How Do YOU Establish a Secure Computing Environment?

sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted? Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"

Block optical signals with hostfile

There is no shame is using a hosts file to block optical signals. I have a foolproof list that blows away troll arguments that say otherwise.

P.S.=> There's other methods also, via native to OS tools for network-wide propogation of fresh clean updated hosts files that program yields IF you only installed it on a "central server" for clean hosts for all nodes/workstations/servers:

I.E.-> Centrally managed hosts files? Easy as pie via logons scripts, or parse of autoexec in Windows @ bootup via GPEdit & group policies company-wide!

OR

Using taskscheduler on each workstation/server node periodically

P.P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):

http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.apkgoatsestylepersonalpics.com/hostsfiles.htm
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)

Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy! ... apk

P.P.P.P.S.=> There you go... it all works, GUI easily from my app, all the way out to any endpoint PC/Server on a LAN/WAN even... often as you like & CLEAN/FRESH too!

P.P.P.P.P.S=> It's good "layered-security"/"defense-in-depth" & does things AdBlock, DNS, & even firewalls can't (like speed up access to fav. sites + make them reliable in the event of DNS poisoning redirects or being "downed" even...) & gets P.P.P.P.P.P.S.=> back SPEED/BANDWIDTH users pay for out of pocket along with their POWER BILL too...

P.P.P.P.P.P.P.S.=> I skipped P.P.P.S=>

Move to a Democratic country

[onebeaumond]

and work to keep it that way. Security is a political state, according to most experts (Schneirer et al). And yes, "reducing the size of government" in a democracy means reducing that democracy.

Re:linux

[ArchieBunker]

Oh right linux makes you immune from things like buffer overflows or user assisted attacks.

Re:erroneus (253617) FatASS needs PIZZA

[Nimey]

Your trolls are an enormous waste of time, but I still laughed because of your devotion to duty.

Re:erroneus (253617) FatASS needs PIZZA

You are determined aren't you?