...online security is a big worry, especially with Windows. Combine that with sensitive data and you have a serious potential problem.
Truly, (as RMS has written) a computer is only secure if it is switched off, dismantled, and the hard drive crushed. But that's not much use!
In practice we find that owner-driver systems with prudent owners can be OK even with Windows so long as you
a) have a separate firewall (or router/firewall) box with stateful packet inspection
b) use Firefox with
1) Adblock Plus and the Easylist/Easyprivacy filters
2) Flashblock - puts user in control of Flash (major cause of nasties)
3) WOT - Web of Trust - warns of
most nasty sites
c) decent Windows anti-nasties packages
1) Antivirus - AVG free was good for us up to version 8, ClamWin seems to be more stable
2) Anti-Malware - we liked Spyware Blaster and Spybot S&D
3) A lucky rabbit's foot (not so lucky for the rabbit!)
d) Last, and most important, sensible, mature users.
The only problem is that I have only found a handful of item 'd'!
Most of our 'mature' users are intelligent young people in their early teens - even 'educated' adults often do not get the idea that updates
really matter!
To be fair, there are a lot of updates to take care of with that lot on Win XP, and my MS knowledge is no longer up to date since I have finally migrated all of my extended family/friends support circle (dozens of machines now) to Linux.
Oh, and one musician has gone to the dark side of
*nix with Mac OS X - needed for the <s
pit>
proprietary software on their course. <grin>
Most of our posse use Ubuntu variants - a lot of Xubuntu since it used to be a bit lighter than Gnome, and the lightweight XFCE compositor is a nice compromise for gentle eye-candy without slowing things drastically. Just did our first Lubuntu install - looks nice with Wbar at the top and runs fast on an ancient AMD 3000+ with 512M RAM.
We ran a -lot- of tests when getting into Linux, and still do a rootkit check routinely, as well as using ClamAV to check Win partitions whilst they are offline. With the same Firefox configuration as Windows, automatic updates that have never borked our installations, we have a really good feeling about *buntu installations that live behind a sensible box as in (a) above.
Similarly we have Puppy 4xx installed on four or five (lost count!) of 'our' 8 GoBook 250s wth 128M RAM and intel P3 700~800 cpus (clock at 350~400MHz). These have all the above add-ons to Firefox or its equivalent, and seem to work well enough without OS updates. The other GoBooks have 256 RAM varii flavours including Xubuntu 804 and SliTaz 3.0 which works really well for us. One of them has 10 distros installed, plus the original Win2K! Rugged old laptops that weigh a bit, but take the hammering that kids can administer.
So, for a no-worries separate internet access box (or boxes) we would suggest a *buntu or maybe Mint which does the codec installations for you, then create a non-Admin user, add the bits to Firefox and you are done.
Strong passwords, remember!
Without sensitive data on it the box can have the password written on it. Cheap (and tiny) box sometimes available from eBuyer is the Acer Revo 3610 - the 3600 would also do for your purposes. Expect to pay a good bit less than £200. Dabs had a similar Acer thing that is a bit more recent last time I looked. Or an old laptop would do....
Puppy-Linux-on-a-stick is a great solution - we have an old Celeron 1000 that does this trick with Win 98 on the 1GB HD. But..... if it does get infected (unlikely, but..) then the hacked Puppy would have access to your PC's main HD with all your sensitive data on it. Bit of a problem that.
Hope that helps!
All the best, Ben
This comes to you from my 'production' laptop using SliTaz 3 - which I am getting to be rather fond of. Seeing 'Conky' fade in on startup (thanks to the compositor) to report that RAM usage is some 56MB is worth a grin every time. The same machine has Xubuntu 904, Ubuntu 1004, Mint 9 also installed and available via GRUB. Yes, I seem to have become a distroholic!