Know, understand, and protect yourself from the virtual threats lurking on the contemporary Internet with these security tips I’ve put together especially for you, regardless of your system!
We are in the 21st century, we live in a super connected world but there are evils lurking on the internet. And this one I’m going to show you now are the 5 most valuable security tips, regardless of the operating system you use, be it Windows, MacOS or Linux. At the end of this article, I will mention the special tips for Android devices.
– Ah, but Linux is 100% secure.
Forget this phrase. I have already published here on the site a relatively extensive list of viruses, malware and other evils that have infected Linux server systems!
What makes a system more or less secure is the user who uses it. Negligence, outdatedness, obsolescence, all count for points in the digital security stakes. An obsolete Linux system, of a version no longer supported like Ubuntu 12.04 for example, just like Windows XP, will be absurdly vulnerable in the current context.
Using modern systems (Ubuntu 16.04 or higher, or even a rolling release distro like Manjaro), using Windows 10 and keeping it up to date (even if it is a null to update it every day with its updates that force you to reboot) are minimal measures to have a more secure computer.
Obviously we have more in-depth manual/technical measures to guard yourself while using the computer and here are the best tips!
The first tip is Tip Zero, which is as essential as the others. All the dangers of your home or even business network reside in your modem!
A modem that is obsolete, outdated, with default users and passwords (admin, admin), and/or with ports unnecessarily open, are a real danger to any system on that network.
Always check, with some periodicity, if:
- Your modem has a non-standard login user and password admin/admin etc. If necessary, change and write down the new password in a safe place.
- If your modem has external access permission. 99.9% of home modems have this feature disabled by default, but if you are one of the 0.01% that has or needs to adjust the modem remotely, think again!
- If possible, keep your modem with the most up-to-date firmware. Contact your ISP about the possibility of upgrading the system. – Usually fiber modems are already upgraded periodically; just check with your carrier.
- Check who is on your LAN and which devices make use of PPPoE – This is an automatic port access feature often used by camera DVRs. If possible, disable this option and manually release the modem ports only for the DVR, not for all devices that request the feature.
- Pay attention to your IoT – Internet of Things – devices such as smart light bulbs, Internet access through your refrigerator, a newly connected Raspberry Pi, etc. Check their security and integrity, because there is currently an army of IoT devices zombified by external attacks, which are used by hackers to break into homes and/or trigger DDoS attacks (Denial of Service Attack) on other victims.
- IPTV’s that run on Android are also potential sources of malware, because it is a customized version of Android that may contain virus packages that will be ready to attack devices on your internal network. I did not claim that all TV Boxes are malware, but there are devices and devices and of course every care with these, will be little.
Remember, it is not enough for you to just be a careful user of what and where you browse, but also be a conscientious user who knows the passive risks of a problematic modem.
Disabled by default in many Linux distros and neglected by Windows users who like to play online games and/or make use of specific features of certain programs, the firewall is the first and most basic line of defense that will protect you from unauthorized access to your machine.
If you have the firewall disabled in Linux, configure IPTables and/or UFW to enable it, while in Windows, open the control panel and enable the firewall.
– Ah but I need ports 8080, 5000, 443 and 2323 for a certain application to work.
Ok, so patiently open your firewall and give port-by-port permission to what the application requires. Simply removing the firewall to “have more peace of mind” does not help you at all in “peace of mind against remote attacks”.
Remember that a computer virus can enter your LAN network in n ways, from an infected Android to your cousin’s laptop that was connected to your Wifi. A good firewall will bar any* attempt to spread malware over your network, saving you headaches.
As previously mentioned, I must emphasize the importance of keeping the system up-to-date. Any new vulnerabilities that are discovered, whether for Windows, Linux, or macOS, usually do not take long to be fixed and reach the users in the form of system updates.
So don’t hesitate, at least once every 15 days, to keep your system updated with the latest updates.
– Ah but Windows 10 has annoying/delayed updates that I preferred to disable.
No matter! Unfortunately that’s the way the system is and you need to keep it safe, or you will fall in the same graces as the users who shout “Windows is too insecure” but are negligent and keep it outdated on purpose. Or do you want to be the next victim of a new wave of WannaCry like the one that happened a while ago?
3 Primary Defense
If you use Windows 10, keep Defender up and running! The new versions of Windows Defender are less aggressive with the system while being more aggressive against viruses and other threats. As with the firewall, you should not disable it completely, but keep in the Exceptions only the applications you need.
In Linux it is similar, we have APPArmor, SELinux and even ClamAV. The first two are for the integrity of your system, so have at least 1 of them configured. ClamAV is for you not to be a vector for viruses that can spread in your LAN infecting other machines. It is essential for those who use dualboot or even many applications in WINE.
4 Be Careful with your Downloads
Whether it is a simple .pdf via e-mail, or an interesting program from baixaki.com.br, be doubly, indeed triply, attentive to what you download.
In Windows the threats are hidden in Excel spreadsheet macros and Word documents, which need only to be opened and you are already infected. While in seemingly intact .exe files there are Trojans, full of threats waiting for the careless click.
On Linux you can download an unsigned .rpm or .deb package with a rootkit (malware that infects the kernel) without knowing it. Be aware of the sources you download and be suspicious of any unknown sources (updated files on 4Shared, torrents, etc). If possible, always use the official repository and always check the MD5 or other hash of the downloaded file, including system images!
Within that session, don’t forget where as and when you use your browser Add-ons. Avoid installing anything outside of the official Google Add-ons store, Mozilla and others, always checking their authenticity and what they actually do.
5 Watch Where You Surf
Viruses that hide in ordinary websites are rare, but not impossible to find.
We already have some multi-system Java malware, that is, malware that detects and infects Windows or Linux, regardless of where it is running.
Okay, I mentioned the 5 safety tips. But at this point you will ask me:
Where is the antivirus?
I didn’t cite any, because I consider them a ULTIMATE line of defense. I would put them in a hypothetical item 11.
As good as antivirus is, its job is to do what all of the above do and a little more besides. But at the moment of infection, at the moment of terror, it is the first to succumb, leaving the system at the mercy of all the evil that a virus can cause. Never blindly trust an antivirus, be yourself the main line of defense!
Android is a very curious case, because it is a system made under the Linux kernel but highly vulnerable. This is due to the fact that manufacturers disregard item 2 above, while users usually neglect items 4 and 5 above even if they don’t mean to. In other words, we see highly obsolete Android devices still on the market – with old versions of Android and/or running under an obsolete customized version of the Linux kernel – that do not receive updates from Google, the manufacturer or even the Linux Foundation. Through no fault of their own, users can’t update unless they root the device, which is counter to being user-friendly and accessible to everyone.
The result of this, coupled with Google’s negligence with the PlayStore, while coupled with users recklessly downloading .apk files from unknown sources, could only result in the extremely high number of mobile device infections we have seen lately. Even though Windows has its share of vulnerabilities, Android has surpassed Windows in number of users and proportionally in reported unfixed flaws.
These were the most important safety tips that I always recommend to my clients and friends.
Not enough? For those more security-minded, here is a collection of 40 security tips for sysadmins to apply to their home or corporate networks!
Remember: You can’t be too careful when you are insured. A safe computer is one that is unplugged.