Your computer, security, and the digital age...

You may call me Theorist. I'm 23 years old, happily married, and am a gypsy by nature. Oh yeah, I'm also a computer software engineer. This post isn't about me, though. It's about you. Your computer. And how to protect yourself, your identity, and even your life in today's hostile environment.

Sure, you may be sitting there thinking '...I run an anti-virus software, and a firewall. I'm protected...' but trust me, you're not.

We'll start off easy and with the basics. Microsoft Windows. One of the most popular operating systems, and also the most targeted. To Microsoft's credit, they respond to security threats very aggressively and employ some of the most talented software engineers anywhere in the world. Yes, Microsoft Windows 7 is the most secure operating system available. More so than Linux and more so than OSX.

The only reason you don't see many viruses, trojans, and exploited security vulnerabilities in these two operating systems is because, simply put, they're not worth the time. Users of these OS's be warned though, as OSX and Linux become more popular, this will change. And may I say, boy, are the users of these OS's in for a rude awakening. When I hear someone say '...I use Linux so I'm not worried...', I laugh and die a little on the inside.

Anyhow, let's redirect to the topic. Microsoft Windows. The only way to keep Microsoft Windows secure is to make sure that the security updates Microsoft releases are installed. Therefore, despite what some say, I recommend setting your 'Automatic Updates' to automatically download and install. There are some cases where this may be problematic for users but for the average computer user, it won't be. I strongly recommend that you do this.

Let's talk about anti-virus software, now. Firstly and foremost, Microsoft has it's own anti-virus solution known as 'Microsoft Security Essentials'. It's lightweight, user friendly, and free. In terms of free anti-virus software, it is one of the best options available. However when concerned about your computer's security, there are significantly better options available.

Stay away from McAfee and Symantec products. I cannot stress this enough. I'll say it one more time so there is an understanding here. Stay away from McAfee and Symantec products. The corporations behind these two products work closely with law enforcement and government agencies from around the world and have 'white-listed' various law enforcement and government spyware such as, but not limited to, Magic Lantern. Their software will not detect it. Period. I do not promote illegal activity. However I do not like 'white-listed' spyware and believe it to be an affront to basic computer security. And with what I believe to be a 'police state' becoming reality, I grow even more paranoid. The absolute best anti-virus software I have ever used, and continue to use, is Kaspersky. It's code is clean, it's scanner is very effective, and the software isn't a complete resource hog. Like always, make sure you keep your anti-virus updated.

Now, let's talk about a personal firewall. The Windows Firewall is trash. Complete and utter garbage. Am I making myself clear? A lot of 'security suite' products today contain the full package. A fully featured anti-virus, and firewall protection. It is my position that you should never use any security suite. Your anti-virus and firewall software should come from separate vendors. If you use a security suite, you risk a single exploit bringing down your entire security grid. This risk is minimized by using separate vendors for your anti-virus and firewall needs. At the time of writing this, I strongly recommend the ZoneAlarm PRO firewall. It is feature rich, highly configurable, and an excellent choice. Remember, keep it updated.

Encryption. This is one of the most important safety tools available today. More so for mobile computer users but also for the home user. To my knowledge, a properly encrypted harddrive is unbreakable. For true whole disk encryption, I recommend PGP WDE Encryption. However earlier, I said stay away from Symantec products. Earlier this year, PGP was purchased by Symantec. The only reason I continue to recommend PGP at this time is that the source-code is made publically available. If Symantec decides to change this policy at any time in the future, I will no longer recommend PGP. However at this time I can safety say that there is no back door or way around the encryption. This is the best defense against physical intrusion into your computer.

There are many encryption solutions available. Stay away from any encryption software which claims to be 'military grade' because there is no such thing, and stay away from any encryption software that claims to use it's own algorithm. The best algorithm to use in encryption is AES 256BIT but there are many options. This is the only algorithm approved for use by the US Government for 'above top secret' encryption. The FBI is unable to crack it. Period. I do not believe that even the NSA is capable of cracking this encryption otherwise the US Government would not be using it. Do not use Microsoft's BitLocker. It is not true encryption and is easily bypassed.

Encryption itself is not a stand-alone solution, however. If someone has access to your computer physically, there are ways around it. Forensic analysis is a very dangerous threat to the computer users of today. Information stored in the RAM is a huge vulnerability and is commonly exploited. Some of you may have heard of COFEE, a tool Microsoft released to law enforcement on a USB drive. Guess what? It's now available on many torrent websites. I even have a copy of it. It works by plugging into a USB drive. There is a way to prevent this, however.

In your BIOS, disable the boot of all devices until the main drive has been fully loaded. Disable the USB drives. Disable the CD drives. Disable everything but the main boot drive. Password protect the bios using a password consisting of at least 12 characters, consisting of numbers, upper & lowercase letters, and symbols. Use 'preboot' encryption (common in many encryption packages today). For the truly paranoid, remove the CD drive, and fill the USB drives with some type of liquid like glue. Remember though, this will RUIN the USB drives and you'll never be able to use them again. This is useful for IT professionals where security is of utmost importance. If you're using a laptop, use a unique nail polish and cover all the screw holes. This will provide visual evidence of tampering.

Wireless Networks. They are not secure. End of story. Even when you lock down a wireless network using WPA2 (the strongest 'publicly' available wireless encryption), you're not secure. I can, and have, accessed 'locked down' wireless networks using WPA2 in under 2 minutes. It's not very difficult. After accessing the network, I can access any computer currently connected to it within 30 seconds if they're running poorly configured security (75% of people do). I have cracked cafe wireless networks and gained access to 20 computers at a time. It's easier than you may think. Properly configuring your firewalls can slow the hacker down and possibly discourage any further attack. Simply put, in most instances, it's not worth their time. There are easier fish in the pond. Remember though, you can never stop a dedicated hacker. All you can do is make it difficult for them.

Use a modern web-browser. Stay away from Internet Explorer. It is a crap Internet browser and your weakest security link when on the internet. Use a browser such as Chrome, Firefox, or even Safari. Stay away from extensions and add-on's. The more you add to your browser, the weaker your security becomes. More code means more possible vulnerabilities. Remember that.

Never ever store your passwords, credit card information, or any personal information in your browser. Never. Ever. If someone gains access to your computer system, all of this information is fair game. We know where to look, and what to look for. When you store this information in your internet browser, it becomes a treasure trove for us. It is usually the first place a hacker would look for personal information. How important is your money to you? How important is your identity? How important is keeping your children safe? If you must absolutely store your information, remember to use an encrypted vault. There are many solutions available. However I will not recommend one to you. Just remember to never use a software vault which is tied into any other security software on your system. Doing so, like I said, exposes your risk even further.

A lot of financial management software like Quicken, most anti-virus and firewall software, and the like offer their own 'password protection' which prevents unauthorized access. Use all built in password protection if it comes with your software. It can slow down a hacker significantly. An example of this is the following. If a hacker were to crack your system, and there was a Quicken icon on your desktop, he may try to open it. No password protection means that said hacker would instantly be able to view your financial records and steal important information. If it were password protected, he would have to crack it before he could access your financial information. That's just an example.

Never ever use the same password for any login! Use different passwords for everything!

This is only a basic rundown of computer security and there is much more you can do to protect yourself. However using the above technologies, and common sense, you should be just fine in today's hostile environment.

Excellent info.

I am glad I found this. Rather, that I was directed to if by a fellow ATSer.

Peace S&F