How paranoid are you about security?

On a scale of 1 to 10, 10 being most paranoid borderline OCD borderline certifiable, how paranoid r u about your computer's security?

e.g. are you afraid of worms and viruses? afriad of hackers? afriad of tracking cookies? afraid of flash sites? do you turn off javascript? do you use firefox instead of IE? etc etc etc.

What measures do you take to this end in feeding to your OCD in security?

e.g. do you install antiviruses with software firewall and hide behind a router's NAT? do you install noscript on firefox? do you use bitlocker? do you spend a few hours a day searching sites on hardening your rig? do you configure group policy settings to lock ur system down? etc etc etc.

Tell us about it. Be comprehensive too so us noobs can learn the ways of the master.

______

I myself am prob on a lvl 2-3. I have free avast and thats about it. I even use IE sometimes I dont care. I also use administrator account only.

 

Great Q, I would rate myself a 10. I will start with choice of browsers, I am an IE guy and to beef up security much can be done. set security level to high, turn off the save passwords feature, use phishing filter, never turn off pop up blocker, never type in url's directly , use a search engine such as bing to verify url's . don't use trusted sites feature. Delete browsing history on exit.. I could go on.
Also do a regular full system image and frequent incremental backups. I even store my external hard drive with images off site. (in my bomb shelter)
Last article I read on tracking cookies is that they do their dirty work before you can delete them...
I also do not install java. I come from a company where I could get around almost every wall they raised so I learned from their mistakes.
Also I use a spoof email account for many sites that I am not certain are legit.

 

I use Free Microsoft AntiVirus, Windows Firewall and Dual Boot Fedora.
I do not encrypt my harddisk.
I do lock down my gpedit to require authentication when some program require low level privileges.
I use https everywhere and google SSL to encrypt packet when possible.
I use firefox because of the numerous extension add ons.
Not afraid of worms, viruses and etc as long as you know what you are doing and how computers work.

 

-> I don't think paranoia will help here, the risk of viruses/hackers to the individual is far less than the risk of the capitalist Stasi 2.0 (Facebook, Google who datamine for your personal information).

What kind of hacker will attempt to try and attack some personal computer? Maybe a hobbyist will try, but he change that this will happen is very, very low.
If, however, you are a public agency or corporation then the risk is significantly higher.

For personal use a Router with an activated Firewall should be standard - also because even the cheapest ones come with one. One should ask the other way round - why switch it off? If some program is written badly and needs an open port, or you want to do something not allowed by default - forward the port.
No paranoia there at all - just common sense.

Firewall on a computer - standard again -> also, why switch it off?

Antivirus software - with the great free programmes "out there" (Microsoft Security Essentials for example) the question is rather why not use it?

-> With this done, you're pretty much set.

Ok, I like my ads blocked in FF as well - they would drive me off the web.

NoScript - you can use it, I never found a use for it - it seems more like a plague to me (considering Scripts are used on plenty of sites nowadays... although it would help against google analytics...)

On this note, your chances of "catching" malware are significantly higher when you download files - either from unknown websites or torrents of any sort - if you don't use torrents at all, that's one significant attack vector less.

Then just download every piece of software that comes your way and your set I'd say.

 

I install MSE, do Windows Updates regularly, and just watch how I browse and what I download.

I'm not really worried as long as Windows + MSE are up-to-date.

 

I m paranoid of people who use letters instead of words in sentences so I cannot answer this post....

 

i care more about hackers and the NSA than viruses ^^ so 1 on virus and an 8-10 on hackers and 25 for NSA

 

Paranoid, afraid? No.
Aware, alert? Absolutely.

Despite what the general public thinks, hackers have better things to do than break into your home computer; they (poorly) write software such as keyloggers and botnet rootkits that unaware net users (read: idiots) freely download themselves, they are often disguised as other programs like keygens. Then the rootkit phones home when required, or worse, lies dormant until a master call is initiated and your computer is revealed as a zombie in a large botnet.

Sometimes hackers will set traps in free unsecure wifi zones to catch idiots who transmit personal or financial data, again easily avoided. If a hacker is specifically targeting you, you've done something to royally tick one off and you might have had it/seen it coming. They don't do random targeted attacks. It's either random, or targeted.

@josea

I do that too, it's actually really good practice. You wouldn't believe how much spam my spoof accounts get, though it's a tad embarassing that nbr points to one of them (don't get any spam from nbr though )

As far as my own awareness goes... it's up there. While I don't encrypt my HD (what's the point? if someone steals your drive the sucker is going to be decrypted or trashed no matter what, and it's probably your own fault for letting your stuff get jacked) or use crazy addons like https everywhere for my home usage, when I'm mobile or on a network that has an ounce of untrustworthiness (like a public net) I will use a customized live linux USB for pretty much anything I need to do. Though I still won't do transactions and the like at anywhere but home.

@ksd: "and 25 for NSA"
I lol'd, because they NSA really doesn't have better things to do sometimes and really does do random peekjobs in the interest of "national security". Because your grandmother's secret pie recipe is a danger to the USA.

 

Relatively paranoid, although there are better ways of ensuring secure computing than installing tons of security addons, firewalls, and AVs. I have only MSE and a few other run-on-demand tools that I use maybe every other month.

 

I would rate myself 10 outta 10

I do my best not to get stampped while surfing / downloading.
Using Avast, malwarebytes and Defender. (Still got some crazy stuff happening in my system.)
I go crazy when i see some friend of mine suddenly mailed me a link, be it on email or FB wall.. i open my incognito n paste it there, delete the last few character talking about some ID numbers and then hit the go
I dont EVER click the sites from google search [or somewhere else ] which got even a orange warning from WOT.
I cross check any USB thumb drive with Malwarebytes and then Panda USB vaccine.

I think my case would warrant for a cyber-psychiatrist

 

^^That. MSE & Updates & Windows Firewall.

I will still use SAS every so often.

 

Just cover all the exploits that you can and keep your OS and security software up to date. Most people just try to get into home PCs to add them to their botnet so they can go after larger targets. If you are too much hassle to get into, they will just move on to the next target.

 

Maybe a 2

I have 12 different partitions to each and every hard drive i have with each partition getting a different manufactuers AV/Firewall/Malware program and i constantly have these backed up into image drives that are then scanned with yet another AV program. The information is then reimaged on different partitions than original so the process can start anew. After my default is reloaded into partition 1 i then allow myself to access the internet with all sites blocked except wikipedia, yahoo and NBR (and settings to high in all net browsing). After 5 minutes of internet time i have it set to force log off and repeat the 12 step process again so i'm sure no one has snuck anything in while i was carelessly browsing and maybe not paying attention.

After i finish my daily browsing i have the process repeat once more than imaged into a totally clean drive and then have all "used" drives secure erased 10 times to make sure nothing is left.

See not paranoid at all

Just kidding... Basically i just install Microsoft Security Essentials and watch what i do online (i.e no funny sites, no random email attachements, etc) and have a strong password on my routers firewall. Just the basics

 

12 different partitions? backing up? looks like virtualization to me
with still some weakness...
13 different partitions ... that's better
two separate computers with no link what so ever could do the job as well, one for browsing only.
Entering a code in a hardware device every minute in order the computer not be distroyed.
kidding too
I'm pretty sure no one here reach the level 10 as writing here would be pretty much risky already for a level 10

 

Depending on my mood I sit between a 8 and 10. Now with linux and encryption Im more of a 4-6.

 

SpywareBlaster for prevention in the first place
Malwarebytes paid version
MSE (before MSE was Avast)
Windows firewall and Router
Use common sense and watch what you're doing - been solid for well over 3 years with this configuration on all my systems

 

My win7 install has chrome, mse, ccleaner, vlc, and virtualbox. Oh and games.
I only use chrome when watching netflix; that's literally the only site I visit.

Besides games and netflix, I do all web browsing, office stuff, and work on a virtual machine or two.

Malware? Bring it! I have snapshots.

Oh and all my passwords are randomly generated mixes of letters, numbers, and symbols at least 16 characters long. To access my pw database requires 3 factor authentication (smart card, fingerprint scan, and easier to remember 16 character mix of letters, numbers, and symbols password).

But I do have some malware on one of my vms. Intentionally. My host system's av kept destroying them, so I had to hide them in a vm. Sticking them in an encrypted .rar works too, but is a hassle to add more stuff to the .rar.

As far as connectivity... Everything is wired, no wireless. Ssl is used where available, as is tor if needed. Vpn tunneling is also an option. It depends on what I'm doing.

 

I'm on windows 7. I use Chrome as a browser and no antivirus. Up until recently I used MSE. I have ads blocked as well as a malicious list blocked all via DDWRT in my router.

I'm really not worried at all.

edit: I'm reading a lot of people who are really paranoid and I don't really "Get it." It's not difficult to be safe...

 

It depends who you are. As a random person, you might get hit by drive-bys, worms, or chain mails. But some people have jobs that make them targets. Infecting a home computer can often lead to infecting an enterprise network; people transfer stuff all the time.

 

I'm confident that drive-bys won't really do much to me with just the simple steps I've taken.

 

Also, an important note to some of you. Having multiple antiviruses won't help and in fact it will HURT your security. If you have two realtime antiviruses running at the same time they will interfere with each other and not only will it hurt performance it will hurt your security.

Stick to one realtime antivirus and if you're super paranoid a "scanner" only antivirus such as SUPERAntiSpyware (my personal favorite.)

 

Oh and if you've managed to off a decent hacker don't expect any of the things I've seen listen in this topic to do anything. Protection from malware is not even close to being related to defense against a hacker.

 

At home not very, maybe a 2. AV and windows updated. Decent router and pay attention to what I'm downloading online.
At work, a 10. Corporate firewall, 2 AV scans a day(one on boot up and 2nd after work day), restrict browsing access and limit users to no admin privledges.

 

Doh...double post.

 

Maybe the following link is helpful for you: It's your mindset that sets you apart (especially the link entitled " Security is not a solution, it' a concept", which might give you / some/ starting points to consider). Generally speaking, it's important to realize your own stupidity.

"Hackers" is a term that refers to the good guys. By definition, someone who breaks into machines (unless / maybe/ if it served some REALLY good superordinate purpose, depending on who you ask) is not a hacker, but a "cracker".

The term "hack" is more of an artistic nature than anything else. The Great Beanie is one example of a hack that doesn't really have anything to do with IT. You may be able to get a more detailed idea of the term "hacker" by visiting the so-called Jargon File, which attempts to reflect a typical hacker.

Theoretically, it is often possible to break out of virtual machines.

Here is just one example of security holes in virtual machines: Real Holes in Virtual Machines - The H Security: News and Features

 

That was VMWare 4 years ago. Every program that connects to the network probably has had a vulnerability at some point.

 

Yes. Like I said, just one example. I've encoutered quite a few people who just didn't want to believe that virtual machines are NOT magic bullets, so I provided an example.

 

An example with a problem -> while there most likely is a weak point in a virtual machine, a weak point from even just 1 year ago is ancient in the computing world.

On that note though - if there is a weak point, it would rather be an interface between the hosting OS and the Virtual Machine than the internet connection...

 

Your provided example doesn't prove your point. If you want to say that virtual machines are full of holes, you need to provide recent examples to show a trend of security holes or an actual vulnerable hole.

Your example is like saying SSH isn't secure because in SSHv1 there was a buffer overflow that granted you root access.

You're right, nothing is fool proof. Nothing. But you have to realize that the company patches their programs. Sometimes it takes a month or so, but it doesn't take 4 years. And as VMWare is an extremely important program for a large number of enterprises, you can bet that it's constantly tested for vulnerabilities and fixed.

Right now, using a virtual machine is pretty much as close as you can get to a "magic bullet" while staying on the same hardware. The concept is sound, but the programmers are human. They make mistakes, and mistakes are found and fixed until there are none. Then of course the company releases new features and you have to start all over again.

 

I'm a 2. I'm not concerned at all really.

 

So if I show you a hole in a virtual machine monitor or hypervisor then it's a valid argument, but if some days later the vendor would have fixed the hole the argument would become invalid? Isn't that a bit short-sighted?

The biggest problem with this is that the rate of zero day vulnerabilities which are found by different people during the same timeframe increases. In consequence, it gets more and more likely that there are zero day vulnerbilities that few have heard of yet but are being exploited by some malware, because the rate of people who decide to not disclose information about the vulnerability to people who do exploit it changes. Of course this is true for all software, but the problem with it is that from my experience, people sometimes just won't belive that this also applies to the concept of a virtual machine and that it is not automagically secure at all times - which is the reasoning for why it doesn't matter that the example is old. For those like you who already knew that nothing is fool proof, it's nothing new, but there are two reasons why I provided an example:

• There are various kinds of readers on this forum, and I'm trying to keep my posts understandable
• I couldn't estimate what amount of knowledge you might have about virtualization, but you statement of "Malware? Bring it! I have snapshots." made me believe that you might just have started to use virtual machines.

It seems to me that you felt offended by that, which was not my intention.


A more recent example of someone relying on a virtualization software and paying a high price for it was when the root keys for the Sony PS3 and PSP gaming consoles became compromised. And when the security system of Microsoft's Xbox360 gaming console got compromised for the first time. And these virtualization systems are VERY important to the respective enterprises. The difference between them is that when the Xbox360 got compromised for the first time, it practically had no effect on Microsoft, because they had good plans for that. They released an update that was being installed by many people because it was required for Xbox live, which Microsoft made a central experience of the Xbox360. That update burned a fuse on the processor which made downgrades impossible because the previous firmware would not have understood the "new" processor. Sony's only plan seems to be "If a feature becomes a security risk, remove it." (they removed "Other OS"). You probably know how that turned out.

So what I'm saying is: yes, right now there may not be any known vulnerabilities in whatever virtualization software it is that you're using, but if you don't have plans for worst-case scenarios and procedures that help protect you then that might change faster than you want it to. So my argument is indeed like saying "SSH isn't secure because in SSHv1 there was a buffer overflow that granted you root access", which is exactly what I wanted to make clear in the context of virtualization in order to prevent that someone believes that virtual machines are armor plated. Quite a few people who don't have much experience with vitualization solutions believe that they are.

Relying on virtual machines is not enough. For instance, the concept of a virtual machine is not taking into account the varios threats by insufficient physical security. What about access to firewire? HDDs that don't use good low-level encryption, lost laptops? Data left in spare areas of erased SSDs? Hardware keyloggers? It's not just potential access from the internet that's an attack vector, and at the same time on the other extreme, virtual machines can't do anything against attacks that mainly take place outside of the host, such as Koobface, or router DNS manipulation through XSRF.

Another question is: yes, virtual machines give you the ability to use snapshots, but do you actually make use of that feature in a way that would increase security? Do you have updating automatisms for the virtual machines which will return them to an up-to-date state after you wipe them regularly, and do you even wipe them regularly?

There are also known succesful attacks on a Harvard Architecture system through buffer overruns.

Yes, again these are just examples, but they explain the most important thing about security: that there's an endless number of things that have to be considered, of which you have to find the relevant ones. It's not a GOOD THING™ to say that virtual machines are "magic bullets" - people may misinterpret that if they don't have as much experience and/or knowledge about security.



PS: Am I the only one to think it's funny how everyone in here saying that he/she isn't concerned about security automatically verifies that statement by disclosing the information that he/she is not concerned about security?

 

Reasonable paranoid I guess. No automatic log in on my computers. Windows firewall on, latest updates from MS, antivirus and a hardware firewall. Stopped using wireless in my apartment. Regularly run spyware detectors.

 

I don't feel paranoid, but I do:
update AV defs daily,
block autoruns on everything,
don't access a site chrome tells me I shouldn't...

 

I always use ssl, even with google, and block pretty much the entire web. firefox.

 

9

the usual, antivirus, firewall...also may be a blocker...

encryption for sensitive data..

 

i am using MSE and i update it regular . as long as it works fine for me i don't care much

 

I'm not afraid to surf the web but I am constantly alert and aware.
My AV has real-time protection shields and updates itself each and everyday.
I scan usually 5 times a week (full scans, I like to switch between full scans with Avast and Malwarebyte's)
I have Ad-Block Plus
I have Spyware Blaster
And good ol' windows firewall from Windows 7
I feel protected and safe

 

Not at all paranoid. In fact, here's my password: ****************

 

i wasn't paranoid until reading some of the lengths other people go to...
perhaps i should reassess my browsing habits and pc protection.

 

Add NoScript there.

 

Disabling Javascript has saved me several times.

 

Well, I suppose I am careful with my files and online security.

To login into my laptop, you would need one of my ten fingers (and no, fingerprint scanners don't work with dead, cut-off fingers ). Otherwise, it's a long, long password of all sorts of characters.

On my hard drive, I have a 8GB TrueCrypt file, protected by AES+Twofish and Whirpool hash. To generate its password (as well as all my other passwords), I used a randomly-generated 32-character password with all possible characters (or, for websites that don't accept 32 characters or special characters, whatever is the highest and most secure). My Keepass is AES protected with a long, but easy to remember password (though most people don't know much about what I like in my private life, so it's easy for me to remember a password based on something other people wouldn't know about me). Keepass-stored passwords are mostly used for secure websites, like email and online banking; for online forums, I still type in my username/password.

I use Microsoft Security Essentials for real-time virus protection, and Malwarebyte's Anti-Malware free version for more in-dept scanning.

With Firefox, I have Adblock-Plus, NoScript (I have to admit that this is annoying when you first use it, but most of my most-visited sites are white-listed), HTTPS-Everywhere, and BetterPrivacy. Sure, my internet performance is slowed down on an already slow connection (1.5Mbps DSL), but I don't game online, nor stream video, nor use torrents very often.

And, probably the most important security feature in my opinion, is that I never allow anyone other than myself to use my laptop. Nobody. Period. No ifs, ands, or buts. Another common sense idea is that I don't post personal contact information on my Facebook account (or anywhere else, for that matter), except for the required email address (one that I don't use often). No phone number, no address, and obviously no other information that I am not 100% comfortable with sharing with the rest of the internet.

Another practice I have, though not strictly a security feature, is to have multiple backups of everything information (school work, legal, photos of things dear to me, etc). Aside from my laptop's drive, I have another two laptop drives laying around that I can attach via a hard drive dock, and I have a portable hard drive and flashdrive as well, plus a Dropbox account (with my data encrypted, of course). Each solution has its own TrueCyrpt file

Paranoid? Maybe, but I feel safe that it's next to impossible for anyone in the world to harm my data or myself using technology as an attack vector (I'm still suspect to someone physically attacking me, but there's not a lot anyone could do about that).

 

@privatejarhead Your security setup is quite impressive. However, you resurrected a dead thread. I would add Sandboxie and Comodo Firewall and Defense+ and you might want to consider Mamutu.

As for me, As long as I have brains in my head, MBAM, and a firewall , I'm safe.

 

I just set up my fingerprint scanner today, and can't help but wonder why you would scan all ten fingers as options. Seems to me that picking only one or two would be a more prudent option, given the ability to choose a timeout period after x attempts. I scanned two fingers (and certainly not the index fingers, and not only using one hand).

 

Idk, I just did. Didn't really think about it until later.

 

I find using anything but your index finger to scan with the fingerprint scanner is uncomfortable. How do you do it? lol

 

I assume they require all your fingers because if something were to happen to your idex (broken, burnt, cut, swollen, chopped off, etc.) you could use your other fingers to gain access to folders/logins/files, etc.

It would be really annoying to remove a bandaid from your cut finger, scan it, and then put the bandaid back on for example.

Scanning all fingers took me 5 minutes, so it's not like you'd be going out of your way to enter them all

 

Hehe... well, isn't there the option to fall back on the password, anyway?

But to answer the OP, I'm probably about a 9.x.

 

10 out of 10.

I virus scan my pc once a week, and I have the firewall on at all times.

 

I'm super paranoid, I even do format/win7 clean install every now and than.