[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Saturday 14 Nov 2015 08:42:55 Neil Winchurst wrote: > > I recently watched some programs on the TV about scams and such. Scary. > Anyway I do try to be safe online, though my wife thinks I am a bit OTT. I'm minded you sound a little over the top. > Computer. > I use Linux only, not MS or Apple. I don't think OS is that significant anymore. CESG published some guidance where they noted that GNU/Linux distros typically have the edge security wise because they update all apps (assuming you install them via the package manager), but even here you can stick to the various App stores becoming available for other operating system vendors. That said very happy to lose all the crap that shipped with Windows 10 on this box now it has KDE. The issue there is the alignment of values. HP want money for shipping hardware, so shipped all sorts of trial stuff in Windows 10. Debian Jessie folk just want something that works for them. You are ultimately beholden to the OS supplier's security be it free software or proprietary. In some ways Apple and Microsoft are actually better at security. Take for example TLS, both had a better stance than the OpenSSL widely deployed in free software. So aspects of security are boring, and don't attract volunteer effort, so fall to the likes of Redhat and Novell, or the odd obsessive (fortunately we don't know any of them right?). > It is linked to the router by cable, no wifi. > The UFW firewall is on. As Martijn notes WiFi using WPA2 and a good password is pretty good security- wise, subject to who you share it with. I run with open WiFi, but I segregate it from my personal stuff, and I insist all my computers are always capable of standing on their own two feet. So minimal listening services. > I always run any updates. Good. > However, no anti-virus. There is little for Linux, if you keep it patched and keep abreast of what is going on it should be fine. > Email > I do use the spam filter. The really nasty stuff often doesn't look like spam, but is a cut and paste of the text from genuine emails with slightly changed links, which limits what the spam filters can do. Google are exceptionally good as an email provider at removing the garbage. > I am very careful about what links I click on. This one is the only thing that worries me, humans make mistakes. Ideally you want mechanical backup here. The big browsers offer some sort of automated checking for visiting dodgy links, there is some privacy trade-off with some, others download a bunch of suspect sites. Like anti-malware they only spot sites known to be abusive. Avoid anything using Web of Trust (WoT) as they crowdsource badly last time I checked. > Browser > I use noscript, ghostery, AdBlock plus, Privacy Badger > However at the moment I do not use any VPN. > Mostly when browsing I use Duckduckgo or Startpage. I tried DuckDuckGo but you lose a lot of functionality from raw Google. The reason to avoid it is that Google will learn about you or people using your computer from the search terms. Its a trade-off. > Phone > I do have a mobile phone, but it is not a smart phone. Smart phones are cool. You are prising Google Maps from my cold dead hands, and I hardly ever got lost before Google Maps. They are actually pretty good for security as proprietary systems go, although you do need an Android that is patched, or iPhone. > So am I OTT? Or do I not do enough? Slightly over the top except.... Passwords are the big one missing. Use of unique complex passwords on each site, no patterns between sites, no reuse. Enable 2FA where you can (without a smartphone that may require hardware tokens (U2F) and using Chromium....). A smartphone used as a phone and used for Google authenticator and other 2FA doesn't threaten privacy much more than a regular mobile. Will likely leak location data to Apple to Google until you beat it up.
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq