A lot of people don’t seem to know or care about the security of their computers. If you are reading this site you probably aren’t one of those people but I’m sure you know some, and if you are one of those people then READ THIS! Even if you are a security knowledgeable citizen of the intertubes there may be a few things you don’t know or you can at least share this with your “dumb” friends :).
If you happen to be one of those “dumb” friends and you don’t understand any of this don’t hesitate to ask you “smart” friend for help. We love it when you ask us for help with your computers.
Don’t use Microsoft products:
As a general rule Microsoft products are not the most secure, though thats not to say if its not made by Microsoft it is secure or that only open source software is secure. I’m not just talking about windows here; outlook, IE, MSN messenger, and whatever tend to have more security flaws then their competitors. I believe this is partially due to the way Microsoft makes products (e.g. buy something someone else made and give it to developers that aren’t familiar with it and tell them to screw with it so that it is different then it was when they got it and get it out the door as fast as possible with absolutely no testing), Microsoft’s monopoly, having fewer devs looking at the code than an open source project would. This really is the most important thing you can do to protect yourself. I guess I can’t just tell you to stop using Microsoft products without giving a suggestion on what you should use. Ubuntu is probably the best thing for a non-technical person to use if they want to continue to use the computer they already have. If you are a non-technical person or your “friend” is and you are in the market for a new computer I would suggest apple products. If you insist on using Windows I only ask that you stop using IE. Switch to firefox.
Keep up to date:
In general software becomes more secure with time. So it is generally a good idea to have the latest version of software, or at least the software that is going to be connecting to the internet (i.e. your web browser, email client, or instant messenger). It is especially important that you keep up to date on the updates for you OS.
It a pun of defensive driving get it? Yeah, I know it wasn’t funny… Anyway, unsafe browsing habits is among the top causes of security problems. Pay attention to what you are doing. If you get an email claiming that paypal needs your password treat it the same way you would if you got a letter in the mail that says Social Security needs your social security number. This is called phishing. You will be sent to a web site that looks a lot like paypal but is not paypal. All you have to do is look at the address bar and see that you are at http://www.someurl.com (that is an example and not really where you will be) instead of at http://www.paypal.com.
Besides getting your information stolen unsafe browsing can lead to viruses and root kits (a program that takes control of your computer so that a cracker can use it). So be careful what you download. If you are doing loading a file and its called 5billionpicsofsexygirl.exe.zip, it is not the porn you wanted but a virus! You should always be leery of files with two extensions. Also, check the file size. if it is really 5 billion pictures it is going to be much larger than 500kb.
This topic is another great example of why you shouldn’t run windows. Windows has many vulnerabilities that will allow an attack to install software onto your computer by simply directing you to a webpage or getting you to open an email.
Use long, random passwords:
Passwords are generally your first line of defense against an attack and the longer and less guessable they are the safer they are. I talked recently about a website that generates a very long password for you. I suggest that you use it.
Don’t right down your passwords:
You remember those dosen long random passwords I told you to use? Yeah, never ever write them done (or give them to others). If you do it completely defeats the purpose of having them because then anyone can just read it! There are some memory tricks you can use remember them if you are having trouble: break each password up into small section of 1-3 characters (e.g. if your password is oetuhc89dh break it into oet uhc 89 dh or oet uhc 89d h), or assign each character in your password to an object and place that object in you memory palace.
To be honest, I don’t remember most of my passwords. I let firefox remember them for me and I just use a master password. I know this isn’t the most secure thing to do but its better than using the same one password I remember for every site. I also keep all of my passwords in an encrypted text file (that is NOT labeled passwords.txt). If you are really paranoid you might want to keep this on a flash drive so that the people in black helicopters can’t steal your hard drive and recover the unencrypted text file from your deleted files. I just use srm.
Use security extension for firefox:
I’ve already said that you shouldn’t use IE because it isn’t secure and that you should use FireFox (or opera if you want). Now I’m going to tell you that FireFox is still not secure enough. FireFox is better than IE but like all things in this world it isn’t perfect. Fortunately, there are some extensions that can bring Firefox closer to perfection.
secure your network:
I’m all for sharing your network with others, but it really isn’t very secure. a lot of people don’t even know that it is possible to log in to their wifi router and change things. Well you can. so lets all go to http:192.168.1.1 and change our routers passwords and then go over to the security tab and turn on encryption (make sure you know the wep key or wpa password).
If you know what your doing and you want your network to be secure but also want to allow others to use it, you can make a section that you use which is secure and a section for others to use that is open.
Turn off file sharing:
File sharing is evil turn it off when you aren’t using it. Next time you stay at a hotel that offers free wifi poke around at the network a bit and you will be amazed to find probably dozens of windows machines that have file sharing (not as in p2p) on and completely open to you. This is yet another reason why you should not use windows. Linux/BSD/Mac OS will make you work to reach this level of insecurity whereas windows does it by default (or maybe it is a toggle in the network settings I can’t remember). However, I do believe that vista is a bit more secure than XP when it comes to file sharing.
Use multiple passwords:
As well as using long, random passwords you should be using multiple passwords. In fact, you should really have a different password for everything. At very least use a different password to login to your computer as you use on to log into the bank’s site and yet another for myspace or whatever.
Encrypt your stuff:
Anytime you are using a computer you should have the expectation that someone could get access to your files if they are determined enough. Thus, the only sure way to protect yourself is to use encryption (unless the FBI, CIA or any other organization with a three letter abbreviation for a name are after you.) You have two options: encrypt only the files that you want to secure or encrypt all of your files. Both have their advantages. If you only encrypt certain files it will be a red flag to anyone who finds them that they are important. Encrypting everything means encrypting the partition that your stuff is on. Recently some security experts have shown thatit is relatively easy to get around this kind of encryption. I presume that the attack used to do that only works if the partition is mounted at start up; so if you don’t mount it at start up and simply mount it yourself after you have logged in I think you may be able to protect yourself from this.
If you want to go with the first method (encrypting individual files) you should check out a series I wrote about GNUPG a long time ago.
If you would prefer to use the second method (full partition encryption) you should check out the series that Zeth over at the Commandline Warriors put together.
Remove important stuff with srm or shred.
If you are using full disk encryption this section probably isn’t for you, but if your not listen up. When you delete things from your computer they are not gone! it simply tells your computer that the space that was used for the old data can now be used to something else. So when you delete a file it can often be recovered by people who have the money to do that kind of thing.
Never fear, you can protect yourself from this one Too! Just use srm or shred to delete those important files (both of these (or maybe just one) should be available in your friendly neighborhood repository). Some people argue about which is better and I don’t know so I’m not going to comment. I think both will probably get the job done, however srm is more widely available.
If you are reinstalling your OS or getting rid of your computer you want to make sure that there is nothing left behind from the old OS that could compromise you security. I suggest using a live disk called Darik’s Boot and Nuke (DBAN). If you don’t want to mess with this when you are just reinstalling your OS that is fine, but This is a must if you are going to be getting rid of your computer/hard drive. If you do not wipe the drive before you get ride of it the person who gets it next will have complete access to all of your files.
If you still need a reason to worry about the security of your computer know this: most spam comes from computers which have been taken over by attackers completely without the knowledge of their owners.
Stay tuned for the second part of my security series where I will try to get you to think like a paranoid person. Also Mr.linuxcrayon that FreeBSD review will becoming any day now.