
  • petedudepetedude Member Posts: 1,510
    I didn't use one for many years. I think an experienced IT pro could get by without one for a while if they operate behind a good firewall and they're VERY careful. Doesn't sound like the roomie in question falls into this category, though.

    I've seen enough nasty spyware, though, that I now have to at least run ClamAV at home.

    Anybody who complains about an AV product should be using something low-end like NOD, AVG or ClamAV.
    Even if you're on the right track, you'll get run over if you just sit there.
    --Will Rogers
  • jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    Well if you are concerned about your system then you don't even need vlans .. two different subnets should be enough ... but if you router supports vlans then that is obviously the best solution ..
    My own knowledge base made public: :p
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,469 Mod
    change your roommate, he seems to be a real "pain in the ass" icon_cool.gif

    Check out my YouTube Channel!

  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    I would grab a Linksys router that supports DD-WRT and create separate VLANs. You can even create separate wireless VLANs if you both use wireless. It would cheaper and less noisy than buying Cisco equipment.
  • tierstentiersten Member Posts: 4,505
    petedude wrote: »
    Anybody who complains about an AV product should be using something low-end like NOD, AVG or ClamAV.
    I wouldn't call any of them low-end. I guess you mean that they're not bloated like NAV?
Sign In or Register to comment.