How to Protect your Internet Anonymity and Privacy/Securing your Computer

Securing your Computer

Spyware
Spyware intended for infecting random victims is not usually a great threat, depending on what information and how you store them on your computer. Antispyware programs, like antivirus programs, will be effective in removing known spyware. Since there are limited ways to hook on to the keyboard, screen or network adapter, common forms of software spies should not be difficult to detect.

More difficult to detect are "zero day" spyware, new variants which appear in the wild for the first time, and custom spyware targeted at you. Custom spyware may even be installed on your computer after gaining physical access to it. So it is healthy to assume that there is always the possibility that your computer is not totally free from spyware.

The anonymity tools you installed on your computer may be spying on you themselves. Open source software is preferred but there is the possibility of compromised copies downloaded from unofficial sources.

For all sorts of malware, two types of software covers all the protections required - antivirus software and antispyware software. If you are not worried about people spying on you, only antivirus software may be enough, though spyware may steal your passwords. If your data is well backed up, and you do not visit unknown websites often to download things, virus is not a big deal. People in China are more worried about people knocking on their doors than invisible tiny virus wiping out their computers.

The best software changes from year to year and even months, so you have to watch your options. Antivirus software are easier to select as there are many published lab tests. Avast and AntiVir are very good virus detectors for free, same as the paid versions, but the former detects only a fraction of spyware. AntiVir only detects a few percentage, because the spyware module is not included in the free version. Avast has the extra safety feature of scanning at boot, before passing control to the operation system. However, the free version of Avast do not help you to schedule daily scans.

Although called Ad Aware, it is one of the first software to detect and remove spyware and adware. It has a good detection rate but it complains about many things, including many cookies and even recent document lists. For the free version, there is no real time protection and now you cannot schedule an automatic scan daily. So Ad Aware is a good candidate for a thorough scan when you feel the need to. For real time protection and automatic daily scan, Windows Defender is a reasonable choice. It is very fast, very transparent. It comes with Software Explorer installed at the Control Panel. You can see what programs are activated at startup, and which ones are currently running. There is a lot more user friendly information than running Task Manager and system admin tools, making it easier to spot any suspicious activities.

There is also malware for Linux, but the amount is very small because of the adoption rate of Linux desktop. Linux is also better protected with the multi-user privilege system. Typically when you install any software, you need super user access. But to protect other Windows machine in your network, or for a dual-boot machine, malware scanners are still needed for the files being distributed.

Firewall
Even if you have a single home computer, it is safer to use an external hardware firewall. Intruders running on the computer cannot easily modify the settings in the firewall. The first function of the firewall is not to response to any probing from the outside world, except for the ports you opened. This is not the case for old firewalls. To be sure there is a simple port scan test at Audit My PC.

To be most secure, you open only ports necessary for applications to get both incoming and outgoing connections, only at times you may be using the internet. This is tedious, so it is not uncommon to allow all outgoing connections, assuming all software running on your computer are harmless. It is more convenient to run a software firewall on your PC, checking each outgoing application on a case by case basis.

The major function of a personal firewall is to maintain a list of applications that are allowed to connect to the internet. Simple firewalls are prone to leaking, when intruders disguise themselves as legitimate programs having permissions to the internet. More sophisticated firewalls check the integrity of the applications using, for example, hash functions. The free version of Zone Alarm score poorly for leak tests. In published tests, the free Comodo firewall performed well. Comodo has a list of predetermined applications that are safe. When new applications are detected requesting connections to the internet, there are more user friendly information about the application rather than just the name of the file.

Network Monitoring
After gaining personal information from within your computer, a spyware program has to transmit the information back to it's base. It is relatively easy to do and hard to detect using your internet connection, considering the alternative such as videoing your screen with a camera and transmitting the signal via a wireless link.

A network monitoring program can be used to look for outgoing packets with suspicious destination IPs. These programs are not difficult to use given the specific application of spyware detection. It is harder to detect if a spy only transmits in response to a remote trigger over the internet, or self triggered by an infrequent event such as once every week. If you are technically skilled a protocol analyzer like Microsoft Network Monitor or Wireshark will perfectly do.

Again, a good firewall can prevent this from happening by warning you if anything attempts to send any outgoing packets.

Digital Fingerprints
Spyware will be useless if there is no personal information to steal from your computer. The obvious measure is to avoid storing on your files any data regarding names, addresses, social security numbers, etc. You can store these information on removable media such as USB drives, or on secure servers off site, accessible via encrypted link. If you store them on the local hard drive, they have to be encrypted.

Similarly, it is not advised to name your computer using your street address, or name users by their real names. Many software packages, such as word processing, ask for personal information, which are stored in the package, and may be attached to all documents they generate. Some obsolete programs and files are simply forgotten on your drives for years.

Your browsing history can give away your identity easily. For example, it is highly unlikely that two people use the same bank, have kids that go to the same schools, work for the same company, and live in a particular city. It is very inconvenient not to use bookmarks, and erase your history after every session. A solution is to store bookmarks externally, and access it via an encrypted link.

It is not necessary to obtain your real identity, as long as you can be identified as a unique person. There are many identifiers in your computer. Every network device has a MAC address (which can be modified in some devices). Hard drives have volume serial numbers. Your bookmark file changes only slowly over time.

Storage
Some operating systems support transparent directory encryption, which decrypt your files when you login.

Ubuntu supports directory encryption on demand, but the original files are left intact.

Two good programs to use for this are FreeOTFE and TrueCrypt. These are open source projects which provide disk encryption and support strong, standard, encryption systems. Each encrypted drive can have different passwords (as many as wanted with FreeOTFE, though only up to two for Truecrypt), each decrypting to different contents. You can cover up the real contents by fake contents, associated with an alternative password.

Both FreeOTFE and Truecrypt can be used "portably", which means they can be used to encrypt data stored on USB flash drives as well as normal PC hard drives, however Truecrypt requires administrator rights to do so, whereas FreeOTFE can be used anywhere.

Tools such as Truecrypt are typically block devices, in that they can encrypt a block such as a fixed size file, a partition, and even the whole OS and disk. In each block they can do whatever they like, but typically they still uses the same common file systems for the encrypted contents.

New users may not be as extreme as encrypting the whole OS, with a decoy OS. Encrypting a fixed size file is inconvenient you have to created another bigger container when the storage is full. You also need admin privilege to mount an encrypted container.

Ecryptfs is designed to be tightly integrated with Ubuntu Linux in the file system level. Once setup, the Private directory in your home directory is automatically decrypted when you login and encrypted at logout. It's the same on-the-fly experience as with other encryption systems. You can setup encryption on other directories too. You can also have multiple passwords, each decrypting a set of files in the same directory.

Working at the file system level, the encrypted directory grows with the number of files and their sizes. After you logout, or the directories unmounted, the individual encrypted files are still visible with encrypted filenames. This simplifies incremental backup. For block encryption, you have to copy the whole encrypted container, or mount (decrypt) the source and the backup disk first before incremental backup. This can be a security risk when you are not there during backup, when the files are in the decrypted state.

Ecryptfs is not as secure as block encryption, because the encrypted files and their sizes are visible. Decoys are not possible. The filenames are also weaker encrypted than the contents. But ecryptfs is good if you have a growing database, or dynamic content such as as browser profiles, that require daily backup. If you have a secret blacklist or Swiss bank accounts, block encryption is more secure. You can make copies and then forget about it, as long as the content don't change for years.

Ecryptfs now comes with a patch to encrypt the swap file. If you edit any of your encrypted files, fragments of it may appear on the swap file decrypted. This is generally true for any encryption techniques. For block encryption, if you do not use whole OS or whole disk encryption, you need to ensure that the swap file resides on an encrypted partition or container.

Email
PGP (or GNUPG) encryption are good to use for encrypting email to people.

Virtual Machines
It is a good idea to use a secure computer for storing sensitive information and performing sensitive work, another one for visiting sensitive websites, and one for casual surfing and entertainment. Java, Javascript, Macromedia Flash and Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript, are all known to be able to access local information about your operating system and local network. If you disable them all you will miss a lot of website contents. Javascript, as downloaded from a webpage, is executed locally within the browser, and do not have full access to the computer as other external plug-ins do.

If your machine is not directly connected to the internet - for example, if it is connected through a router, then your machine has no knowledge of your all-important external IP address, so neither has your adversaries. This is true if you have an external firewall, router or Wifi box.

A virtual machine has the advantage of having a separate machine but without the expenses, and without the need for extra space. Typically an application is not aware that it is running in a virtual machine. A program like VMware or VirtualBox simply creates an application in the form of an empty machine, in which you can install the operating system of your choice, as you would in a real machine. For free operating systems, you can download the virtual machine image of the operating system, without installing it yourself.

A virtual machine allows you to take a snap shot, and revert to the same state at a later time. Your traces of online activities will be erased, and your virtual machine will start again in a clean safe state.

The Linux operating system is essentially immune to viruses (and spyware) in comparison to Microsoft Windows on most home PCs. It can still be a "carrier" of Windows viruses which do not affect Linux, infecting other Windows machines via networking. You may want to install antivirus and antispy scanners on any Windows operating system your virtual machine is running.