My grand kids are getting to the age where a good parental control program is becoming necessary. They are all good kids and I do not think they would visit an inappropriate site on purpose, but I want to protect them from accidentally going to something bad.
I have been doing some research and so far it seems that everyone I find seems to have mixed reviews. Such as AVG Family Safety. PC Magazine went on and on about how great it was, but the user reviews called it useless.
My needs are pretty simple, I just need something that will block unwanted web sites. Their parents probably need something a little more robust, such as monitoring and facebook tools and the like.
Any suggestions?

OpenDNS AND put in a iBoss Router with subscription. I've been through MANY software attempts at parental control over the past several years. The iBoss is awesome and it doesn't require a software install to control what enters your computer network at home. Subscription is $60 a year and very well worth it..!!!

open dns rocks, and is hard to circumvent.

As it turns out my ISP provides some parental control software. We use cox and they seem to have some software called McAfee Family Protection. Does anyone have any experience with this?
OpenDNS does look interesting, I wonder if it can be used with the McAfee product.

Larry,
Use OpenDNS. There are MANY out there that use OpenDNS. For your true control at a hardware level, put in the iBoss router with paid subscription. You will not be sorry you did. I LOVE my hardware solution. It's blocked and filtered BEFORE it makes it into your wired and wireless network. It's safe for even iPhone & iPod Touch people in your home. Another thing to note is that the interface is crazy simple to use. I've spent a LOT of money on software and setups over several years and this is by far the best solution I've ever put in place. :D

opendns is really hard to work around. It is also more granular than other options.
You are also much more in control of what sites are blocked. For example, I know at one time net nanny blocked access to the dnc website, but not the republican one.

http://www.internetsafety.com/safe-eyes-parental-control-software.php

Dennis,
Do you have the paid version of OpenDNS? It looks to me like the free version would work fine. Not sure what the paid version gets you. I thing my needs are pretty basic. We have 3 grandkids that visit occasionally. The oldest is 8, so I don't think I need something that is hack proof just yet. One is coming this summer for about a week, so I was thinking that he might want to get on the internet. He loves the video games and I have already learned the lesson about those game sites and the havoc they can cause. I won't allow him to go to those anymore!

At this point I am probably going to pass on the iBoss. It looks to be a bit of overkill for now.
The solution offered by cox seems promising, but I sure would like some input for someone who has used it. I wonder if it would play well with OpenDNS.

Our local computer group used to do weekly classes for 6 years. We had many thousand take the class. The subject most all parents asked about was parental control.
Here's what we came up with after studying this, in depth, and with input from the Michigan State Police computer crimes unit.

Kids know how to use computers better than you do. They pass info to each other in school, at home, everywhere.
They know how to circumvent ANY parental controls you may take a fancy to. They can get around it. Guaranteed.
Don't kid yourself into thinking you're smarter than a 5th grader. You'll lose the contest.

The absolute best you can do is NOT put a computer in their bedrooms.
Put the computer in a family area where you can watch what's going on.

Use a Pop-up-blocker. That makes your own browsing better.

Like Dennis, we use OpenDNS to provide whole house filtration. While we used K9 from BlueCoat (free) for a long time, managing and maintaining the software on our kids individual computers got to be a pain--not due to the software, but due to the inconvenience to be sure that updates got applied, etc, since that requires administrator access. We also are not extreme in our filtering, but do monitor everything. We have access to our girls Facebook accounts, see every email in and out and generally keep track of what goes on behind the scenes, while expecting them to be responsible. I'd rather spot-check than "nanny" them. Additionally, using the OpenDNS system means it covers all devices. Kids these days don't spend much time on traditional computers...it's all about portable devices like iPod Touch. For your purposes, OpenDNS is simple. It's also free.

Of course, there are downsides for the adults in the house...I had to white list the PowerBall site to check if I won. LOL :D

Our local computer group used to do weekly classes for 6 years. We had many thousand take the class. The subject most all parents asked about was parental control.
Here's what we came up with after studying this, in depth, and with input from the Michigan State Police computer crimes unit.

Kids know how to use computers better than you do. They pass info to each other in school, at home, everywhere.
They know how to circumvent ANY parental controls you may take a fancy to. They can get around it. Guaranteed.
Don't kid yourself into thinking you're smarter than a 5th grader. You'll lose the contest.

The absolute best you can do is NOT put a computer in their bedrooms.
Put the computer in a family area where you can watch what's going on.

Use a Pop-up-blocker. That makes your own browsing better.
Locks only keep honest people honest!

If the kid wants to get around they will

we keep our computer in the library, I can see the screen from the couch in the living room
Teaching a kids about choices, and trusting them goes alot farther than building walls

It would be simple to connect to the neighbor's unblocked wireless router to circumvent all of these solutions. IMO, keep the computer in a common area or don't connect the bedroom computer to a network (no network card or locked out in BIOS).

I totally agree with the the statement "Teaching a kids about choices, and trusting them goes alot farther than building walls" Creating an environment that sends the message "I don't trust you to do the right thing" only encourages them to try to prove you are right for not trusting them. What I am trying to avoid is them going to some site they thought was something that it wasn't or accidentally clicking on something that takes them somewhere they shouldn't go. If it is discovered they are intentionally trying to get around the controls, that is the time their internet privileges get taken away and parental controls then become a moot point.

I use AVG FREE anti-virus. Has a built in link scanner for malicious sites, and a family protection module to warn of inappropriate content. The protection module is $20/year, for 3 computers. Base software is free. It will protect from what your concerns are, but still, it can be gotten around.
www.free.avg.com

Kids know how to use computers better than you do. They pass info to each other in school, at home, everywhere.
They know how to circumvent ANY parental controls you may take a fancy to. They can get around it. Guaranteed.
Don't kid yourself into thinking you're smarter than a 5th grader. You'll lose the contest.

More accurately, they likely are able to get around anything that is installed on their computer. hard controls on another device is more problematic. Unfortunately, this moves the filtering off the local machine to some other machine, which may be a device or computer that you presonally control, or even your provider.

Sadly, I will need to concern myself with this soon enough (I have a 6 year old)

Regardless of the method used, oversight of some sort is the usual solution such as computer in the large public room with everyone else so that activity can be seen and for any social sites, the parents have access to the site (friends or what not).

More accurately, they likely are able to get around anything that is installed on their computer. hard controls on another device is more problematic. Unfortunately, this moves the filtering off the local machine to some other machine, which may be a device or computer that you presonally control, or even your provider.

Sadly, I will need to concern myself with this soon enough (I have a 6 year old)

Regardless of the method used, oversight of some sort is the usual solution such as computer in the large public room with everyone else so that activity can be seen and for any social sites, the parents have access to the site (friends or what not).

Once again, If I ever discovered that one of my kids (grand kids) was even trying to defeat or get around the parental controls I had in place, that would be the last time he used the internet in my house, and the parental controls would no longer be needed.

I use AVG FREE anti-virus. Has a built in link scanner for malicious sites, and a family protection module to warn of inappropriate content. The protection module is $20/year, for 3 computers. Base software is free. It will protect from what your concerns are, but still, it can be gotten around.
www.free.avg.com (http://www.free.avg.com)

This is the very one that got me confused in the 1st place. PC mag thought it was the best thing out there for the money, but the user reviews ALL said it was a piece of junk. They said that it almost did what they wanted, but fell short enough that it was useless. Apparently, you like though?

I don't use the module, but the rest of it is great.

I wonder if the Amish have these kinds of problems to deal with?

I wonder if the Amish have these kinds of problems to deal with?
I see some using smart phones...

I wonder if the Amish have these kinds of problems to deal with?

not even gonna begin to tell you what i saw them lookin at a few times,,,,,,,


any kid worth his salt on a computer, if they really want something they will find away around it. i would say get a general simple filter to prevent accidental site access, but where theres a will there is a way,,, wouldnt beleive the crafty stuff ive seen to get around school filters....

Well, I install OpenDNS tonight. We will see how this goes. I had a devil of a time getting it to start using it. I kept getting the message "Oops. You're not using OpenDNS yet." Even though I had followed all the instruction. I was beginning to think that Cox was not allowing it. But then, it just started working! I am not sure what I did, but, oh well! Who cares? Its working now!

Even if you don't need parental controls, OpenDNS is not a bad idea. It seems quick and helps to keep phishing attempts out. I haven't installed it on a Windows machine but Linux is simple. It can also be set up on the router which should cover attached computers.

It can also be set up on the router which should cover attached computers.
That's where I use it. I don't trust Comcast. Data harvesters like Google is.
Sometimes it takes a little longer to get to a web site, but it isn't a bother.

Larry,
One thing to remember here is that you are making control changes on THEIR server. You update one server and that change has to propagate to the other servers in their infrastructure. That's why when you make a change...it can take a few minutes before it starts working. Setting up the router in your home is the best way to do this....that way, smart little people can't hack it unless they can get your router password. ;)

Larry,
One thing to remember here is that you are making control changes on THEIR server. You update one server and that change has to propagate to the other servers in their infrastructure. That's why when you make a change...it can take a few minutes before it starts working. Setting up the router in your home is the best way to do this....that way, smart little people can't hack it unless they can get your router password. ;)
This has all been a learning experience for me. I do not think it is as important for my network to be protected as much as it is for their parents, I need to learn about what needs to be done to protect them in their own home. Both sets of parents are clueless when it comes to setting these things up, so I will be doing it for them.
I really had no clue about OpenDNS so thanks for that.
The parents of grand kids I am most concerned about don't even have a router, they just have their computer connected directly to the cable modem! A co-worker of mine gave me a perfectly good router for them, so I will install it for them, and you can bet I will be setting up OpenDNS on that. At this point, I think that will be enough protection for the next couple of years. Before they turn teenagers I will revisit the situation.

Setting up the router in your home is the best way to do this....that way, smart little people can't hack it unless they can get your router password. ;)

I've been looking at the OpenDNS website and don't see this noted, maybe you know the answer...

Lets say my "smart little people" change the laptop's network settings to manually use Google DNS instead of the OpenDNS supplied by the router. This completely circumvents OpenDNS doesn't it? It seems such a simple thing to detour around... Am I missing something?

...art

Make the users you don't want accessing the settings log in with an unprivileged account. then they cant change the DNS settings.

I've been looking at the OpenDNS website and don't see this noted, maybe you know the answer...

Lets say my "smart little people" change the laptop's network settings to manually use Google DNS instead of the OpenDNS supplied by the router. This completely circumvents OpenDNS doesn't it? It seems such a simple thing to detour around... Am I missing something?

...art

Kids shouldn't have administrator access to their computers...

Kids shouldn't have administrator access to their computers...

I appreciate what you are saying, but neither comment from you and Paul is really addressing my question. I simply want to know if manually changing the DNS server will completely circumvent OpenDNS. I think it will, but I wanted to check with those who are experienced with it.

(and sure I restrict admin access for my kids, but I believe you do need to allow progressively more freedom and responsibility to kids as they age, and as they demonstrate the ability to handle it. We can't just toss them out into the world at age 18! :rolleyes:)

I appreciate what you are saying, but neither comment from you and Paul is really addressing my question. I simply want to know if manually changing the DNS server will completely circumvent OpenDNS. I think it will, but I wanted to check with those who are experienced with it.

(and sure I restrict admin access for my kids, but I believe you do need to allow progressively more freedom and responsibility to kids as they age, and as they demonstrate the ability to handle it. We can't just toss them out into the world at age 18! :rolleyes:)
Yes, if you allow access to the network settings, it can be circumvented. I would restrict access to the network settings on any computer my child is on.

I appreciate what you are saying, but neither comment from you and Paul is really addressing my question. I simply want to know if manually changing the DNS server will completely circumvent OpenDNS. I think it will, but I wanted to check with those who are experienced with it.

(and sure I restrict admin access for my kids, but I believe you do need to allow progressively more freedom and responsibility to kids as they age, and as they demonstrate the ability to handle it. We can't just toss them out into the world at age 18! :rolleyes:)


Yes, manually changing the DNS pointers on the machine will circumvent the DNS assignments provided by DHCP from your router. Hence, not providing access to the networking configuration parameters helps you to avoid that risk.

Yes, manually changing the DNS pointers on the machine will circumvent the DNS assignments provided by DHCP from your router. Hence, not providing access to the networking configuration parameters helps you to avoid that risk.
I am really new at this idea of parental control software. I have always had my computers setup so a log on was not required. The machine always boots up with full access. I have always been the only user. I know that is probably not the most secure way to do things, but I have never had a problem doing that. (I probably will now that I have told the world about it:eek:)

Is it possible to set windows 7 so that it still boots without logging on but comes up in "user" mode? Then, if I wanted to make admin type changes, could I log off and log back on using the admin userid and password? Or do I just need to bite the bullet and set it up to have to log on every time?

Is it possible to set windows 7 so that it still boots without logging on but comes up in "user" mode? Then, if I wanted to make admin type changes, could I log off and log back on using the admin userid and password? Or do I just need to bite the bullet and set it up to have to log on every time?

All of the computers in this house, Win7 or Mac, are setup for users. Our girls' computers have their own, non-administrator logins as well as a "parent" administrative login. In Win7, you have the option of leaving the password blank for the "user" account when multiple accounts are active, meaning no PW required, but you'll still need to click "login" when you restart.

All of the computers in this house, Win7 or Mac, are setup for users. Our girls' computers have their own, non-administrator logins as well as a "parent" administrative login. In Win7, you have the option of leaving the password blank for the "user" account when multiple accounts are active, meaning no PW required, but you'll still need to click "login" when you restart.

If we still had kids living at home I would definitely do the same. SWMBO has her own computer, as do I, so our computers are used by only one person 99% of the time. When the grand kids come over, and they ask to get on one of our computers is about the only situation I am concerned about. For now at least, I think adding openDNS to the router is all I am going to do to my computers.
However, my children are all pretty much computer illiterate, and rely on me to set up their computers. I am most concerned about my 2 grand daughters (9 and 10) home. They only have one Win7 laptop computer that is hard wired directly to the cable modem. I think what I want to do for them is to first install a wireless router and install openDNS on it. That computer only has one admin user with no password now. I think I will set it up with multiple user accounts (maybe just one user account for the girls and then add a password for the admin account which mom and dad can use). I really need to keep this as simple as possible, or I will get LOTS of complaints. I am going to have to talk to them about all these type of options.

BTW, Is there some way of copying the settings and desktops of a user as I create new user accounts? I don't want to have to reinstall software and rebuild the desktop for each new user I add to the system.

Most software installs to be available to all users on a system, although there are exceptions. Your idea to put in a router/AP is a good one...I cringe at the idea of a computer plugged directly into a cable modem or DSL modem, rare as it may be, as raises the risk, even with a good security setup on the computer. Without the router...it's a "public" IP address and presents more opportunity for mischief or worse.

not even gonna begin to tell you what i saw them lookin at a few times,,,,,,,


any kid worth his salt on a computer, if they really want something they will find away around it. i would say get a general simple filter to prevent accidental site access, but where theres a will there is a way,,, wouldnt beleive the crafty stuff ive seen to get around school filters....

I love this when you say there is a hill, there is a will.
I set parental controls for my children's computer and cell phone, but he still visit the sites on school computers and attemp to bypass it.

...but he still visit the sites on school computers and attemp to bypass it.

I am not surprised that a child is exposed to "bad stuff" at school. Even where I live in a decent neighborhood they have trouble with Mexican drug gangs and black horse heroine is readily available (according to the local police chief who came out to speak with locals residents about the problems). If your child is exposed at school, express your unhappiness to the head of the school, school board, or law enforcement (depending on the severity).

Also, just because the school will expose your children to undesired things, does not mean that you should not protect them at home.

Question of the day: If the school is unable to protect your children, why do you send them?

I think I will set it up with multiple user accounts (maybe just one user account for the girls and then add a password for the admin account which mom and dad can use). I really need to keep this as simple as possible, or I will get LOTS of complaints. I am going to have to talk to them about all these type of options.

BTW, Is there some way of copying the settings and desktops of a user as I create new user accounts? I don't want to have to reinstall software and rebuild the desktop for each new user I add to the system.

No way of copying settings and desktops really easily, but you won't need to reinstall software. The "rebuild the desktop" should take a minute after you create the account and log-in for the first time. Go to c:\users\{OLD USER}\Desktop and copy those files to c:\users\{NEW USER}\Desktop to transfer anything on the old desktop to the new one.

The only other problem I have with Win7 non-admin accounts is that very simple things, like adding a printer, connecting to a wireless network (which is necessary for laptops when you aren't at the house) or hooking up an ipod (which installs drivers, etc), and even something as simple as installing programs from the internet is amazingly difficult to do without getting into the weeds of group policies (GPOs), which you do NOT want to do.

Depending on the router you can easily setup the clients to have a DNS. Even if they manually set it in windows, the router can still force the clients to use a particular DNS. This works well with OpenDNS. Look for an option in your router called "Intercept DNS"

Well, the one household I was most concerned about dropped their internet service last month due to budget cutbacks. They may reinstate in the future if cash flow increases. They now have the highest level of internet security known to man! It has never been defeated. Well, I suppose they might be able to connect to the neighbor's, but the closest house is about a quarter mile away, and they are an elderly couple who I am pretty sure don't even have a computer, let alone internet service.

As it turns out my ISP provides some parental control software. We use cox and they seem to have some software called McAfee Family Protection. Does anyone have any experience with this?

I believe Comcast provides this software as well. I used it for a while but preferred the Parental controls of The Norton product. I don't know that I'd go over board with the controls. You seem to have a pretty good handle on controlling and monitoring computer access. The PC products you'll want just need to take care of the basic controls and monitoring. It will also help for accidentally going to a "bad" site (for4 example, if you want Dick's Sporting Goods, DON'T go to DICKS.COM!!) Remember that you'll want to use the computer as well when the grandkids aren't there and you probably won't want to go through the hoops of disabling the PC functions - even temporarily.

I believe Comcast provides this software as well. I used it for a while but preferred the Parental controls of The Norton product. I don't know that I'd go over board with the controls. You seem to have a pretty good handle on controlling and monitoring computer access. The PC products you'll want just need to take care of the basic controls and monitoring. It will also help for accidentally going to a "bad" site (for4 example, if you want Dick's Sporting Goods, DON'T go to DICKS.COM!!) Remember that you'll want to use the computer as well when the grandkids aren't there and you probably won't want to go through the hoops of disabling the PC functions - even temporarily.
All I have done at home is install OpenDNS on my router. I set it to low. I think that blocks mostly porn and hate sites, so I haven't had much blocked. But when it does, I have it show a picture of my grandson when he was about 2 (now he's 9) saying something like "You wouldn't want this guy to know you went to this site would you?"
I am pleased with it so far.

As far as Internet filtering at schools, it is a constant battle to stop kids from bypassing or shutting off filters. My co-worker used to work as a consultant to various rural school districts and kids hacking PCs to get around filtering was his biggest problem. Even the filtering solutions that run on the firewall can be bypassed by using a proxy service.

I would find it hard to believe that there is a school out there that isn't filtering Internet access at some level. One of the problems might be that what the school considers inappropriate might be different than what some parents consider inappropriate.

As far as Internet filtering at schools, it is a constant battle to stop kids from bypassing or shutting off filters. My co-worker used to work as a consultant to various rural school districts and kids hacking PCs to get around filtering was his biggest problem. Even the filtering solutions that run on the firewall can be bypassed by using a proxy service.

Difficult to beat a proxy, especially if the connection is encrypted using something like HTTPS connections, or, for the very talented, TOR. My Brother-in-law setup text filters on his firewall, which works against proxies, but I expect not against HTTPS connections.



I would find it hard to believe that there is a school out there that isn't filtering Internet access at some level. One of the problems might be that what the school considers inappropriate might be different than what some parents consider inappropriate.

I know a guy that used to edit and manage a porn site from the public library because he did not have an Internet connection at home. Never did see his site, but if true, it feels a bit creepy to run your porn site from the public library. I suppose that either the local public library does not have filtering, or at least not very good filtering. I hope that the public schools have better control of their systems. On the other hand, if you can't filter it, you simply need to monitor it. Most of the people that I know well have the computer in a public family area so there is no privacy while surfing, and everyone knows what site you are visiting. All schools have such a high student to faculty ratio, that there is certainly no way that they can even hope to monitor what really happens, it just is not feasible to do so; never has, never will be. As a parent with two young children, I am not sure that even a one-to-one ratio is sufficient sometimes.... :D

I assume that you are correct that I, and the school, would have very different ideas of what is appropriate to do on the Internet.

I suppose that either the local public library does not have filtering, or at least not very good filtering.


Public libraries often do not have filters. It goes against their purpose.

In regard to public schools and libraries, they do use filtering. They are required to do so by the Federal Children's Internet Protection Act and must do so to get any federal funds. In addition, many states also have similar requirements.

Most public libraries use software and in addition have written policies and watch internet usage. The real problems ends up being if people have a legitimate need to search for medical information because some of the words that they search are banned by the filtering software. They then need to go ask someone to let them do a search and explain why which can be embarrassing.

Difficult to beat a proxy, especially if the connection is encrypted using something like HTTPS connections, or, for the very talented, TOR. My Brother-in-law setup text filters on his firewall, which works against proxies, but I expect not against HTTPS connections.


The filtering software we use at work can block attempts to access proxy sites to bypass the filter. It filters both HTTP and HTTPS because it is only looking at the URLs and not content. It can even monitor other protocols, but not as easily as HTTP and HTTPS. A firewall that doesn't allow much besides HTTP and HTTPS can block most proxies. I'm sure someone with enough time could come up with a proxy that worked.

The software we use at work can do a lot, but we mostly use it to block malicious websites. Laptop users who use their laptop out of the building get many more viruses/malware/whatever than PCs in the building.

Public libraries often do not have filters. It goes against their purpose.

So you probably should not allow your kids to use it unsupervised then.....

So you probably should not allow your kids to use it unsupervised then.....

Probably not. But, my kids likely wouldn't be using the internet at a library anyways as we have a perfectly good internet at home. By the time they get of an age to go to a library themselves, they could easily go out to a library without me and use the internet without my supervision. Though, the very public nature of the terminals at a library would prevent most instance of looking at certain materials online, it's one of those things out of my control. I'm not going to stay up at night worrying about it. Just like if they went to a friends house and used the internet there. I have no control over that. Hopefully I will have raised my kids in a manner that will help guide them to make good decisions.