Safe personal computing

Posted onAuthornetjeffLeave a comment

Summarized from the 15 May 2001 issue of Crypto-Gram by Bruce Schneier:

None of these are perfect; none of these are foolproof. If the secret police wants to target your data or your communications, none of these will stop them. But they're all good network hygiene, and they'll make you a more difficult target than the computer next door.

  1. Passwords. You can't memorize good enough passwords any more, so don't bother. Create long random passwords, and write them down. Store them in your wallet, or in a program like Password Safe. Guard them as you would your cash. Don't let Web browsers store passwords for you. Don't transmit passwords (or PINs) in unencrypted e-mail and Web forms. Assume that all PINs can be easily broken, and plan accordingly.
  2. Antivirus software. Use it.
  3. Personal firewall software. Use it.
  4. E-mail. Delete spam without reading it. Don't open, and immediately delete, messages with file attachments unless you know what they contain. Turn off HTML mail. Don't use Outlook or Outlook Express. If you're using Windows, turn off the "hide file extensions for known file types" option; it lets Trojan horses masquerade as other types of files. Uninstall the Windows Scripting Host if you can get along without it.
  5. Web sites. SSL does not provide any assurance that the vendor is trustworthy or that their database of customer information is secure. Limit financial and personal data you send to Web sites; don't give out information unless you see a value to you. If you don't want to give out personal information, lie.
  6. Browsing. Limit use of cookies and applets to those few sites that provide services you need. Regularly clean out your cookie and temp folders (I have a batch file that does this every time I boot.) If at all possible, don't use Microsoft Internet Explorer.
  7. Applications. Limit the applications on your machine. If you don't need it, don't install it. If you no longer need it, uninstall it. If you need it, regularly check for updates and install them.
  8. Backups. Back up regularly. Remember to destroy old backups; physically destroy CD-R disks.
  9. Laptop security. Keep your laptop with you at all times when not at home; think of it as you would a wallet or purse.
  10. Encryption. Install an e-mail and file encrypt or (like PGP). Encrypting all your e-mail is unrealistic, but some mail is too sensitive to send in the clear. Similarly, some files on your hard drive are too sensitive to leave unencrypted.
  11. General. Turn off the computer when you're not using it, especially if you have an "always on" Internet connection. If possible, don't use Microsoft Windows.

Honestly, this is hard work. Even I can't say that I diligently follow my own advice. But I do mostly, and that's probably good enough. And "probably good enough" is about the best you can do these days.

Leave a Reply

Your email address will not be published. Required fields are marked *