Difference between revisions of "Security notes - security for the everyday person"

From Helpful
Jump to: navigation, search
m (Is it important to use a password manager?)
m (Is it important to use antivirus/malware protection?)
Line 4: Line 4:
 
<!--
 
<!--
  
It tends to help, yes.
+
tl;dr
 +
* It tends to help, yes. It's better than not.  
  
 +
* however, these things tend to work only against known attacks
  
But it's not guaranteed safety.
+
* so thinking it's full protection is arguably ''worse'', or at least no better
 +
: because you will at some time be hit by something new, or some new/different enough variant
  
As an experiment, I disabled antivirus for a while, and automatically became more careful.
 
  
Ans active protection didn't catch any of the three cases I've gotten malware, until after the fact.
 
  
 +
The most likely means of getting malware varies with
 +
: type of person ((dis)trusting of email attachments, sites, etc.)
 +
: type of platform (e.g. things work differently on phones),
 +
: type of target (most things cast a wide but easy net. Being targeted makes things more dangeerous)
  
Malware in downloads from sites it turns out you can't trust are not ''too'' common,
+
 
and there are arguably more cases where you install "tools" that are ''technically'' legal
+
Whether it's from
 +
downloads,
 +
browser plugins,
 +
email attachments,
 +
or even modems{{verify}}
 +
 
 +
 
 +
 
 +
There are also things that isn't illegal but still not what you wanted.
 +
Particularly adware skirts that boundary.
 +
 
 +
There are also a lot of cases where you install "tools" that are ''technically'' not malware
 
but still phone home what you don't want.
 
but still phone home what you don't want.
  
These things can help against some cases, like some known phishing attacks,  
+
 
but thinking it's full protection is arguably ''worse''.  
+
----
 +
 
 +
Depending on how easily your "wait hmm" sense is triggered,
 +
malware in downloads from sites it turns out you can't trust are not ''too'' common.
 +
 
 +
 
 +
I'm a moderately wary home user most of the time.
 +
Active protection didn't catch any of the three cases I've gotten malware, until after the fact.
 +
 
 +
As an experiment, I disabled antivirus for a while, and automatically became more careful.
 +
But I know that that would disappear over time.
 +
 
 +
 
 +
----
 +
 
 +
Companies may care to think about this more specifically now.
 +
 
 +
remember that it is often better not to protect the machine but to protect data on that machine, via some sort of isolation.
 +
 
 +
Consider, for example, what ransomware can do to you. And how you might nullify its effect (e.g. good backups can go a ''long'' way).
  
  
Arguably, the better way to do security is not to protect the machine but to protect data on that machine, via isolation.
 
 
This is easier to do on servers, though (where it is more obvious what to isolate, and being a little draconian is understandable) -- and not on workstations, where we expect we can do everything to everything.
 
This is easier to do on servers, though (where it is more obvious what to isolate, and being a little draconian is understandable) -- and not on workstations, where we expect we can do everything to everything.
  

Revision as of 14:29, 27 September 2021

Security related stuff.

Practical


Theory


Unsorted

Is it important to use antivirus/malware protection?

Is it important to encrypt my phone?

Is it important to use a password manager?

Is it important to use a VPN?

Is it important to use secure mail?

So these messenging apps are the end-all then?

Laptop hard drive encryption

Practical side

A note on speed

Techical side

Drive encryption and TPM