Joe Wilcox over at Microsoft Monitor recently posted an article about keeping kids safe on the internet.
It’s a good article, but I’d add one other thing to his suggestions: If you’ve got more than one computer in your house, disable internet access to all but public computers. And if you’ve only got one computer put it in a public location, like the kitchen.
We’ve got six different computers in our household – each kid has their own, I’ve got two, Valorie's got one, and there’s a common computer in the kitchen. Valorie's and my computers have internet access, as does the common computer, but none of the others are allowed to access the internet – we filter it off access at the firewall.
The kids also have up-to-date virus scanners on their computer (although their signatures get a smidge out-of-date).
Once a month, after patch day, I manually enable internet access and go to windows update and ensure that they’re fully patched and their virus signatures are updated. I know I could use SUS to roll my own update server, but it’s not that big a deal. SImilarly, I could set one of the internet connected machines as the virus update location for the kids computers, but again, it's not that big a deal.
This works nicely for me, and the principles can be applied to anyone's computer, even without all the added hoopla I go through. The first and most important part of the equation is that all internet browsing is done on a public computer – that means that they’re not going to be sneaking around the darker corners of the internet, with Mom and Dad in the same room.
The other part of the equation is that all accounts on the public computer are LUA accounts, which adds an additional level of safety to browsing - nobody can accidentally install ActiveX controls or other software, which again adds a HUGE level of protection. We have an admin account, but it's password protected and the kids don't know the password.
Edit: Addressed Michael Ruck's comment.