RSS

Tag Archives: Windows 7

How to surf safe in today’s digital world?

07 Apr

This post will (hopefully) serve as a tutorial on personal online safety and privacy. Due to the mixed technical knowledge of any audience, I’m going to write it mainly for the general computer users but I will add advanced sections for tekkies. My advice will apply mainly to Windows users due to its low security level and the amount of vulnerabilities and threats targeted at this operating system, but you will find Linux & Mac sub-sections as well. Just to note, I’m not planning to detail on corporate security here, but you’re welcome to get in touch with me if you’re a corporate/business user interested in my services.

Before I start, I’d like to mention 2 things: 1. This tutorial should be considered a guideline. As I am not performing the service on your machine in person, I take no responsibility for any issues that you may encounter while following my advice. If you choose to apply any of the information available in my post, you do so on your own responsibility. And 2, this post will be periodically updated so feel free to bookmark it (add it to your favorites) and come back to check for new info.

Three steps to what I think good security is for anyone surfing the Internet from home/office:

1. A secure computer = Up to date operating system, clean from malware, with a complete security solution installed (eg. Kaspersky Internet Security , Eset Smart Security or BitDefender Internet Security)

2. An up to date secure browser that is configured correctly: Mozilla Firefox (recommended), Iridium Browser or SRWare Iron (both based on Chromium, just like Google Chrome, but with high privacy and security, without the tracking features of Chrome and Chromium)  Please note that Internet explorer is NOT a secure browser! See below for my tutorial on enhancing security of your browser.

3. A secure network = Connect to the internet through a network that’s protected by a software firewall AND a hardware firewall. Most routers today come with a built-in software firewall that provides basic protection, at least use one from a well-known manufacturer (eg. Cisco, DrayTek, LinkSys, NetGear, D-Link). If connected over WiFi, secure it with WPA2 AES, use a very strong +32 characters password, and disable WPS!

Part 1. How to secure your computer?

1.1 I’m going to start with Windows users

A) The most reliable way to secure your PC is to backup your essential data to an external encrypted hard drive (if available, also backup your critical data using an encrypted private cloud service like NextCloud or use an encrypted NAS like Synology NAS) then format your hard drive(s). Unplug the network cable from the pc, disconnect all peripherals except your keyboard, mouse and monitor, then install the latest version of Microsoft-genuine Windows. After Windows has finished installing and is up and running, restart your computer. Now install your preferred security solution and update the antivirus. Then download and install the latest available hosts file from mvps.org (or preferably from stevenblack). Reboot your pc. Then install the optional updates from Microsoft updates that are new drivers for your hardware, and ALL updates under the Important Microsoft Updates section. Be patient, it will take a while and your computer will need to restart once or twice. When that’s done, you’ve got a secure computer for sure! Now you can plug-in all your peripherals, install the necessary software, restore your data and customise your PC.

PS: Good to know if you choose to install Windows 10:

B) Considering most users are not willing to go through the hassle of reinstalling everything (you should do it on Windows if you want to be sure that you’ve got a safe computer), I’m going to write a list of basic steps that should help you secure your machine:

  1. Reboot your PC.
  2. Use your Internet browser to download and install CCleaner. Run it with Admin rights, check ALL the options in the first tab except the last one that says “Wipe Free Space”. Do not check that as it will take a long time to finish and its only necessary in data sanitary conditions. Click on the second tab called Applications and check all options. Now select Analyse, wait for it to finish, then click on Run Cleaner. Restart your computer.
  3. Click on the Start orb at the bottom left of your screen and search for “msconfig” (without the quotes). Run it, go to services and check the box “Hide all Microsoft services”. Now disable (uncheck) all the services that you don’t recognise (make sure you know what you’re doing!). Then click on the Startup tab and uncheck the items that you don’t recognise. Reboot. (Tutorial here and video tutorial here -not mine)
  4. If you suspect an infection on your machine, then you should use an online virus scanner before you go any further. Chose any of these: Kaspersky Online ScannerBitDefender Online ScannerEset Online ScannerTrendMicro Online Scanner
  5. (Adv.) Further on, if you suspect a rootkit, then download and run Kaspersky Virus Removal tool, or Hijack This, or Rootkit Buster, or Sophos Anti-Rootkit, or GMER
  6. Now uninstall all the unnecessary software from your machine and reboot.  (Start-Control Panel-Programs and Features). Win7 performance optimisation tutorial by Microsoft here
  7. After rebooting, run CCleaner one more time (Right click on Recycle bin and select Run CCleaner). Unless you’ve got a good Internet security suite installed on your machine, uninstall it, reboot and then install one listed by these guys: https://www.av-test.org/en/
  8. Download and install the latest available hosts file from mvps.org (or preferably from stevenblack). Reboot your pc and then enjoy some slightly better security on Windows 😉

1.2 Linux users – well most of you already know what you’re doing so I’m gonna keep this short. Here are 3 steps for more novice Linux users and 1 for advanced:

  1. Use a popular distro that provides regular security updates and has a 6-9 months release cycle. eg. the multiple flavours of Ubuntu, Linux Mint, OpenSuse, Mandriva, Fedora, CentOS. Always keep your distro up to date! (I run sudo apt-get update / sudo apt-get upgrade every time I log into my Linux)
  2. Use the hosts blocks from stevenblack and optionally ClamAV. Set it up to update and scan automatically. This tutorial shows you how to set it up in Debian based distros.
  3. Use a software firewall. Select one from here that suits you but I recommend using the integrated firewall on your distro, or else (Adv.) use iptables or a dedicated firewall solution eg. SmoothWall
  4. (Adv.) Harden the Kernel. Hardening tutorial for Ubuntu here.

1.3 Mac users – the threats on Linux and Macs get in mainly through infected apps or through internet browsers. Linux and FreeBSD are very secure operating systems (infinitely more secure than Windows) but like all things digital, they have bugs, vulnerabilities and flaws. Apple’s OSX is based on BSD since version X but while its much better than Windows, its far from the security of Linux or Open Source BSD. If I were to put the top 3 most secure OSs out there, then it would be: BSD – Linux – Solaris. Yeah, Windows and OSX are not there, here is why and here and here and finally here. Now my advice for you guys:

  1. Always install ALL updates from Apple. If they release a new cat OS, be sure to be on it (if your hardware allows you to upgrade) as newer OS are more secure than the previous generation. However if your Mac’s hardware doesn’t support the new software, at least upgrade to the latest available OS for your hardware, then follow my advice in this post.
  2. The serious threats on Macs come through your browser and apps. Use the latest version of Firefox for Mac for your OS. Use the latest version of Safari. Configure them correctly (see below my advice on how to configure browsers securely). How to properly clean your mac regularly.
  3. DO use a security suite on yr Mac if you’re not an experienced user, or at least use an antivirus + the built-in firewall. If you choose to install a security suite, then pick one from here (Sophos or BiDefender would be my choice for premium and iAntivirus or Clam as free options)
  4. Take a look at Apple’s own security support page. Report findings if you have concerns.
  5. Keep an eye on securemac.com as they’ll keep you up to date with the latest threats on your platform.

Part 2. How to secure your browser?

At first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, you’ll find “How to force use of 256-bit AES for secure web and secure email”

  1. Always use the most up to date version of Firefox, Chrome, Iridium, Iron, Safari or Opera
  2. Regularly use CCleaner on Windows, BleachBit on Linux and CleanMyMac on Macs to get rid of all temp files, cache, cookies etc
  3. How to automatically clear history in Chrome /Chromium here
  4. How to automatically clear history in Safari here; advanced tutorial for Mac here

Due to the fact that Firefox is the most secure browser, is the one I recommend you to use! Here’s how to configure it:

  1. Set Firefox to always clear your browsing history upon exit. Mozilla instructions here 
  2. Uninstall useless addons and extensions (all toolbars included)
  3. Install the following Add-ons for Firefox: HTTPS Everywhere, Privacy Badger, Ublock Origin and optionally NoScript. Please note that NoScript requires user interaction and manual approval of scripts. However, allow only the scripts from websites you’re familiar with, don’t enable any other ones when visiting websites!
  4. (Adv.) Use the instructions in this article to set your Firefox to use 256bit AES SSL encryption on available sites.

For those of you that prefer Chrome, I strongly recommend you to use Iridium Browser instead, or else Iron. Iridium & Iron are virtually Chrome but with enhanced privacy and no tracking features.

These are the extensions you should install on all Chromium browsers for high security and privacy (Iridium, Iron, Chrome etc): HTTPS Everywhere, Privacy Badger and Ublock Origin.

Part 3. How do you secure your network?

3.1 Basic steps to secure your Internet connection:

  • Use a hardware firewall if you’re open to Internet access due to certain Internet services you provide (you should also be on Linux and take all necessary security measures)
  • Use one of the routers I mentioned above or [highly recommended] one that’s compatible with DD-WRT or Tomato or OpenWrt.
  • Use an interactive software firewall that filters everything and learns from your choices. Comodo, Kaspersky or Eset are good choices.
  • Use OpenVPN for complete traffic security between your machine and any other Internet machines.

3.2 Basic steps to secure your WiFi connection:

  • There are so many tutorials on the Internet on this that I’m not even gonna attempt to write one. I’ll only specify 3 things:
    1. Use one of the routers mentioned that do the job properly, preferably with DD-WRT or Tomato or OpenWrt on it.
    2. Secure your WiFi with WPA2 AES and choose a strong password. Friendly tutorial here.
    3. Enable mac filtering and configure it to allow access only for your devices.

Advanced instructions for Internet Anonymity:

I believe that people have the right to choose to live a private digital life if they really want to. Therefore I will summarise 3 ways on how to achieve real Internet surfing anonymity but I won’t go into specifics. To achieve this, at the very least one must follow my advice above to secure one’s computer.

  1. Install and configure Tor. Heres how
  2. Browse the internet (optional: from within VMs installed) on your computer that is configured to use SSL VPN tunnelling eg. OpenVPN
  3. Feel free to follow my instructions in the post “How to surf (relatively) anonymous in today’s digital world?

Other resources:

 
3 Comments

Posted by on April 7, 2012 in Business, IT stuff

 

Tags: , , , , , , , , , , , , ,