Simple Computer Security

Don’t Panic. The internet is far, far more valuable than it is dangerous. In general, internet security is about pushing down the cost of unnecessary losses and increasing the overall value of the network. This work is done in the margins; in the big picture, the internet is a clear win. “Cyber” alarmism is serving somebody — but not you.

Redundancy and Backup. Have a spare machine, a spare network connection, a secondary email service, or whatever is most important to you. Have a backup plan that you have actually tested. (For example, set up your spares by restoring your backups on to them.) In case of any problem — loss, theft, hacking, fire, whatever — you will need a fresh system with minimal disruption.

Isolation and Compartmentalization. Separate your different sources of data, and separate your different activities. For example, separate your work computing from your home computing; separate your military secrets from your iTunes; separate your professional digital audio workstation from the guest computer in your lobby. To combine activities of different degrees of importance onto one machine is unnecessarily risky, now that computers are so cheap.

Security is Quality is Simplicity. Stick with the latest stable version of a small number of programs that you really need from a small number of well-established vendors. If a platform or app gets updates only rarely or if updating is hard, that is a severe danger sign. (The current industry standard is that updates arrive monthly and install in one or two clicks; expect updates to become more frequent and easier as engineering improves.) Avoid “supplementing” the platform with software from third-party vendors: avoid plug-ins, extensions, and pseudo-“security” utilities like anti-virus software or firewalls.

Avoid Complexity and Distrust Magic. Prefer tools you understand and are comfortable with, whatever your level of understanding is. Resist pressure to adopt complicated recipes, and reject claims like “Product X will make you safe from Problem Y!”

You Might Need a Professional. You may have specialized needs, a particularly acute threat model or dangerous threat actor, or be in some crisis. In that case, a blog post is not going to be sufficient for you, and you may need specialized advice/tools/techniques that only a professional can provide.