Security Best Practices

Introduction

Securing your computer is a complex issue. Possible measures are endless, and many of them impose some restrictions on the legitimate user, which means there is a tradeoff between security and usability. Couple that with the fact that some measures require expert knowledge or complicated configuration, and it becomes obvious that it is hard for me to present a list like the one below. Not only do I have to concentrate on a single aspect of security, but such a list cannot possibly be complete. What I can do however, is to try and establish a baseline that I believe provides an acceptable basis, is general and easy enough so that I can recommend it to most end-users, and leaves most of your freedom/comfort intact so that you aren't scared away by the downsides. I strongly recommend everybody to adhere to as many of these practices as they can, because the list below is not nearly all that you can do to protect yourself, but merely a good start.

Tip #1 – Keep your software updated

After your OS and your software are installed, they should stay regularly updated. Turning automatic updaters on in your applications (or simply not turning them off) is a seamless and frustration-free method of making sure you are always up to date. While this advice pertains to all software, some software stand out with their importance: The operating system, the internet browser, and your e-mail client (if you use an offline one). It is especially important to keep these updated with the latest security fixes as they provide the largest and most common attack surfaces. However frustrating this may be, this also means updating or even reinstalling your operating system when it has reached end-of-support in its lifecycle. In particular, as of january 2020, you should not be running a Windows version older than Windows 10.

Tip #2 – Get a router, it is kind of a hardware firewall

For your home, get a router if you don't already have one. Better routers have very good firewalls with sophisticated features, but even cheap ones provide good inbound protection due to the way they do their so-called NAT. They will protect you against many attacks even when all your PC's defenses are down. Besides, a router is a requirement anyway if you need multiple devices at home connected to the internet. Depending on what kind of internet connection you have, your provider might even be making you have one (in which case they throw one at you for free). Routers sometimes impose some extra configuration upon you for a small number of applications, but since these devices are so common, guides are plenty on the internet to help you out in those cases.

Tip #3 – You also need a software firewall

This is where TinyWall comes in. Most firewalls in routers can only filter inbound connections, but even those that can filter outbound are absolutely incompetent to differentiate between two applications if they use the same port. Which means in that case they will be unable to tell your browser from malware! Software firewalls can do this differentiation. If you think it is already too late when infected, think twice. Even after you get infected, an outbound firewall can limit the activation or spread of the virus inside your computer (by disallowing control connections or the download of additional malware modules), or prevent it from spreading onto your network. Also, don't just think of malware. Privacy is closely related to security, and pretty often limiting even legitimate software is part of protecting your privacy.

Tip #4 – Disable AutoRun/AutoPlay

This tip is actually kind of outdated because this is already the default configuration in newer Windows versions. But I'm still including it in this list because there are enough people in the world using old Windows versions. Disable Windows' autorun function. See this article about the necessary steps. It protects you from your friend's or colleauge's infected USB drive who didn't even realize yet he has malware on it. This tip is even more important for those among you with laptops, as you probably use it in public or crowded places sometimes.

Tip #5 – Antivirus are relics, but still useful

No matter what a company tells you about how advanced their antivirus technology is, antivirus software are just plainly stupid. I mean, not their principle or goal, but the way they try to detect malware. Cannot be helped, that's how current state of the art is. While one can be significantly better than others, all of them are primitive and anything else you hear is just marketing. Chances are you have already heard others say, malware and antivirus are a cat-and-mouse game. This is nothing new and has always been the case, but with the internet getting as ubiquitous as never before, innovations in antivirus technology basically non-existent, and the number, sophistication, and even funding of malware exploding rapidly, the cat is more and more behind the mouse. Get an antivirus if your computer's performance can afford it, it doesn't hurt (*cough* usually). An antivirus is a useful layer in your computer's security, but don't overestimate its value. If you rely solely on an antivirus as your only line of defense, your computer's security is pretty bad.

Tip #6 – Choose your passwords well

Current research indicates, any password should be at least 8 characters long. Try to have lower- and upper-case characters in it, as well as numbers. Never make personal information (like your birth date or address etc.) part of your password, because as unlikely as it may seem, an attacker probably already knows these, and variations of these are gonna be among the first things they try. Oh, and do not use the same password everywhere. Everybody knows that good passwords are hard to remember and annoying to type in, but they are important. To ease your burden, use a password manager like KeePass. It will generate good passwords, remember and organize them, and will even type them in for you when asked. That way you only have to remember a single password (but be sure to keep it very safe), and the rest won't be a hassle anymore.

Tip #7 – Use your common sense

Possibly the most important advice I can give you. That's right, if you decide to implement only one thing from this list and none more, make it this one! The rule is simple: read, think, decide. Most security breaches are due to user error or oversight at their core. Take anything you see in internet ads with a grain of salt (or better, just ignore them completely). Deals that are too good to be true are not true. Remember that the "From" address in e-mails is easily spoofed, so don't trust it. Don't open any document or executable from your e-mails unless you've been expecting it. Also don't download or start an executable if you've been expecting a document instead. Carve it deep into your mind that a legitimate institution, company, or website never-never-ever asks you in mail for a password. Does a mail look different than it normally does? Did you just win an online lottery but you need to enter your credit card details first? What's the chance of an oil billionaire wanting to give you some of his shares? Read, think, and don't be naive.