Secure your devices: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
== Use licensed operating systems and software == | |||
= | Some general advice is almost always true, however. When you buy a device or an operating system, keep it up-to-date with software updates. Updates will often fix security problems in older code that attacks can exploit. Note that some older phones and operating systems may no longer be supported, even for security updates. In particular, Microsoft has made it clear that versions of Windows Vista, XP, and below will not receive fixes for even severe security problems. This means that if you use these, you cannot expect them to be secure from attackers. The same is true for OS X before 10.11 or El Capitan. | ||
== Use antivirus or anti-malware == | == Use antivirus or anti-malware == | ||
Line 64: | Line 62: | ||
== Separate your phone number from your device == | == Separate your phone number from your device == | ||
[https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ How to use signal without giving out your phone number] (article) - A step-by-step guide to protecting your private phone number while enjoying the security of encrypted texting app Signal. | |||
---- | ---- | ||
''Last updated | ''Last updated June 18, 2024'' | ||
Source for this content: [https://securityinabox.org/en/phones-and-computers/malware/#use-antivirus-or-anti-malware Security in a Box]'' , Electronic Frontier SSD, and discussions with human rights security practitioners.'' | Source for this content: [https://securityinabox.org/en/phones-and-computers/malware/#use-antivirus-or-anti-malware Security in a Box]'' , [https://ssd.eff.org/ Electronic Frontier SSD], and discussions with human rights security practitioners.'' |
Revision as of 15:13, 18 June 2024
Use licensed operating systems and software
Some general advice is almost always true, however. When you buy a device or an operating system, keep it up-to-date with software updates. Updates will often fix security problems in older code that attacks can exploit. Note that some older phones and operating systems may no longer be supported, even for security updates. In particular, Microsoft has made it clear that versions of Windows Vista, XP, and below will not receive fixes for even severe security problems. This means that if you use these, you cannot expect them to be secure from attackers. The same is true for OS X before 10.11 or El Capitan.
Use antivirus or anti-malware
Advice
1. Know how to check if your antivirus or anti-malware app is working and updating itself.
2. Perform periodic manual scans.
3. Choose and run only one anti-malware app; if you run more than one on a device, they may interfere with each other.
What about antivirus? Article by David Huerta (2020) of the Freedom of the Press Foundation Here's a good article Excerpt: "Antivirus software is one of the oldest offerings available from the now billion-dollar cybersecurity industry. But what does antivirus software do to help protect our devices, what does it not do, and do we really need it?"
Antivirus software options
Windows On Windows 10, Security in a Box recommends to turn on Windows's own anti-malware protection Windows Defender
Linux On Linux you can manually scan your device for malware with ClamAV. But be aware it is only a scanner, and will not monitor your system to protect you from infection. You can use it to determine whether or not a file or directory contains known malware — and it can be run from a USB memory stick in case you do not have permission to install software on the suspect computer. You may also consider using paid antivirus (e.g. ESET NOD32)
Software available on multiple operating systems that offer free versions:
- BitDefender (Android, iOS, Mac, Windows) - Warning: This can be a heavy program for many computers.
- Malwarebytes (Android, iOS, Mac, Windows). Malwarebytes full version is free for 2 week, but you can manually scan your device without time limits.
- Avast antivirus (Android, iOS, Mac, Windows)
Not recommended:
- AVG antivirus (Android, iOS, Mac, Windows)
- Avira antivirus (Android, iOS, Mac, Windows)
From the community: AVG, Avira were found to be running mining operations on consumers PC and they don't offer proper protection.
Note that all antivirus and anti-malware apps collect information on how the protected devices are being used. Some of this information may be shared with companies which own them. There have been cases where this information was sold to third parties.
Full disk encryption
For computers
Apple provides a built-in, full-disk encryption feature on macOS called FileVault. Guide: How to encrypt your iPhone (available in 10+ languages)
Linux distributions usually offer full-disk encryption when you first set up your system.
Windows Vista or later includes a full-disk encryption feature called BitLocker. Guide: How to encrypt your Windows device (available in 10+ languages)
For smartphones and tablets
Apple devices such as the iPhone and iPad describe it as “Data Protection” and turn it on if you set a passcode.
Android offers full-disk encryption when you first set up your device on newer devices, or anytime afterwards under its “Security” settings for all devices.
Disk encryption vulnerabilities
There are some risks related to disk encryption that you need to consider before moving forward, and find ways to mitigate these risks:
- Data is exposed as soon as it leaves the protected disk
- Data is exposed in the clear if a user session is hijacked
- Data is exposed if device credentials are compromised
- All data is protected by a single key, which means that if you lose that one key, you lose access to the device
Disable features that create vulnerabilities
iPhone and Mac devices offers Lockdown Mode - "When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all. Lockdown Mode is available in iOS 16, iPadOS 16, and macOS Ventura."
Android also offers a version of Lockdown Mode - "When lockdown mode is enabled, fingerprint sensors, facial recognition, and voice recognition do not function. Once you've activated lockdown mode, the only way to gain access to your device is either via PIN, password, or pattern. One thing you must know about lockdown mode is that it's a one-time thing. In other words, once you've enabled it, it will immediately be disabled upon successful login. That means you have to re-enable lockdown mode every time you want to use it."
Separate your phone number from your device
How to use signal without giving out your phone number (article) - A step-by-step guide to protecting your private phone number while enjoying the security of encrypted texting app Signal.
Last updated June 18, 2024
Source for this content: Security in a Box , Electronic Frontier SSD, and discussions with human rights security practitioners.