PC Security Setup
Security on the internet is becoming a bigger and bigger issue lately. Here are some of my recommendations for staying safe.
1) Protection against malware:
This is the first step in security. This ensures your machine isn't hijacked with keyloggers/webtracking/etc making all other protection useless.
- Spybot S&D - Great detection product. Running the Immunize option will also prevent future infections before they happen.
- Spywareblaster - Great preventative measure to run in combination with spybot. Modifies hosts file so many tracking/ad garbage is stopped dead before it can even make a connection
2) Browser Security:
With the amount of garbage going around the internet proper browser security is essential.
- Do Not use Internet Explorer. IE is integrated into windows so the potential for hijacking is high. I always recommend using firefox.
- Update flash player. Something commonly overlooked but adobe flash is ripe for exploits. Your version number on the linked page above should always be the latest.
- Run windows updates!!! The second tuesday of each month is patch tuesday. This is when microsoft puts out the latest security updates for windows. Once you start falling behind your asking for trouble
2.1) Firefox Plugins for security-
Here are the list of firefox add-ons I use for protection everyday. For the most part these are considered n00b friendly and will not interfere with everyday use.
- HTTPSEverywhere - Tool by the EFF to force SSL encryption on major websites. Great if you don't trust your ISP/use unsecured wireless/are paranoid. You can write your own custom rulesets by following this guide. You can also use some rules I'm using below:
- TACO - Targeted Advertising Cookie Opt-Out. Stops most targeted webads/webtrackers from logging information on you. Works even if you clear cookies/run in private mode.
- BetterPrivacy - Gets rid of "supercookies". These are newer Flash LSO's that will remain even if you run in private mode/clear cookies/etc.
- AdBlock PLUS - Gets rid of majority of annoyances. It does affect revenue for some webmasters so it is frowned upon but it does give a much cleaner browsing experience.
3) Stop your Local PC from spying on you:
This section is also referred to as "Anti-Forensics" This is for the super-paranoid/shared-family-pc users
-
Clean out old histories. There are things your PC is logging that you don't even know about. Run a program like CCleaner or BleachBit. Be careful with these if you don't know what your doing.
- Run XP-Antispy. This has many options to disable integrated windows tracking. Don't be fooled by the name, it works on XP or higher. Make sure if you run the MSI installer you do not install the sponsors!
-
Disable UserAssist. This is the recently used program list. It keeps track of time/date programs were executed. Windows7 also has the option visible if you right click on the start menu bar and go to properties, click on the "Start Menu" tab and go to privacy. Uncheck both options.
4) Encrypt your wireless networks
Not much to say on this subject, but unless you want anyone sitting around your house to have access to all of your non-HTTPS encrypted traffic secure your wireless router with WPA2 AES encryption if possible.
DD-WRT firmware is available for most linksys routers and is highly recomended.
5) P2P download programs
This is mostly going to focus on torrents seeing it is the most common download method nowadays.
- Use an off port for your torrent downloads. If you use the default ports 6881-6889 it is a dead giveaway what your doing. Some clients such as utorrent even allow to use a random port each startup.
- Encrypt Torrent Traffic - This gets around trafficshaping/other monitoring your ISP may be doing. It does add some overhead and could slow speeds down but is well worth it.
- Use a ipfilter - Most common torrent clients allow for use of an ipfilter.dat file. This blocks known "bad ip ranges" of spying agencies. The linked site has a tool that will automatically update you when run it.
6) Change your DNS Server
Some ISPs have been known to hijack DNS requests. This scares the crap out of me, who knows what else there doing or logging. When setting up your router I always recommend using alternate DNS. Here are a list of the common ones:
- 8.8.8.8
- 8.8.4.4
Level3 DNS
- 4.2.2.1
- 4.2.2.2
- 4.2.2.3
- 4.2.2.4
- 4.2.2.5
- 4.2.2.6
7) Change your browsing habits
Even after following all of the steps above sites will still log your every click.
- Googles motto is "Do No Evil". Although I do trust them will all my data they do have a pretty strict data retention policy. Any query you search for will be trackable back to you for 9 months. Similarly, microsoft has a 6 month log, yahoo 3 months. (Source). If you are searching something you do not want logged consider using an anonymous search engine such as IXQuick.
- Facebook - Don't be an idiot - Consider anything you post on facebook public information regardless of your security settings. Facebook also keeps server logs of IP Address for 90 days and will give this data up pretty freely.
If you have done all of the tips above but are still concerned with your privacy use torbutton along with TOR. Onion routing with all the options above will give you pretty rocksolid security/anonymity