This post will serve as a tutorial on personal online safety and privacy. Due to the mixed technical knowledge of any audience, I’m going to write it mainly for the general computer users but I will add advanced sections for tekkies. My advice will apply mainly to Windows users due to its low security level and the amount of vulnerabilities and threats targeted at this operating system, but you will find Linux & Mac sub-sections as well. Just to note, I’m not planning to detail on corporate security here, but you’re welcome to get in touch with me if you’re a corporate/business user interested in my services.
Before I start, I’d like to mention 2 things: 1. This tutorial should be considered a guideline. As I am not performing the service on your machine in person, I take no responsibility for any issues that you may encounter while following my advice. If you choose to apply any of the information available in my post, you do so on your own responsibility. And 2, this post will be periodically updated so feel free to bookmark it (add it to your favourites) and come back to check for new info.
Three steps to what I think good security is for anyone surfing the Internet from home/office:
1. A secure computer = Up to date operating system, clean from malware, with a complete security solution installed (eg. Kaspersky Internet Security , Eset Smart Security or BitDefender Internet Security)
2. An up to date secure browser that is configured correctly: Mozilla Firefox (recommended), Comodo Dragon or SRWare Iron (both based on Chromium, just like Google Chrome, but with high privacy and security, without the tracking features of Chrome and Chromium) Please note that See below for my tutorial on enhancing security of your browser. explorer is NOT a secure browser!
3. A secure network = Connect to the internet through a network that’s protected by a hardware firewall. Most routers today come with a built-in software firewall that provides basic protection, at least use one from a well-known manufacturer (eg. Cisco, DrayTek, LinkSys, NetGear, D-Link). If connected over WiFi, secure it with WPA2 AES and a strong password!
Part 1. How to secure your computer?
1.1 I’m going to start with Windows users
A) The most reliable way to secure your PC is to backup your essential data to an external hard drive (if available, also backup your critical data using an online backup service like SpiderOak) then format your hard drive(s). Unplug the network cable from the pc, disconnect all peripherals except your keyboard, mouse and monitor, then install the latest version of Windows 7 SP1. After Windows 7 has finished installing and is up and running, restart your computer. Now install your preferred security solution. I strongly recommend Kaspersky Internet Security which at the moment is at version 12. Can be purchased from Amazon for a discounted price, check it out. After you’ve got KIS installed, reboot your pc. Log into Windows, connect your computer to the internet and update Kaspersky. Reboot if required. Then install the optional updates from Microsoft updates that are new drivers for your hardware, and ALL updates under the Important Microsoft Updates section. Be patient, it will take a while and your computer will need to restart once or twice. When that’s done, you’ve got a secure computer for sure! Now you can plug-in all your peripherals, install the necessary software, restore your data and customise your PC.
B) Considering most users are not willing to go through the hassle of reinstalling everything (you should do it on Windows if you want to be sure that you’ve got a safe computer), I’m going to write a list of basic steps that should help you secure your machine:
- Reboot your PC.
- Use your Internet browser to download and install CCleaner. Run it with Admin rights, check ALL the options in the first tab except the last one that says “Wipe Free Space”. Do not check that as it will take a long time to finish and its only necessary in data sanitary conditions. Click on the second tab called Applications and check all options. Now select Analyse, wait for it to finish, then click on Run Cleaner. Restart your computer.
- Click on the Start orb at the bottom left of your screen and search for “msconfig” (without the quotes). Run it, go to services and check the box “Hide all Microsoft services”. Now disable (uncheck) all the services that you don’t recognise (make sure you know what you’re doing!). Then click on the Startup tab and uncheck the items that you don’t recognise. Reboot. (Tutorial here and video tutorial here -not mine)
- If you suspect an infection on your machine, then you should use an online virus scanner before you go any further. Chose any of these: Kaspersky Online Scanner, BitDefender Online Scanner, Eset Online Scanner, TrendMicro Online Scanner
- (Adv.) Further on, if you suspect a rootkit, then download and run Kaspersky Virus Removal tool, or Hijack This, or Rootkit Buster, or Sophos Anti-Rootkit, or GMER
- Now uninstall all the unnecessary software from your machine and reboot. (Start-Control Panel-Programs and Features). Win7 performance optimisation tutorial by Microsoft here
- After rebooting, run CCleaner one more time (Right click on Recycle bin and select Run CCleaner). Unless you’ve got a good Internet security suite installed on your machine, uninstall it, reboot and then install Kaspersky Internet Security. Comes with 30 days trial. For free solutions, use one of these
1.2 Linux users – well most of you already know what you’re doing so I’m not gonna brag about it. Here are 3 steps for more novice Linux users and 1 for advanced:
- Use a popular distro that provides regular security updates and has a 6-9 months release cycle. eg. the multiple flavours of Ubuntu, Linux Mint, OpenSuse, Mandriva, Fedora, CentOS. Always keep your distro up to date! (I run sudo apt-get update / sudo apt-get upgrade every time I log into my Linux)
- Use ClamAV. Set it up to update and scan automatically. This tutorial shows you how to set it up in Debian based distros.
- Use a software firewall. Select one from here that suits you but I recommend using the integrated firewall on your distro, or else (Adv.) use iptables or a dedicated firewall solution eg. SmoothWall
- (Adv.) Harden the Kernel. Hardening tutorial for Ubuntu here.
1.3 Mac users – no offence to anyone promoting no threats on Macs, but if you’re one of them allow me to tell you this politely: you are an idiot and you should switch to Windows asap because you’re a n00b. Thanks! 🙂 Seriously now, the threats on Linux and Macs get onto your machines through your browsers or your open ports (and on Mac there are plenty). Linux is a very very secure operating system because is based on the UNIX architecture. Apple’s OSX is also based on Unix since version X but while its better than Windows, its far from the security of Linux. If I were to put the top 3 most secure OSs out there, then it would be: OpenBSD – Linux – Solaris. Yeah, Windows and OSX are not there, here is why and here and here and finally here. Now my advice for you guys:
- Always install ALL updates from Apple. If they release a new cat on the marker, be sure to be on it as its faster and more secure than the previous generation. If your Mac’s hardware doesn’t support it, at least upgrade to the latest available OS for your hardware, then follow my advice in this post.
- The serious threats on Macs come through your browser. Use the latest version of Firefox for Mac for your OS. Use the latest version of Safari. Configure them correctly (see below my advice on how to configure browsers securely). How to properly clean your mac regularly.
- DO use a security suite on yr Mac if you’re not an experienced user, or at least an antivirus + the built-in firewall. If you choose to install a security suite, then pick one from here (Sophos or BiDefender would be my choice for premium and iAntivirus or Clam as free options)
- Take a look at Apple’s own security support page. Report findings if you have concerns.
- Keep an eye on securemac.com as they’ll keep you up to date with the latest threats on your platform.
Part 2. How to secure your browser?
At first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, you’ll find “How to force use of 256-bit AES for secure web and secure email”
- Always use the latest version of Firefox, Chrome, Dragon, Iron, Safari or Opera
- Regularly use CCleaner on Windows, BleachBit on Linux and CleanMyMac on Macs to get rid of all temp files, cache, cookies etc
- How to automatically clear history in Chrome /Chromium/ Dragon here
- How to automatically clear history in Safari here; advanced tutorial for Mac here
Due to the fact that Firefox is the most secure browser, is the one I recommend you to use! Here’s how to configure it:
- Set Firefox to always clear your browsing history upon exit. Mozilla instructions here
- Uninstall useless addons and extensions (all toolbars included)
- Install the following Add-ons for Firefox: HTTPS Everywhere, AdBlock, TrackMeNot, BetterPrivacy, Lightbeam, Flagtfox, NoScript and Ghostery. Please note that NoScript requires user interaction and manual approval of scripts. Ghostery updates itself but make sure u select it to block everything by default. You can allow whatever you want as you browse. However, allow only the scripts from websites you’re familiar with, don’t enable any other ones when visiting websites!
- (Adv.) Use the instructions in this article to set your Firefox to use 256bit AES SSL encryption on available sites.
For those of you that prefer Chrome, I strongly recommend you to use Comodo Dragon instead (if you’re on Windows). Or else Iron if you’re on any flavour of Linux. Dragon & Iron are virtually Chrome but with enhanced privacy and no tracking features. You can download Comodo from here and Iron from here
These are the extensions you should install on all Chromium browsers for high security and privacy (Dragon, Iron, Chrome etc) : AdBlock, Do Not Track Plus, Ghostery, HTTPS Everywhere, PrivDog, IBA Opt-out, SecBrowsing and the addons from Kaspersky Internet Security.
Part 3. How do you secure your network?
3.1 Basic steps to secure your Internet connection:
- Use a hardware firewall if you’re open to Internet access due to certain Internet services you provide (you should also be on Linux and take all necessary security measures)
- Use one of the routers I mentioned above or [highly recommended] one that’s compatible with DD-WRT
- Use an interactive software firewall that filters everything and learns from your choices. Comodo, Kaspersky or Eset are good choices.
- Use an SSL VPN for complete traffic security between your machine and any other Internet machines
3.1 Basic steps to secure your WiFi connection:
- There are soo many tutorials on the Internet on this that I’m not even gonna attempt to write one. I’ll only specify 3 things:
Advanced instructions for Internet Anonymity:
I believe that people have the right to choose to live a private digital life if they really want to. Therefore I will summarise 3 ways on how to achieve real Internet surfing anonymity but I won’t go into specifics. To achive this you obviously need to have followed at least my advice above to secure your computer.
- Install and configure Tor. Heres how
- Browse the internet (optional: from within VMs installed) on your computer that is configured to use SSL VPN tunnelling eg. OpenVPN
- Feel free to follow my instructions in the post “How to surf (relatively) anonymous in today’s digital world?“
- When away from your computer you can use portable Firefox and other apps from PortableApps.com
- How Secure is Your Password? – on ghacks.net
- Security in-a-box: Tools and tactics for your digital security
- Five Things to Know About Linux Security
- Top 10 proxy websites and proxy list
- Mobile service privacy checker (for mobile browsers)
- For secure online backup, I recommend SpiderOak. If you live in the EU then use Wuala
- For secure file storage I recommend TrueCrypt