Simple ways to keep your computer more secure

Making your personal computer or laptop completely secure may not be realistic, but there are several fairly straightforward things you can do to make it a lot more resistant to attack. And yes, if you’re on the Internet, your computer will be attacked sooner or later. Probably sooner. Of course, even if you follow all of these suggestions, you still won’t be completely immune to attack, not the least of which because I’m sure I’ve overlooked other important things to think about, but you’ll be in much better shape than most of the other computers that are out there.

Essentials

Keep your software up-to-date. All modern operating systems, as well as an increasing number of applications, are able to automatically check for and install updates. This is good. Often, those updates include security patches to fix vulnerabilities. The sooner you can get those vulnerabilities fixed on your computer, the smaller the window of opportunity for an attacker. Your computer wants to take care of this for you, so let it.

Don’t run as an Administrator-level account. Yes, yes, it’s your computer, of course you’re the administrator and should be able to do whatever you want with it. But the vast majority of the time, you’re not doing anything that actually needs administrator privileges. The problem is, if you’re running as an administrator, then so are all the programs you’re running, and if any of those get compromised, the attacker can easily get full control of your computer. Running as an ordinary user won’t stop you from getting attacked, but it will make it more difficult for a successful attacker to get control of your computer. As a side benefit, it also makes it more difficult for you to accidentally break something important. Those rare time when you do need administrator privileges, then go ahead and log into the administrator account, do what you need to do, then log back out.

If you’re not doing both of these two things, you’re living dangerously, and it’s only a matter of time until you suffer the consequences.

Important

Don’t hook your computer directly to the Internet. That consumer-grade home router is actually doubling as a hardware firewall, blocking attempts coming from the Internet to initiate a connection with your computer. This makes it a lot more difficult for something on the Internet to exploit a vulnerable service on your computer that you might not even be aware is running.

Run a firewall on your computer. No, this isn’t redundant with the above suggestion, especially if you have a laptop. Your home router isn’t going to be able to protect you when you take your laptop somewhere else. A firewall running on your computer isn’t as robust as a separate hardware device, but it’s a lot better than nothing when you’re connecting to someone else’s network, especially if it’s some sort of hotspot or public network where you have no idea who else might be on the same network.

Run an ad-filtering extension in your web browser. What does this have to do with security? It’s not unheard of for attackers to create ads with hidden malicious payloads and have them hosted by advertising networks. By blocking ads, you prevent this type of attack from succeeding, even if your browser is vulnerable to the exploit being used. As a bonus, you won’t have nearly so many ads distracting you when you browse the web.

Run antivirus software and keep it up-to-date. Antivirus software is far from being a silver bullet when it comes to protecting your computer; it’s far more effective to prevent something malicious from getting onto your system in the first place (as the rest of my advice up until now has aimed at), but there is value in being able to detect and remediate attacks that do make it onto your computer. Just don’t count on antivirus as your single line of defense; its biggest weakness is that it’s only able to protect against specific attacks that are already well-known.

Encrypt your laptop’s hard drive. Encrypting your hard drive helps limit the damage you’ll suffer if your laptop gets stolen while it’s powered off. The thief will have your laptop, but he or she won’t be able to read any of the information stored on it, and most of the time the information is far more valuable than the hardware itself. Do keep in mind that hard drive encryption only helps in this scenario; if the laptop is on, or asleep, or hibernating, the decryption key will still be in memory, allowing the computer to easily decrypt the disk’s contents on demand.

All of these I only call “important” instead of “essential” because each mainly addresses only particular types of attacks, whereas the “essential” tips provide much broader coverage. Still, you should follow them unless you have a compelling reason not to.

Advanced

Use NoScript or a similar JavaScript-whitelisting extension in your web browser. OK, this one isn’t quite so simple, but it provides a lot of security against malicious websites, so it’s worth mentioning. Firefox’s NoScript extension prevents JavaScript code from running in your browser unless it comes from one of the servers on its whitelist. After you first install it, you’ll need to tell it which servers to whitelist. This is easy to do while you browse; whenever a script gets blocked, NoScript will unobtrusively offer the option to add the server to the whitelist.

Pretty soon after you start using NoScript, your whitelist will have grown to include all the sites you visit regularly, so you won’t notice anything different in your day-to-day browsing. So what’s the point? A common attack against web browsers is to upload malicious JavaScript code to some server they control, then attack a bunch of popular websites to include a link to the malicious code. With NoScript, that malicious code on the attacker’s server, which you’ve never heard of and thus have not whitelisted, will not run, and so will never have a chance to try to attack your browser.

I list NoScript as an “advanced” technique because not only does it take some work to set up, but you’ll find that a lot of websites stop working correctly if JavaScript is disabled. A few times I’ve even encountered cases where shopping transactions ran into problems when the storefront redirects to a third-party processing server that blindly assumes you have JavaScript enabled and fails silently if you don’t. So, NoScript isn’t a fire-and-forget solution, but it significantly raises the bar for attackers trying to get your browser to run malicious JavaScript, since now they have to get that script hosted on one of the relatively few servers on your whitelist.

One Response

  1. Or you could use a real operating system where ‘administrator-level’ means ‘has the capability of escalating individual processes to admin given a password prompt’ and not ‘always runs as root.’

Comments are closed.