Secure PC

If this is your first time working on a lesson…

1) Please read our FreeFor Ops page.  It will explain the site purpose and navigation, Lesson Outlines and the overarching concept of FreeFor IO.

2) It will direct you to also read the START HERE page, Tenets page and the first lessons.  There are a few lessons ahead of this one.

 

Welcome to Secure PC (L1.4, Lesson ID 0018). This quick lesson will arm you with some (free) Windows programs to help keep your PC secure.

There are several layers needed to secure your PC:digital locks

  • Your behavior and discipline
  • Firewalls (in addition to your router)
  • Anti-Virus
  • Anti-Malware / Anti-Spyware
  • Privacy Cleaners / Secure Delete
  • Disk and File Encryption (to be covered in a separate lesson)
  • Regularly:  Scanning, updating virus / malware databases, updating versions

 

Why is this important? Your PC is where it all begins. It is an end point that needs to be secured. The industry term for this is End Point Security. It is easier to exploit your behaviors and PC than it is to crack encryption or Tor. It is imperative that you keep your PC as secure as possible before we begin the lesson on securing your browser.

Here’s Bruce Schneier commenting on it…(emphasis ours)

TAO (NSA’s Tailored Access Operations) also hacks into computers to recover long-term keys. So if you’re running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.

How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

I believe this is true, despite today’s revelations and tantalizing hints of “groundbreaking cryptanalytic capabilities” made by James Clapper, the director of national intelligence in another top-secret document. Those capabilities involve deliberately weakening the cryptography.

Snowden’s follow-on sentence is equally important: “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Endpoint means the software you’re using, the computer you’re using it on, and the local network you’re using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.

 

Please note that most these are for Windows users. At this time we don’t have access to a Mac for testing, and we’re assuming that if you are using Linux you already are aware of other Linux programs to secure your computing device.  You will find that some products offer versions for Mac and/or Linux as well.

Special Note on Deleting Files:

Note that a number of these tools offer secure file deletion, and the Eraser program is dedicated to this. You should seriously consider secure file deletes for everything except the most innocent files.

Using your Windows system to delete a file doesn’t really delete it. It only removes a pointer to where the file was. The file will eventually get overwritten, but even so, the disk will retain some signatures and parts of the file that may allow it to be recovered. You need to use a secure delete that specifically overwrites the file location, with several (3-35 passes), and can even write garbage over it.

Please go ahead and download these programs and get familiar with them. You should be running CCleaner and BleachBit prior to every computer shutdown, and preferably after every browsing session.  You should also run an Anti-virus and Anti-malware/spyware scan daily.  Some of these programs have duplicate functions, but we often find that programs will scan for different items and it makes sense to run multiple passes with different tools.

The products below are generally regarded by many sources to be some of the best free options in their classes.  Below each tool you’ll find a marketing blurb we lifted from their website or a review.

Firewall software

Comodo Firewall

  • Recent versions of Microsoft Windows include a built-in firewall, which is now turned on automatically. Unfortunately, the Windows firewall is limited in many ways, for example, it does not examine outgoing connections. However, there is an excellent freeware program called Comodo Personal Firewall, which does a better job of keeping your computer secure.  They also offer free anti-virus and anti-malware products.

Anti-virus software

Avast

  • There is an excellent freeware anti-virus program for Windows called Avast, which is easy to use, regularly updated and well-respected by anti-virus experts. It requires that you register once every 14 months, but registration, updates and the program itself are all free-of-charge.  It has fantastic detection rates and some of the best features to play around with. It includes real-time web, P2P, email, instant messaging, network, boot time and behavioral protection. It is also fairly light on resources.

Anti-malware / Anti-spyware software

MalwareBytes

  • Malwarebytes Anti-Malware Free’s industry-leading scanner detects and removes malware like worms, Trojans, rootkits, rogues, spyware, and more. All you have to do is launch Malwarebytes Anti-Malware Free and run a scan.
  • (ffio note – We’ve used MalwareBytes to successfully remove some stubborn virus / malware that was not removed with other programs)

Spybot Search & Destroy

  • If all you require is to be able to scan and remove malware and rootkits from your system. Or if you want to protect your PC by immunizing your browser and hosts file, the ‘Free Edition’ is the choice for you. If you are a more experienced user you can also check various ‘autostart’ locations using the ‘Startup Tools’. Spybot 2 can scan single files or specific folders and unlike other software it doesn’t matter if the file is located on your local drives or on a network share. Spybot 2 comes with its own whitelist which helps to identify if files are legitimate or not. This useful addition helps to speed up the scan.

Combo Product

IOBit Advanced System Care

  • Protect, repair and optimize your computer with Advanced SystemCare Free. Advanced SystemCare Free makes your computer faster and safer with just a single click. It removes spy- and adware, prevents security threads, deletes temporary files and fixes registry errors. Easy, quick and effective.
  • (ffio note – IOBit’s ASC has a huge amount of functionality. Explore the Tool Box)

 

Privacy Cleaners / Secure Delete

CCleaner Free

  • CCleaner is our system optimization system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner.

Bleachbit

  • “Since I started working with Snowden’s documents, I have been using […] BleachBit” — Bruce Schneier
  • BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn’t know was there. Designed for Linux and Windows systems, it wipes clean a thousand applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari, and more.  Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.

Eraser

  • Eraser is a popular, free and secure file deletion software for windows. It is designed to delete files permanently from your disk and allows you to totally eradicate all the sensitive data from your hard drive by overwriting it multiple times. This software will also prevent any attempt of retrieval with the use of disk maintenance and undelete utility. Eraser also comes with a flexible and customizable scheduler to ensure that your system memory is overwritten from time to time to avoid data theft.

 

This is LESSON ID=>0018

Advertisements
4 comments on “Secure PC
  1. PJ says:

    I’m sorry, if you are still on Windows, you are not being serious, about security anyway.

    Go get an old PC and install Linux on it. Look particularly for a distro that emulates the Windows user interface, to keep things familiar. Here is a possible example:
    http://distrowatch.com/table.php?distribution=zorin

    Keep your Windows PC, but try to do the same thing for a while in Linux as you do with your Windows PC. Eventually you will discover, unless you are quite an unusual user, that everything you do in Windows can be done equally well on Linux. Also you will discover how wonderful it is not to have to run virus checkers and spyware cleaners all the time. When you reach that point, turn off your Windows machine.

    • InformOps says:

      Hi PJ,

      Thanks for reading and commenting. First, I fully agree with you. Linux is the way to go, your steps are valid, and you are right that it is easy. I’m glad you posted this comment, it helped me formulate an answer to a critical and excellent point you are making.

      IT is almost never about technology. It is about behaviors, cultures and habits. People resist change and gravitate towards what is comfortable, what they know, and what they perceive as easy. Technology is simply an enabler for reinforcing desired behavior. Remember, Security is rooted in behavior, not technology.

      So, the cat is out of the bag here. We are attempting to change behavior, and using the breadcrumbs of incremental technology habit changes to do it.

      We (the contributors to this blog) have delivered technology solutions for many years to tens of thousands of technical staff…and I can state with certainty that even within a technical population the biggest adoption barrier is culture, behavior and change resistance.

      None of what you said or what we’ve said is new. WRSA is littered with people saying “Just go to TAILS, it is easy”. But i guarantee you that most have not. Looking at this site’s stats on the connecting countries, I am sure that only 1-3% are using Tor or VPN.

      So when you commented on WRSA that “While this cookbook approach is worth a try”…you identified the exact question….How can we get more patriots to shift towards linux-based approaches.

      A tech user on another forum said that “email is obsolete”, and I agree with him in principle, it is old technology and not secure….but 99% of users are not going to give up their email until there is a cost-effective, easy to use and widespread replacement. All tech adoptions are driven by an S-Curve, which is ultimately underpinned by behavior changes.

      The holistic outline of the InformOps menu structure is exactly that – an incremental approach to getting people more comfortable with technology, in bite-size chunks which have immediate impact in making them more private or anonymous. Our minimum goal is to have people running Tor Browser Bundle or ideally TAILS. We’re leading patriots up the S-Curve.

      It would be great if they could jump right into doing this with a used laptop (purchased off craig’s list), new laptop purchased in a different city with cash and wearing a disguise, hard drive removed, second air-gap laptop for sensitive work, linux distros all the way around, and working in VirtualBox or Whonix, and through double-tunneled VPN’s purchased anonymously with cash or washed bitcoin, and dropping down into darknet (Onion, Freenet, I2P) for anonymous communication… See the problem? No one is going to jump to that extreme if they are normal windows users.

      Baby steps. Incremental education and adoption. Turnkey solutions.

      Frankly, FreeFor elements could start a Deception Operations campaign. It would be great if they maintained a public Windows presence to do the mundane stuff, but were secretly proficient and disciplined in using TAILS for all patriot activity – maybe go so far as to create several fake public personae or groups via Windows on Facebook and other places. Overload the Intel Analysts with false data. Poison the data set.

      Sam Culper talks about some of this in his articles (http://guerrillamerica.com/2013/05/information-operations-part-two-military-deception/). We actually intend to talk about other areas of IO like this (deception, psyops, meme-warring, iWar 101) after we deliver the necessary technology lessons to support it. This is where we get into the Offense part of FreeFor IO. Protect, then Project.

      Thanks again for reading and commenting. Keep the feedback coming so we can evolve this blog into something that is useful for our community.

      ~ffio

      • T. E. Bowman says:

        On Windows currently and need to learn more about Linux. Fascinating…

  2. ffio says:

    T.E., Linux isn’t too hard, at least not anymore. They make flavors (called distributions, or distros) that look and act like windows in the sense that they are very user-friendly. In fact, if you continue following the lessons, I guarantee that within 6 weeks you’ll be running TAILS (which is linux), and probably by the end of the year you will probably be running all sorts of different flavors of linux either off a USB stick or in a Virtual Machine on your windows box.

    I will see if I can find some “get started” linux tutorials and post them in the self-study menu section.

    ~ffio

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Current Versions
Looking Glass Secure Email
Version: Latest Beta
Tor Browser: 04.09.15: Version: 4.0.8
Tails : 03.31.15: Version: 1.3.2
Gpg4win: 03.18.15: Version: 2.2.4

We suggest you do NOT follow us with your real email address. Do Lesson #2, get a new anon email, then follow us.

Join 47 other followers