How Do YOU Establish a Secure Computing Environment?

sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted? Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"

linux

[blackC0pter]

i actually run linux on the desktop to help stay secure and don't pirate software. Add some ufw firewall rules and a router based firewall and you can survive most non-local (in the room) attacks.

Yes.

[neoshroom]

Do Windows, OSX, and Linux have security holes?

Yes.

Does Windows supply a backdoor for the U.S. or other governments?

Yes.

Should you really trust your Linux multiverse repository?

No.

Do Google and Apple data mine your private mobile phone data for private information?

Yes.

Does Ubuntu's sharing of my data with Amazon compromise my privacy?

Yes.

Can the U.S. Government seize your cloud data without a warrant?

Yes. (The U.S. government can do anything. Your only recourse if they do something wrong is to sue them. Suing them typically takes years of time and hundreds of thousands of dollars for you. Thus, in a practical sense no one really has any firm rights any longer because the system in charge of correcting breaches to those rights is not accessible or swift for an average citizen using it.)

Can McAfee or Kaspersky really be trusted?

No.

Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD?

Use FreeBSD or other extreme minority operating system.

Is it safe to buy a PC from any manufacturer?

Not any, but likely most.

Is it even safe to buy individual computer components and assemble one's own machine?

Again, usually it would be. It seems like software is typically the vector of attack. Hardware much less often comes with built-in vulnerabilities.

Or might the motherboard firmware be compromised?

Less likely than the OS, but remotely possible from some manufacturers.

What steps can one take to ensure a truly secure computing environment? Is this even possible?

Don't connect your computer to the Internet. Even if the OS is hacked, the motherboard firmware is hacked and the hardware itself is hacked, it doesn't matter if nobody can access it but you.

Can anyone recommend a through checklist or suggest best practices?

http://lmgtfy.com/?q=secure+hardware+and+software+computing+checklist

__