Best Security Practices For Your Personal Computer
Permalink | Author: Dan Dart | Published: 2009-11-11 00:51:00.001 UTC | Tags: anti avast firewall linux live password rootkit trojan virus vista windows worm xp
Many of you may be worried or concerned about the security of your computer. With threats of viruses, spyware, bank details being stolen, accounts cracked and vulnerabilities everywhere, it is natural to be paranoid.
Here are some top security practices:
- Change your passwords. All of them. Yes, really. It does make a lot of difference to the chances of a cracker being able to track you, monitor you or pretend to be you and not. Normally people advise you change all your passwords every 2 weeks. However don't write them down, and make them long and memorable using capital letters, numbers and symbols.
Also, try not to make your password a dictionary word, or even close to it. Make it look like random garbage. You can use mnemonics to help you remember them. Consider the following sentence:
"Do as I say, not as I do!"
This can help you remember and formulate the password: DaIs,naId! You could add numbers, or convert some letters to numbers, etc: Da15,naId!
Being 10 characters long, this is a medium strength password. Try to make a sentence about 14+ letters long for strong security, but remember nothing is unbreakable!
Install security software. A lot of users might think here: "I have a firewall. why do I need this?". The answer is simple: Just because you can stop things coming into your computer and going out, it doesn't make it invulnerable to threats such as downloaded malicious files or bad web pages. I recommend Windows users install Avast Antivirus for free. Linux users should install rootkit checkers, such as rkhunter and chkrootkit.
Update your system regularly. This is one of the worst things you can leave out. If you do not update every single piece of your system, using update managers and such, vulnerabilities may be discovered in older versions of your software. Once you have a vulnerability, anything you could do (e.g. visiting a web site, opening a PDF) might give intruders access to your system. So remember to patch, and turn automatic updates ON!
Install a firewall. You may have one already, but some dismiss them. Make sure they're turned on! If you have Windows turn Windows Firewall on, and make sure there are little to no exceptons (aside from the things that you REALLY need). On Linux you can alter iptables via a GUI like Firestarter if you wish.
Change your browser. If you use Internet Explorer, you might do better to switch. It is well known for being particularly vulnerable to attack. There have been more security holes in Internet Explorer than any other browser, and they have been more slowly patched as well. Firefox and Google Chrome are good alternatives. Check Secunia and SecurityFocus for more details. There is also a table of known vulnerabilities in the latest versions of many browsers on Wikipedia.
Start over While many things may get in the way, you have tried your best to rid your computer of viruses, but there is a good chance that the viruses you have obtained have not been removed, as they may be too new for the database, or are too malicious. (Remember the stories about Conficker, the massive Windows malware, that you couldn't remove with antivirus?). If all else fails, the best way to remove any threats is to wipe your disk completely. Do a complete reinstall. There are many tutorials available, just google for them, or follow the guides for Windows XP (edit 2021: archived) and Windows Vista (edit 2025: archived). If you have a recovery disk that came with your computer, then use this instead. In any case, remember to back up!
Back up your sensitive data. Anything you do not wish an intruder to get at would be best removed or moved to portable storage. Encrypted is best!
NEVER save bank/paypal details to your computer! If an intruder gets in, they can recover your passwords (regardless of whether they're locked out) and recover your bank details. Ouch.
If you have to do banking, do it on a Linux Live CD As this Washington Post article says, you can avoid the risk of Windows malware, spyware, trojans, viruses, etc completely if you use a Linux Live CD to bank online with. I would recommend you download Ubuntu and burn it to a CD-R using DeepBurner (using Burn ISO to disk option) or CD recording software of your choice, then boot from it. Here's how:
Reboot your computer. If you see the Ubuntu boot screen, then select your language and press Enter at the next prompt. If you don't, see if there is a message to press a button to select boot device. Press it and select the CD or DVD device. If there is no message, find the message that says to press a button to enter SETUP. From there navigate to Boot devices and put priority on your CD/DVD device (method may vary). Finally save changes and exit.
- Install Linux alongside Windows. If you like the CD, you can install it permanently so that you can install more software, by selecting the Install option on the desktop of Ubuntu, making sure to resize the Windows partition to whatever size you need. (Don't panic if resizing takes ages!)
I hope that this has helped you become more secure. Please comment if you have any suggestions or things I may have left out.
Comments
No comments yet...
Post a comment:
Linux Myths Debunked
Permalink | Author: Dan Dart | Published: 2009-09-20 09:33:00 UTC | Tags: debunked linux myths operating system security trojan virus windows
- "You can't run games on Linux.". This is one that annoys me. People claim that Linux does not provide the necessary gaming requirememnts. But look:
There is a list of Linux games at s//icculus.org/lgfaq/gamelist.php which includes many famous and popular games such as Enemy Territory: Quake Wars, Quake 4 and the Unreal Tournament series. These have either been ported from the originals by independent game companies or originally programmed for Linux (as well as many other operating systems). They often run faster on Linux than Windows as the old ETQW system requirements page showed (required 2.8GHz for Windows, 2.0GHz for Linux). For games that are not supported on Linux, there are API layers (NOT emulators) for Linux that can run Windows programs, often faster than Windows can, due to memory usage. Examples are Wine (free libre/gratis), Cedega (subscription) and CrossOver (subscription). I have successfully run many Valve games on Linux such as Half-Life 2, and many mods of it, using the Windows version of Steam under Wine, and they ran great. Also check out https://en.wikipedia.org/wiki/List_of_open_source_video_games for many more cross platform free games.
"Linux has bad security". Anyone who knows security will surely agree with me here. It is in fact widely known that Windows has viruses, trojans, worms, malware and various spyware available for it. The makers of these programs assume you have Windows (as the majority of desktop users have at the moment). New malware is being made all the time and if you get a virus, you will likely not know about it until it has done its damage (unless it's quite old, in which case your virus checker will pick it up). Malware has been made for Linux but most past attempts at it have failed. https://en.wikipedia.org/wiki/Linux_malware Linux was originally designed for multiple users from the ground up, in contrast to Windows' 1-user original setup. This could factor in too. The password hashes used by Linux can be Blowfish or MD5. These are known strong algorithms, and they are protected by a "salt" to protect against "rainbow table" password cracking. Unfortunately, Windows uses a hash called "NTLM", NT Lan Manager. These hashes don't have salts, and your password is split into 7 digit segments before being hashed. See https://en.wikipedia.org/wiki/LM_hash . These keys are significantly easier to crack and don't require much time if necessary rainbow tables have been installed. In the times of Windows XP, no password was set by default for the main user or administrator, Though this has been fixed now, this was a huge security risk. Exploits in Linux and Windows have been widespread, but Windows has had many more serious ones. In fact in 2008, a Windows server could be compromised by attacking the SMB service in an attack called "ms08_067_netapi". This can gain System user level access to the system. Linux kernel exploits have indeed been found but have been patched significantly quicker (as open source usually is, as there are many more developers), and cannot be exploited from the outside. One more reason why Windows computers happen to be less secure is that the users running the system do not know much about security (they are less educated) and as the system is often not tightly locked down enough.
"Linux is hard to use". This is a complete joke in my eyes. I recommend Linux Mint at www.linuxmint.com to anyone to try it. You will find that most if not all of your hardware is auto detected (Windows does not have this, it needs drivers, and the only reason it works for you is that they have been prepackaged along with your computer), and it's simple. To install software all one needs to do is to go to the Install Software or Package Manager button in the menu and search for software. Repositories like this have been checked for malware so there is a very slim chance user programs will do harm. Ubuntu and Mint are world renound for their ease of use, and that means there is no reason not to check them out!
"Linux won't play my media/DVD/etc" It is likely that your distribution does not come with necessary media codecs (for legal reasons). That is why I recommend Mint (to anyone in a country where the software is legal, get the Main edition). This includes software to play DVDs and almost all media formats. Though it is not hard to install it in Ubuntu, the media players prompt you to choose a codec and install it!
"Linux is all command line". Proof enough is this picture:
Comments
Jake (URL) said on 2013-01-16T03:16:15.07Z:Thanks for defending Linux. You forgot to mention only that Internet wouldn't probably exist by now if it wasn't for linux servers (used most of all by Microsoft sites). Windows security is so "strong" that most self respecting ISPs operates from behind a linux servers.
Post a comment: