Secure your devices

From TCU Wiki

Secure your devices

This is a collection of resources for human rights defenders to better understand when, why and how to secure devices.

Use antivirus or anti-malware

Advice

1. Know how to check if your antivirus or anti-malware app is working and updating itself.

2. Perform periodic manual scans.

3. Choose and run only one anti-malware app; if you run more than one on a device, they may interfere with each other.

What about antivirus? Article by David Huerta (2020) of the Freedom of the Press Foundation Here's a good article Excerpt: "Antivirus software is one of the oldest offerings available from the now billion-dollar cybersecurity industry. But what does antivirus software do to help protect our devices, what does it not do, and do we really need it?"

Antivirus software options

Windows On Windows 10, Security in a Box recommends to turn on Windows's own anti-malware protection Windows Defender

Linux On Linux you can manually scan your device for malware with ClamAV. But be aware it is only a scanner, and will not monitor your system to protect you from infection. You can use it to determine whether or not a file or directory contains known malware — and it can be run from a USB memory stick in case you do not have permission to install software on the suspect computer. You may also consider using paid antivirus (e.g. ESET NOD32)

Software available on multiple operating systems that offer free versions:

  • BitDefender (Android, iOS, Mac, Windows) - Warning: This can be a heavy program for many computers.
  • Malwarebytes (Android, iOS, Mac, Windows). Malwarebytes full version is free for 2 week, but you can manually scan your device without time limits.
  • Avast antivirus (Android, iOS, Mac, Windows)

Not recommended:

From the community: AVG, Avira were found to be running mining operations on consumers PC and they don't offer proper protection.

Note that all antivirus and anti-malware apps collect information on how the protected devices are being used. Some of this information may be shared with companies which own them. There have been cases where this information was sold to third parties.

Full disk encryption

For computers

Apple provides a built-in, full-disk encryption feature on macOS called FileVault. Guide: How to encrypt your iPhone (available in 10+ languages)

Linux distributions usually offer full-disk encryption when you first set up your system.

Windows Vista or later includes a full-disk encryption feature called BitLocker. Guide: How to encrypt your Windows device (available in 10+ languages)

For smartphones and tablets

Apple devices such as the iPhone and iPad describe it as “Data Protection” and turn it on if you set a passcode.

Android offers full-disk encryption when you first set up your device on newer devices, or anytime afterwards under its “Security” settings for all devices.

Disk encryption vulnerabilities

There are some risks related to disk encryption that you need to consider before moving forward, and find ways to mitigate these risks:

  1. Data is exposed as soon as it leaves the protected disk
  2. Data is exposed in the clear if a user session is hijacked
  3. Data is exposed if device credentials are compromised
  4. All data is protected by a single key, which means that if you lose that one key, you lose access to the device

Disable features that create vulnerabilities

iPhone and Mac devices offers Lockdown Mode - "When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all. Lockdown Mode is available in iOS 16, iPadOS 16, and macOS Ventura."

Android also offers a version of Lockdown Mode - "When lockdown mode is enabled, fingerprint sensors, facial recognition, and voice recognition do not function. Once you've activated lockdown mode, the only way to gain access to your device is either via PIN, password, or pattern. One thing you must know about lockdown mode is that it's a one-time thing. In other words, once you've enabled it, it will immediately be disabled upon successful login. That means you have to re-enable lockdown mode every time you want to use it."

Separate your phone number from your device

Guidance: https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/

Last updated Nov 30, 2023

Source for this content: Security in a Box , Electronic Frontier SSD, and discussions with human rights security practitioners.

Retrieved from "https://wiki.digitalrights.community/index.php?title=Secure_your_devices&oldid=50296"