Secure your computer
There are steps that everyone with a computer should take to keep it secure. This may involve protecting information about your network of activists, your credit card number or your human-biology collection; but some of the tools you need are the same. Your computer holds valuable information and this need to be protected.
Beware of programs or people that promise perfect security: online safety is a combination of good software and human behavior. Knowing what should be kept offline, who to trust, and other security questions cannot be answered by technology alone. Look for programs that list risks on their Web sites or have been peer reviewed.
Keep your OS updated
Keep your operating system up-to-date: the developers of operating systems provide updates that you should install from time to time. These may be automatic or you may have to request them by entering a command or adjusting your system settings. Some of these updates make your computer more efficient and easier to use, and others fix security holes. Attackers learn about these security holes rapidly, sometimes even before they're fixed, so fixing them promptly is crucial. Luckily most operating systems do a quite good job in keeping the system updated and safe, if at least you allow them to do so.
Installing new updates on a new computer is very important. A new computer you buy in the shop, can be there for some months already. This means the computer is often behind with the security updates. So when buying a new computer, please take some time to update your Operating System.
User account and password
Every computer needs an account to login. This account is needed to access your data and use the functions of your computer. Please be sure to setup a password for every account.
Use good passwords: no password selection system can guard against being threatened with violence, but you can improve your security by making it harder to guess. Use combinations of letters, punctuation, and numbers. Combine lower and upper case letters. Do not use birth dates, telephone numbers, or words that can be guessed by going through public information about you. More information about this can be found in the chapter on passwords.
Modern operating systems separate normal tasks from administrative tasks like installing software. This division is very important, as administrative tasks need extra privileges and have total access to your hardware and software. Be sure to create a normal user account for day to day usage and never use the administrative account for this.
Last but not least: Never store your password on a post-it on you computer or underneath your keyboard.
A lot of people do not realize the information on your computer can be very valuable for others. If you are working in an unknown/uncontrolled environment or area, always keep a good look on your belongings and never leave them unattended. Take some time to think over what the risks are if the data on your computers fall in the wrong hands. Ask yourself, "which information is actually stored on my computer and what can other people do with this information?". Please realize, a password on your computer will maybe protect against quick access, but it doesn't protect your data once the whole system is lost. With physical access to a computer it's very simple to access the data on your harddisk (with the use of an other computer) without knowing even the first character of your password. If the information on your laptop is very valuable, have special attention to the section about securing personal data. The above is also true when you lend your equipment to someone else. Although you might completely trust the person you lend to, you don't have control on how secure they may handle your equipment.
Smoking a cigarette
It is very well possible you are working in a cafe or other (semi) public place on your laptop. Maybe you have opened some password protected websites (webmail) and maybe even have opened some encrypted files or emails. Once you go out for a quick break and a cigarette, please be sure at least your screen is locked. All mainstream operating systems can be used to lock your screen automatically if you close your lid or after a few minutes of inactivity. Be sure to enable these options, failing to do so will certainly at least sometimes result in good opportunity for attackers to access your private data. Unfortunately this habit is still not very common with users but very important.
Use anti-virus software
If you're still using Microsoft Windows, use anti-virus software and keep it updated. Malware is software written in order to steal information or to use your computer for other purposes. Viruses and malware can gain access to your system, make changes and hide themselves. They could be sent to you in an e-mail, be on a Web page you visit, or be part of a file that does not appear to be suspicious. Anti-virus software providers constantly research emerging threats and add them to lists of things that your computer will block. In order to allow the software to recognize new threats, you must install updates as they are released.
Be aware of scareware. Scareware is software which advertises itself as anti-virus software, but is in fact a virus or spyware itself. If you install (free or commercial) anti-virus software, please be sure it's not scareware. A quick search of the name of the vendor/product in combination of the term "scareware" on Google will be enough to find out if you've just downloaded scareware. Scareware can be often found in "advertisements" on dodgy websites with warnings about "found viruses"
External data (USB-sticks, E-mail attachments)
Transferring virusses with USB-sticks or with E-mail attachments is very easy and often done by the virus itself rather then the owner/sender, especially under Microsoft Windows. Be careful when inserting USB-sticks or lent out your stick to others. It's just recently Microsoft changed it's policy regarding automatically opening USB-sticks. This should make Windows a little safer, but still watch out suspicious programs on USB-sticks. Never open any file you do not trust, regardless to if it was distributed via E-mail, USB or other methods.
Only use trusted and Open Source Software
Be sure you can trust the vendor of the applications you use. A lot of companies are offering applications on the internet. Between these companies there are several with other intentions then they will tell you.
Use Free and Open Source Software (FOSS). Open source software is made available both as a working product and as a work in progress to users and software engineers. This offers several security advantages over closed source, for-profit software that may only be available in your country through illegal channels due to export restrictions or expense. You may not be able to download official updates for pirated software and often pirated versions already includes viruses. With Open Source software there is no need to search through several suspicious sites for a copy free of spyware and security glitches. Any legitimate copy will be free and is available from the creators. If security flaws emerge, they can be spotted by volunteers or interested users. A community of software engineers will then work on a solution, often very quickly.
Another problem that has occurred in some countries with regards to illegally installed closed source software is that equipment of NGOs or journalists were confiscated by the government based on copyright regulations as a measure to gain access to the information that was on the devices.
Keep yourself updated on the latest security threats: the effort put into harming you may change. Methods to protect yourself that works today may stop working or even become a threat themselves tomorrow. Even if you don't need it now, know where to find information and use different sources of information.
And if you do find some essential piece of information we didn't cover in this book, please update the book at booki.flossmanual.net or tell us so we can update the book.