Simple ways to keep your computer more secure

Making your personal computer or laptop completely secure may not be realistic, but there are several fairly straightforward things you can do to make it a lot more resistant to attack. And yes, if you’re on the Internet, your computer will be attacked sooner or later. Probably sooner. Of course, even if you follow all of these suggestions, you still won’t be completely immune to attack, not the least of which because I’m sure I’ve overlooked other important things to think about, but you’ll be in much better shape than most of the other computers that are out there.

Essentials

Keep your software up-to-date. All modern operating systems, as well as an increasing number of applications, are able to automatically check for and install updates. This is good. Often, those updates include security patches to fix vulnerabilities. The sooner you can get those vulnerabilities fixed on your computer, the smaller the window of opportunity for an attacker. Your computer wants to take care of this for you, so let it.

Don’t run as an Administrator-level account. Yes, yes, it’s your computer, of course you’re the administrator and should be able to do whatever you want with it. But the vast majority of the time, you’re not doing anything that actually needs administrator privileges. The problem is, if you’re running as an administrator, then so are all the programs you’re running, and if any of those get compromised, the attacker can easily get full control of your computer. Running as an ordinary user won’t stop you from getting attacked, but it will make it more difficult for a successful attacker to get control of your computer. As a side benefit, it also makes it more difficult for you to accidentally break something important. Those rare time when you do need administrator privileges, then go ahead and log into the administrator account, do what you need to do, then log back out.

If you’re not doing both of these two things, you’re living dangerously, and it’s only a matter of time until you suffer the consequences.

Important

Don’t hook your computer directly to the Internet. That consumer-grade home router is actually doubling as a hardware firewall, blocking attempts coming from the Internet to initiate a connection with your computer. This makes it a lot more difficult for something on the Internet to exploit a vulnerable service on your computer that you might not even be aware is running.

Run a firewall on your computer. No, this isn’t redundant with the above suggestion, especially if you have a laptop. Your home router isn’t going to be able to protect you when you take your laptop somewhere else. A firewall running on your computer isn’t as robust as a separate hardware device, but it’s a lot better than nothing when you’re connecting to someone else’s network, especially if it’s some sort of hotspot or public network where you have no idea who else might be on the same network.

Run an ad-filtering extension in your web browser. What does this have to do with security? It’s not unheard of for attackers to create ads with hidden malicious payloads and have them hosted by advertising networks. By blocking ads, you prevent this type of attack from succeeding, even if your browser is vulnerable to the exploit being used. As a bonus, you won’t have nearly so many ads distracting you when you browse the web.

Run antivirus software and keep it up-to-date. Antivirus software is far from being a silver bullet when it comes to protecting your computer; it’s far more effective to prevent something malicious from getting onto your system in the first place (as the rest of my advice up until now has aimed at), but there is value in being able to detect and remediate attacks that do make it onto your computer. Just don’t count on antivirus as your single line of defense; its biggest weakness is that it’s only able to protect against specific attacks that are already well-known.

Encrypt your laptop’s hard drive. Encrypting your hard drive helps limit the damage you’ll suffer if your laptop gets stolen while it’s powered off. The thief will have your laptop, but he or she won’t be able to read any of the information stored on it, and most of the time the information is far more valuable than the hardware itself. Do keep in mind that hard drive encryption only helps in this scenario; if the laptop is on, or asleep, or hibernating, the decryption key will still be in memory, allowing the computer to easily decrypt the disk’s contents on demand.

All of these I only call “important” instead of “essential” because each mainly addresses only particular types of attacks, whereas the “essential” tips provide much broader coverage. Still, you should follow them unless you have a compelling reason not to.

Advanced

Use NoScript or a similar JavaScript-whitelisting extension in your web browser. OK, this one isn’t quite so simple, but it provides a lot of security against malicious websites, so it’s worth mentioning. Firefox’s NoScript extension prevents JavaScript code from running in your browser unless it comes from one of the servers on its whitelist. After you first install it, you’ll need to tell it which servers to whitelist. This is easy to do while you browse; whenever a script gets blocked, NoScript will unobtrusively offer the option to add the server to the whitelist.

Pretty soon after you start using NoScript, your whitelist will have grown to include all the sites you visit regularly, so you won’t notice anything different in your day-to-day browsing. So what’s the point? A common attack against web browsers is to upload malicious JavaScript code to some server they control, then attack a bunch of popular websites to include a link to the malicious code. With NoScript, that malicious code on the attacker’s server, which you’ve never heard of and thus have not whitelisted, will not run, and so will never have a chance to try to attack your browser.

I list NoScript as an “advanced” technique because not only does it take some work to set up, but you’ll find that a lot of websites stop working correctly if JavaScript is disabled. A few times I’ve even encountered cases where shopping transactions ran into problems when the storefront redirects to a third-party processing server that blindly assumes you have JavaScript enabled and fails silently if you don’t. So, NoScript isn’t a fire-and-forget solution, but it significantly raises the bar for attackers trying to get your browser to run malicious JavaScript, since now they have to get that script hosted on one of the relatively few servers on your whitelist.

Book List – April 2011

Oh yeah, I still have this blog, don’t I? I guess I might as well post about April’s books:

Earth (The Book): A Visitor’s Guide to the Human Race, by Jon Stewart et al, © 2010. Finished April 9.

A mostly comprehensive summary of human civilization, for the benefit of any aliens who happen across our planet after our inevitable demise. Sadly, I’m not sure they’ll have the context necessary to catch most of the humor. Hopefully they will, because then they’ll understand an awful lot more about us. Also, here’s how you can be sure I’m a nerd: on page 223, I readily noticed both that the chess board is improperly set up (the black king and queen are swapped), and that the box art for Metroid II: Return of Samus is improperly paired with a screenshot of the original Metroid, in the section awkwardly explaining to the alien reader about how many of our video games were about us killing them.

The Sign of the Four, by Sir Arthur Conan Doyle, © 1890. (Audiobook) Finished April 18.

The second Sherlock Holmes novel, and works better as a single cohesive story than its predecessor. In this one you get to see Holmes actually working, instead of somehow figuring out the whole thing right away but not telling anyone else until the last chapter or two.

Through the Looking-Glass, by Lewis Carroll, © 1871. (Audiobook) Finished April 18.

The sequel to Alice’s Adventures in Wonderland, though if your only exposure to the Alice stories is through the various adaptations of them, you might not realize that this is a separate story, since pretty much every adaptation takes things from Looking-Glass Land and throws them into Wonderland. I’m looking at you, Tweedledum and Tweedledee.

The Tragedy of Pudd’nhead Wilson, by Mark Twain, © 1894. (Audiobook) Finished April 30.

A slave woman tries to secure a better future for her infant son by secretly swapping him with her master’s infant son. As one might infer from the title, things don’t go quite so well as expected. Today the Chekhov’s Gun established early on is painfully obvious, though given the time the book was written and the time the story takes place, perhaps it wasn’t originally so. Definitely my favorite Twain story thus far.