Operating system security
Securing Windows Systems
Microsoft Windows is one of the most widely used Operating Systems ever. The great popularity of the feature-rich operating system has come at a price: With millions of lines of code in Windows, the Operating System has required hundreds of patches to ensure that it can be securely used on the Internet.
Unsecured computers that are directly connected to the Internet pose a threat to all users of the network. By compromising a single computer on a network, it may be possible an intruder to gain access to files, gather personal information, and disrupt the normal operations of the network. It is therefore imperative that we take precautions when connecting any computer to the campus network and Internet.
There are several steps one should take to ensure to secure a Windows computer when connecting it to the campus network:
- Activate the Windows Firewall before connecting the computer to the network. Attacks can happen very quickly once a computer is connected, often with in minutes or even seconds. You may not have time after plugging in the network cord to activate the firewall before your computer is compromised.
- Apply all current patches via Windows Update. It may be necessary to reboot the computer several times during this process. You should repeat this step as needed until there are no more critical or recommended patches that need to be applied.
- Turn on Automatic Updates so that your computer will continue to receive patches as they are released.
- Make sure all local accounts including the built-in local administrator or owner account have strong passwords. A strong password will be 6 or more characters in length, contain both numbers and letters as well as special characters, and not be found in a dictionary. Microsoft has advice on how to create strong passwords.
- Install and use virus protection software.
- Install and use spyware removal software.
Windows is the most popular operating system in the world that makes it the number one target for malware coders and hackers. Microsoft regularly adds security improvements for its operating systems. However, new features may potentially make operating systems less secure. As an example, Windows 10 comes with smooth integration of cloud-based One Drive. This makes Windows 10 more functional, but may also open new security holes. It means that securing Windows OS is a continual task. Here are solutions you should use to make Windows more secure.
1. Update Programs to Latest Version
Nothing creates more problems than letting your Windows OS open to exploits and hacks. Microsoft is doing a good job keeping Windows OS protected against latest threats, but you also need to participate. Make sure that your Windows installation gets the latest update pack. Use Windows 10 update assistant to automatically install the latest patches for your PC. You can also setup for manual confirmation before the patches gets updated.
Windows 10 Update Assistant
Besides operating systems, third party software could also become a gateway for malware and hacker. So make sure that all installed program gets patches and updated to the latest version. Web browsers, antivirus and firewall software must get their regular updates to prevent intrusions.
2. Encrypt Your Data
Encryption is essential, if you are keeping critical information in your laptop. There could be situations you may lose your laptop. Even if a thief manages to steal your laptop, it will be theoretically impossible for him to read your data. Most of the Windows 10 users can use easy tools like BitLocker to encrypt your data.
Enable BitLocker in Windows 10
Search for “bitlocker” and go to “Manager BitLocker” in Control Panel. You can also access BitLocker under “Control Panel > System and Security > BitLocker Drive Encryption”. Enable BitLocker for the drives you want by clicking on the link “Turn on BitLocker”.
Remember, BitLocker needs Trusted Platform Module (TPM) in Windows 10.
3. Use Local Account
There are definitely advantages of using Microsoft account for login to your laptop. But when you are logged into your Microsoft account, all your settings will be automatically synced with all your Windows 10 devices. This may cause a security risk and you may need to cut ties with Microsoft in some situations. If you are in a highly secure session, it is a good idea to use local account, instead of your own Microsoft account.
Learn step by step instructions on how to setup local account in Windows 10. You can also use PIN and image password to secure Windows 10 instead of regular login password.
4. Enable System Restore
System restore option will allows you to set the system back to the previous date whenever there are problems. By default, “System Restore” is disabled in Windows 10. So, you won’t be able to undo any problem that happens to your Windows 10 system. Follow these steps to enable system restore in Windows 10:
5. Use Windows Defender Security Center
Windows 10 has a built-in protection feature to stop viruses and malware. Check the health report from Windows Defender Security Center and ensure all statuses are showing in green.
Windows Defender Status
If you suspect any infection, do quick or advanced scan to thoroughly check your system.
6. Remove Bloatware
It’s annoying to see that your brand new laptop isn’t exactly original and it has been filled with all manner of unnecessary software. Most of the programs on the new laptop might be installed on your seller and not by Microsoft. These programs may represent security risks, if they are poorly developed or not yet updated. So, remove as many bloatware as you can before connecting to the network or the Internet.
Follow these steps to find an uninstall programs:
- Go to Start> Settings> Apps.
- you will the list of all installed apps under “Apps & feature” section.
Identify and remove any bloatware, especially those labeled as trial. Make sure that you don’t remove anything that originally comes with Windows 10 with the developer name as Microsoft Corporation.
7. Use Antivirus and Enable Windows Firewall
In most cases Windows Defender will not be sufficient to protect your computer. Use only reliable antivirus program that’s released by a well known company. An antivirus program should include automatic update, real time scanning and built-in firewall. If an antivirus program doesn’t include a built-in firewall, you must enable Windows Firewall.
Turn on Windows Firewall
8. Cleanup Spyware
If your computer is infected by spyware, pop-ups will appear and your browser will be directed to malicious websites. Your computer will perform slowly and a new toolbar suddenly appears in your web browser. If you want to avoid spyware, you shouldn’t click any suspicious link or answer a pop-up question. You also need to avoid downloading free programs. Popular anti spyware programs may include Lavasoft Ad-Aware, Spybot Search and Destroy and Malwarebytes.
If you are using Chrome, you can try Chrome Cleanup Tool to scan and clean malware from your PC.
9. Disable Ad Tracking
People may track your online behavior as you browse the web. This allows marketers to create a profile based on your interest and provide you with relevant advertising messages. It’s obviously not a good thing to allow people to observe what you do online. You need to disable advertising ID by following these steps:
- Search for “privacy” and go to “Privacy settings” under “System settings”. Go to “General > Change privacy options” and turn off the first option to disable interest based advertising.
- For higher level blocking of ads, open any web browser and go to Microsoft privacy ad settings page. You can disable interest based ads on browser, Windows and Microsoft account level.
After disabling interest based ads, marketers won’t be able to track your online behavior and you will still get ads, but they are generic ones.
10. Disable Location Tracking
Windows 10 tracks your location and it is helpful for many people. It helps you to locate the nearest restaurants and get latest updates about the local weather. But if security is your top priority, it is a good idea to prevent Windows 10 from tracking your location. Go to “Location” section in privacy settings. Disable the location service option.
You can also disable the location services for specific apps. Scroll down on the privacy location page and go to “Choose apps that can use your precise location”. Select any app you want, such as News or Weather and turn off the location services. When you disable this feature, Windows 10 still keeps past location history. So, you need to find “Location History” on the same page and click on “Clear” button to remove all saved locations. It’s something that you need to clear regularly and manually.
11. Manage Cortana Search
Cortana is very helpful, but there’s a trade off of using its service all the time. Cortana needs to know more about you to do its job well. This essentially means Microsoft knows each and every keystroke on your PC. Unfortunately you can’t switch off Cortana or Windows Search option in Windows 10. At the maximum, you can disable cloud search permission and clear device history in Cortana search settings.
Mac os Hardening Security Tips to Protect Your Privacy
When you get a new computer, setting it up is rarely a breeze, but if you’re privacy focused, things get even more complex. Mac security settings can be especially challenging to configure, as all kinds of activities are kept hidden behind the scenes. If you’re setting up a new machine or upgrading to the latest version of OS X, it’s never a bad idea to check your privacy settings.
There are many ways you can lose data, and each is a reason to regularly back up your files. Furthermore, downloading files and exchanging files with others is fraught with risks, and the number of threats targeting Macs continues to rise. Whether or not you use a personal computer or a public computer, there are plenty of actions you can take to improve your security and privacy. Here are 15 Mac-hardening security tips to lock down your Mac and your data.
Lock Down Access to Your Mac
- Create a standard account (non-admin) for everyday activities
When setting up a new Mac, the OS X setup assistant asks you for your name, a user name and a password, and uses this information to set up your first user account. Since there has to be at least one user with administrative privileges on your Mac, that first account is an administrator account. While this is useful — you can install software, and perform other actions, after entering your password — it can also be risky.
An administrator may make mistakes, and they can change or delete any file. They can also install any software, which may be a risk, if the software is malicious. Standard users, however, have limited access rights on a Mac. They can use, change, and create files in their home folder, access folders on shared volumes if the permissions allow it, change settings to non-secure preferences in System Preferences, and install some software (if it doesn’t need install items in the System or Library folders). While standard accounts are more limited, it can be useful to use for daily work, just to be safe.
Log into that second account, and use it for your everyday activities, and to store your personal files. Whenever an administrator’s password is required, type the admin user name, and the appropriate password. While this will lead to more password requests than if you were working under an admin account, each of these requests should raise a red flag and make you think whether you should be entering your password.
While using a standard account is not full blown protection from malware, it does protect from some types of malware, and can provide a warning that something is going on. It can also prevent you from blundering by deleting files that you didn’t mean to erase. So using two accounts is a tiny bit of hassle that is worth trying out to save you from potential disasters.
- Disable automatic login
When you first set up a new Mac, or when you do a clean installation of a new version of OS X, you create a user account, and that account is set, by default, to log in automatically at startup. This isn’t a problem when you’re at home, but if you use a laptop and travel, this is a serious risk. This automatic login means that anyone who finds your Mac only need to start it up to have access to your files.
You can change this, and tell OS X to display a login screen on boot. To do this, go to the Users & Groups pane of System Preferences, and click on Login Options; you’ll see a menu that lets you choose which user logs in automatically at startup, or you can choose Off from this menu to turn off automatic login. Another way to change this is in the Security & Privacy preferences. In System Preferences, click on the General tab, and you’ll see an option to Disable Automatic Login.
- Uninstall the standalone Flash Player
Lately, many security folks have been calling for the death of Flash Player — and for good reasons. Adobe Flash is riddled with vulnerabilities, and requires constant software updates to patch new flaws. If you don’t need to use Flash Player, you should uninstall it. There are two ways you can do this: use the Adobe Flash Uninstaller, or remove it manually. To do this manually, follow these instructions from Adobe’s uninstall guide.
- Use a password manager to help cope with phishing attacks
We routinely recommend that all Mac users create secure passwords; it’s important to create complex, unique passwords so they’re more difficult to crack. Unfortunately, the more complicated your passwords, the easier they are to forget. There’s a lot to love about password managers, including not having to remember so many unique passwords. Take a look at our list of 8 password manager options for Mac and iOS, and see which one works best for you.
- Run a two-way firewall (outbound/inbound protection)
Apple’s built-in firewall offers inbound network protection. But did you know inbound firewalls only protect against certain kinds of attacks? With the increasing frequency of new malware and targeted attacks, the best defense is implementing multiple layers of protection. If there is unknown malware on your machine, you want to be able to prevent it from connecting to the Internet — only firewall with outbound protection offer this security. Outbound firewall protection is arguably the most important component of two-way firewall software, at least from an anti-malware perspective. Outbound firewalls are remarkably good at alerting you about a piece of software that you know full well you downloaded, but didn’t think would be connecting to the Internet. Two-way firewall like offer real protection, because they combat inbound threats and can prevent malicious programs on your machine from calling out to the Internet; in turn, this provides locks down access to your machine while preventing data from leaking out.
Check Your OS X Settings
- Enable full disk encryption
A sound security strategy is to encrypt important data files and folders for an additional layer of protection. This way, if your Mac is stolen, they thieves won’t get access to your private data. Apple’s FileVault full disk encryption has been around for some time and it’s a great idea to turn this on. FileVault encrypts your entire hard drive using XTS-AES 128, a secure encryption algorithm. The reason why you should enable this feature on your Macs and MacBooks is if your hard drive isn’t fully encrypted, anyone who manages to steal your computer can access any data on it. With FileVault enabled, as soon as your Mac is shut down, its entire drive is encrypted and locked up. Only when an authorized user turns the Mac on and logs in are the drive’s contents unlocked. (Yet another reason why it’s a good idea not to have an obvious password.) To enable FileVault, first make sure you have logged into OS X with an administrator’s account, and go to System Preferences > Security & Privacy > FileVault. Once there, press Turn on FileVault.
- Disable Spotlight Suggestions
OS X Yosemite has a revamped version of Spotlight, which can serve up suggestions from the Internet. However, if you aren’t careful to change its default settings, OS X Yosemite’s Spotlight can leak your private information back to Apple. And that information may not just be shared with Apple itself, but also third party providers such as Microsoft’s Bing search engine. For these reasons, you may choose not to use Spotlight web search and, fortunately, if you don’t like the feature — you can turn it off.
Open System Preferences and choose Spotlight. Now deselect Spotlight Suggestions, Bing web searches and anything else that doesn’t suit you. Now, before you relax and pat yourself on the back, you’re not quite done. You have stopped Spotlight from sharing your search queries, but you haven’t stopped OS X’s default browser from doing the same trick. To stop Safari sharing the same information, go to Safari > Preferences > Search, and then disable “Include Spotlight Suggestions.”
What if you’re an iPhone or iPad owner? Disabling this feature is a similar process. Simply go to Settings > General > Spotlight Search, and then disable Spotlight Suggestions, Bing Web Results, or anything else that you don’t want or need.
- Audit your Security & Privacy settings
How comfortable are you with sharing your physical location with different apps? Do you even know which apps are receiving details of where you are? A quick visit into OS X Yosemite’s System Preferences can reveal all. To update these settings, you need to click on Security & Privacy and choose the Privacy tab. Once there, you can choose Location Services and view whether they are enabled and, if so, which apps can access your location. To make changes to these settings, you may need to unlock the padlock by entering an administrator password.
- Check for software updates often
Regardless of whether or not you believe malware is a problem on Macs, it’s not the only threat you should be concerned about. As we’ve explained before on The Mac Security Blog, there are multiple ways in which malicious attackers can target your Mac, and this raises the importance of employing a layered approach to security. For these reasons, it’s important to keep your software up-to-date to thwart new security threats.
Mac OS X has a built-in software update tool, called — you guess it — Software Update. You can access this by clicking on the Apple menu in the menu bar. When you launch this program, it will check Apple’s servers to see if any Apple software updates are available. It’s a good idea to to run “Software Update” and patch your Mac promptly when security updates are available.
- Don’t leave your computer unlocked and unattended, there’s a good chance it won’t be there when you get back
Lock your computer when unattended to keep prying eyes from snagging your information when you are not looking. A valuable trick I learned is to set up screen saver hot corners, so whenever I step away from my Mac I can quickly lock it before I go. To do this, go to System Preferences > Desktop & Screen Saver, and choose “Hot Corners…” You can select one, two, or multiple corners that — when you hover your mouse over — it will start the screen saver, requiring your password to unlock the system.
IMPROVE OUR LINUX DESKTOP SECURITY
There are lots of Linux servers out there – sufficiently many that it’s impossible to give the precise number, and difficult even to come up with a good approximation.
But we’re unlikely to offend anyone if we say that at least 20%, probably 40%, and possibly more than 50% of the internet’s servers run some flavour of Linux.
As a result, cybercrooks have learned how to hack into Linux servers on an industrial scale in order to steal both storage space and network bandwidth.
With these hacked servers, they push malware, spam, scams and phishing campaigns onto users worldwide.
Of course, the vast majority of the victims who get attacked or infected via compromised servers are running Windows, simply because the vast majority of end users are running Windows.
If you run a Linux desktop, life can be a lot quieter.
Part of that is being in a small minority, with Linux probably running on only about 2% of desktop computers worldwide.
Being in a small minority means you haven’t yet attracted much attention from cybercriminals, who are making huge amounts of money from the Windows ecosystem already.
But is that enough to consider yourself safe?
No, it isn’t.
Linux malware does exist and has occasionally spread extensively in the wild; Linux users do get phished; Linux laptops do get lost, or stolen or hacked; hard disks do get removed from Linux computers and sold without being wiped – and any of these could put you, your privacy, or even your identity, at risk.
So here are five easy steps to enhance your Linux security.
1. CHOOSE FULL DISK ENCRYPTION (FDE)
No matter which operating system you are using, we recommend that you encrypt your entire hard disk.
If your laptop is lost or stolen, using a simple login password won’t protect your data: a thief can just boot into Linux from a USB key and read all your data off without a password.
By encrypting your hard drive, you ensure your data remains secure, because the thief won’t be able to read anything without the FDE password.
The advantage of FDE over encrypting just your home folder and the files in it is that you no longer have to worry about temporary files, swap files or other directories where important files might end up without you realising it.
On any fairly recent computer, you’re unlikely to notice, or even to be able to measure, a slowdown in day-to-day use due to encrypting everything.
On Ubuntu and Fedora, as in many other Linux distributions (distros for short), full disk encryption is available right at install time.
You can easily enable it during the installation by selecting Encrypt the new Ubuntu installation for security:
And, of course, remember to pick a proper password!
2. KEEP YOUR SOFTWARE UP-TO-DATE
Again, no matter which operating system you are using, you should always keep both your operating system and your applications, such as web browsers, PDF readers and video players, up to date.
Most Linux distros make this easy.
On Ubuntu, by default, security updates are installed automatically.
You can double-check this at System Settings | Software & Updates | Updates.
Make sure the Important security updates option is turned on:
3. TIGHTEN UP SECURITY IN YOUR BROWSER
The browser is the way in for many current cyberthreats, whether you use Mozilla Firefox, Google Chrome, Opera or another browser.
Many free extensions are available to improve the security of your browser, and your privacy as well. Among others, you may want to consider the following:
- Adblock Plus
4. USE ANTI-VIRUS SOFTWARE
We saved this one until last because it has long been a bone of contention with a vocal minority of Linux faithful.
Some people will tell you that it’s pointless installing an anti-virus software on a Linux-based operating system.
Half of the argument is that most of the malware you will detect on a Linux computer will be for Windows, and why should you be responsible for that?
The obvious answer is, “Why not? What if you pass an infected file onto someone else and thus make yourself part of the problem rather than the solution?”
The other half of the argument is that malware on Linux desktops is rare enough that you might as well pretend it doesn’t exist at all.
My personal opinion is that if you feel safe just because you think the risk of a breach is low, then attackers have already outsmarted you.