On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. One of the questions he’s planning to ask: How can I know how secure my home computer is?
I’m going to use this space to elaborate ahead of time on some of the things we are going to talk about. We could talk for an hour on any of the questions he’s going to ask, and he gave me three questions and 25 minutes. This is my workaround.
How can I know how secure my home computer is?
Without professional tools like the ones Qualys sells, you can’t know for certain. That’s why we’re in business. But you can do the right things and then your computer is highly likely to be at least as secure as your work computer, and probably a bit better.
We can look at a computer like a power tool. Modern power tools come with a lot of safety features. The nail gun I bought last year is probably safer than a hammer. Just like we can recognize the safety features on a power tool, we can locate and enable safety features on a computer.
It’s also important to recognize your computer can be very dangerous to you or to others, and to keep these features enabled out of respect for others.
Run a supported, up to date operating system
First things first: Run an operating system that is actively getting security patches from its vendor. If you have a PC, you have three choices, but you probably don’t want one of them. If you have a Mac, you have two choices:
- Windows 7
- Windows 8.1
- Windows 10
- El Capitan
Microsoft publishes its lifecycles. You have until January 14, 2020 to migrate off Windows 7. You have until January 10, 2023 to migrate off 8.1, and October 14, 2025 to migrate off Windows 10. Windows 7 is fine for now but be planning. 2020 isn’t as far off as it seems.
Apple doesn’t publish its lifecycles but since 2011 it’s been releasing new operating systems every 12-15 months. Support can vary, but Apple generally limits its updates to the current version and two immediate predecessors. So they support the same number of operating systems as Microsoft is supporting right now, but they release more quickly, so the support lifecycles end up being shorter. With a Mac, you’ll be updating your operating system more often, but for many Mac users, that’s part of the appeal.
Let your computer update itself
There are some people who traffic in bad advice and tell you not to let your computer auto-update. It might break something, they say.
It might. But it’s not common at all. It happens less than once a year, and even then, it always affects small portions of the population.
I updated computers for a living until 2009. I know from experience. There is a small chance that something will go wrong, but it’s much smaller than the chance of being hacked if you don’t. Over the last four years, I’ve seen far more hacking incidents than I’ve seen problems from failed updates.
And while I can’t speak for Apple, if a security patch breaks your Windows PC, Microsoft will help you, and they won’t charge you for it.
Windows PCs will automatically update themselves and they don’t exactly make it easy to disable that feature. If you didn’t make a concerted effort to disable automatic updates, then you didn’t.
Macs also have the ability to auto-update. It’s an option in the App Store preferences. It may or may not be enabled by default. I recommend you enable the option to install application updates automatically and the option to install security updates automatically. It’s up to you whether you want to install operating system updates automatically.
What if I can’t update my computer?
If you have a Windows XP computer, or a Mac running an OS named after a cat, it’s not safe to use on the Internet. Period. But you may have software that won’t run on a newer machine. In that case, just keep that computer off the Internet. Do your web browsing and your e-mail on your new computer.
If that’s your only computer, and you can’t afford $500 for a new computer, pick up an off-lease refurbished computer. ECP Computers in Overland sells them starting at $150. If you don’t live in the St. Louis area, most metro areas have a comparable store that does the same thing.
Keep your software up to date
You also need to keep your web browser, office suite, and other software up to date. Some of it auto-updates. Not all of it, though. So here’s a little help.
My employer, Qualys, offers Qualys Browser Check. You can run it online or install the browser extension. It’s free for you to use at home or at work. Please, download it and use it. I don’t speak for Qualys but it’s safe for me to say we wouldn’t have built this if we didn’t want you to use it. Browser Check helps you make sure your browser and its plugins are up to date, and warns you if it finds problems.
Flexera, another security vendor, offers Flexera Personal Software Inspector. This will update your non-browser software, or warn you if it finds an update it can’t deploy, and provide you a link in a popup. I’ve been using Personal Software Inspector for years. It’s wonderful, and it’s free for you to use at home because they know if you use their software at home, you’ll buy their commercial product for work.
Be careful what software you install
One of the reasons Apple created its App Store was so it could curate software and cut down on malicious stuff. Sometimes someone slips something through, but admittedly it’s pretty rare. Microsoft copied it starting in Windows 8. If you only install software from app stores like the ones from your operating system vendor, or from game publishers like Steam, you’ll be a lot safer.
There is some useful software you have to download directly. Be sure you’re getting it from your publisher’s official source, and if you’re unsure, ask questions before you install.
Consider a dedicated computer for banking
Consider getting a cheap Chromebook to use for banking and paying bills. They cost $150-$200 at the consumer electronics stores. You can pick up a used or refurbished one on Ebay for less than $100, just make sure it comes with an AC adapter. Frequently the cheapest ones don’t.
Use the Chromebook to pay your bills and check your bank balance. Don’t use it for anything else. And don’t use your other computer to ever pay bills again. This way, if your main computer gets infected with something like Zeus that siphons bank accounts, it doesn’t have anything to siphon.
Chromebooks are ideal for this because they’re cheap, Google updates them frequently, and they aren’t designed to hold any data. They’re not an attractive target for an attacker, so people go after other computers instead.
Chromebooks cost money, but they do cost less than getting your bank account stolen is likely to cost you. And the less $200 means to you, the more valuable that dedicated Chromebook can be to you.
And depending on what you actually do with a computer, a Chromebook may be fine as a primary machine too.
One more thing
There’s one more important thing you need to do to keep yourself secure. Don’t pirate software, music, or video files. It’s not hard to embed malicious software in these files, especially software. Buy them from legitimate sources.
I know it’s tempting to go download video of whatever show you missed. We can debate the ethics of it, and admittedly I can see both sides of that argument. I’m also telling you it’s risky, and if you want a secure computer, don’t do it. Watch it from an official source, and if that means paying for it, pay for it.