Security For All

It’s no secret that, by far, the number one threat vector for personal computers is the internet. Inadvertently (or intentionally) visiting a malicious web site can wreak havoc on your PC. I’ve written before, here and here, about browsing safely and you should definitely check out those fine articles. Rich Mogul, cohost of the Network Security Podcast and fellow member of the Security Bloggers Network has this excellent piece in Macworld about Super-safe Web browsing wherein he details these ideas that are critical to safe web browsing.

1. Understand the risks
2. Dedicated browsers
3. Multiple operating systems

While you should definitely read Rich’s article in it’s entirety, I’ll touch on some of the high points here.

First if you don’t understand the risks at all then how can you possibly avoid them? I’m not suggesting that your mom needs to understand exactly how Cross-site Request Forgery works, but it would be a really good idea if she knew it exists. And it’s bad. We are talking about your mom here.

The second point is the easiest to implement. Simply put, use different web browsers for different tasks. In other words use one browser for online banking and a different one  to check Facebook. I’ll quote Rich here.

Although Firefox and Safari are good for general browsing, when I need more protection, I use either a dedicated browser or a site-specific browser (SSB).

By “dedicated browser,” I mean a regular Web browser that I use only for one site. In my case, I use OmniWeb to manage my company Web site and blog.

An SSB is essentially a stripped-down Web browser that you can create yourself in a few clicks. I created one with the Prism add-on for Firefox. (Go to Tools -> Add-ons -> Get Add-ons, search for Prism, and then install it.) With Prism installed, browse to that site and select Tools -> Convert Web Site To Application.

Rich is suggesting using an application that brings up one and only one web site in a browser window. If you think that’s too complicated, you can achieve the same thing by simply designating one browser for use in only specific situations. For example, use Internet Explorer for doing your online banking and use Firefox for checking Facebook. The important point is that you stick to this religiously, i.e. never, ever use your online banking browser for anything else. Period.

The third point may have you thinking, “Oh sure, you computer geeks can run different operating systems, but what about real people”. I won’t dispute that I’m a geek weenie, but I also know quite a few real people. In fact I’m married to one. My wife just got a new iMac when her PC bit the dust. I figured that the easiest way to transfer her data from the old PC to her new mac, especially since the laptop was toast, was to convert a current disk image from her PC (yeah she actually had current backups) into a virtual machine. She got VMWare Fusion for her iMac and was able to run the VM version of her old PC right on her iMac. Well duh! It’s the exact same thing she had before. Only now it actually works. During this process she discovered that some of the sites she uses, particularly government sites, just don’t work correctly under Safari, but they work just peachy under Internet Explorer. So that’s what she uses. Under Vista. In a VM. On a Mac. Sure there was some fairly complicated steps involved in setting up VMware and converting her physical PC to a virtual machine, but now that it’s done she uses it all the time. Simple enough that even a real person can do it. And it works with Windows and Linux systems as well. I do much of my browsing in a Linux VM on a Windows machine. Twisted I know, but it works great. My son often browses in a Windows VM on a Linux machine. Bright Boy. It’s easy once everything is set up.

So do us all a big favor – yeah all of us potential recipients of that spam sent from your pwned PC – and follow this advice. We’ll all be glad you did.