Updated date:

IT for Mere Mortal - Securing Your Machine

Author:

A systemsitter, wordbender, framebender, streetwise dhamma monk and a starfleet officer.

it-for-mere-mortal-securing-your-machine

Security, philosophically...

That's how you get to the bottom of things and come up with something that works yet... a lot less time sensitive - solve it at the root.

I am going to start by a grim fact - security is a myth.

Think about it. Only safe way to protect is to unplug the machine, lock it in a safe, buried it in the dessert (pop quiz, why dessert?), and throw away the key. Yet we rely on machines we called SERVErs. We locked everything but expect to get emailed from ANYbody and hate when our social media status didn't reach EVERYbody. The whole think is build to be accessed !

So sleep on it...

Do you think you are safe NOW ? As you read this article ?

Start using strong password...

Strong password is one that :

  • longer than 8 character
  • consist of lower capital and capital
  • consist of alphanumeric and numeric

for the paranoid one you can add :

consist of symbols

Confused ?

Check out my article about strong password

Create as many profiles as needed....

Most common mistakes people do is they play with the pc with their admin account. I know it is cool when you can commit all the seven deadly sins and the machine goes along with it... but their lies the danger and it comes in two fold :

  • When you do mistakes and you will, you do it at the admin level
  • When you got infected / pawned, the bad guy seize the admin rights.

Uh huh... cheeses friggin fries, right ?
So stop it.

Create at least two profiles - admin and not admin (that's the regular YOU!). If the machine is shared with many, create profiles as many as the people excluding the admin profile. This help in two fold too :

  • Since it is rarely use (and you don't forget the password!) you get better chance at fixing things.
  • Everybody is at their own risk. You don't have to worry about that one friend who is totally oblivious of security. His mess stays with his profile.

Here's how....


Password protect the BIOS...

When you start your computer the machine will follow a setting on what to read first. THAT setting is on the BIOS. Protect it.

Why ?

Because operating system (like windows, linux etc) can be started from external devices (like usb stick, ext HD...etc). If that happened, your machine is no longer yours.

Here is how you do it...


Never save anything...

This is actually not about your machine but since it is the browser ON the machine it is often used to exploit your machine so, relevant.

You know how the browser you use to surf the internet kind of sense your frustration of typing your password and *gasps* details like phone no, address...etc and offer to help by asking if you want to save those details so the browser can remember it ? It should be obvious.

Say no. ALWAYS.

If you say yes, those sensitive things you get scared when people asked you upfront will be saved on that browser somewhere asking to be found.

This is good not just with the browser but ANY apps including windows itself. That lil checkbox under login screen is so tempting but no.

ALWAYS, say no.

When it comes to password there are other damaging consequences :

  • you will forget the password cause you never type it anymore
  • anybody have a physical access to the machine can login.

Yes... another cheeses friggin fries.

Create restore point

There is a feature built-in windows that allow you to record your current configruation so you can comeback to it later. So if you do that when everything is running well when things go haywire in the future you can restore it to the good condition. Hence the feature name restore point.

The thing is, it is basically means it save stuff. Hence it will consumed spaces so don't go crazy and create it every hour. Do it just before you do major changes like :

  • deleting stuff
  • installing stuff
  • uninstalling stuff
  • experimenting with anything

Do a search (Ctrl-Q) with "restore" and it will pop out on the menu for you to set. Needless to say you need to logon as admin.

Here is how....

Update, update.... UPDATE !

This can not be over stressed. It is one of the key this article will work timelessly - you keep up with the time. Vendors both hardware and software hates security breaches, it makes them look bad. So trust them.

If either your OS (windows or eveything else) or your hardware (Lenovo, HP...etc) pop up something that says they need to update do it.

But due diligence are :

  • Verify if it is legitimate. If it is a mail notification it usually is bogus. System update usually go through the OS notification system. If you are not sure ask around. Or launch the update apps manually
  • Manage the when. It usually takes a lot of time and need to restart so if you are in the middle of something it's ok not to do it right away, but always do it. Pick a good time and go through with it

I am gonna end this article with a good news.

Windows has finally come up with a pretty decent antivirus that you can rely on - Windows Defender. Just never miss updating it.

Related Articles