FE Power Forums
FE Power Forums => Non-FE Discussion Forum => Topic started by: Qikbbstang on July 29, 2013, 08:25:44 PM
-
Walmart's got a $200 laptop on sale and I've heard to use one computer for web surfing and a second computer for only "secure" transactions. I've been nailed by picking-up/opening up computer diseases or whatever 3-4 times in ten years or so, especially years ago when I did not know at all what I was doing or what to look for. I had my eMail address hacked and used in bulk mailings on FordFE.Com and vice versa from to many other members there to count. Maybe I am paranoid but I keep hearing the scumbags that spread the malware, spyware, key counters etc. are getting better with "correct looking eMails and ??? meaning odds are not good on keeping them out..
I've got a highly rated security software suite. I was surprised that the designated "secure" computers Ethernet line should be left unplugged and only installed when in use most important (never Y a line). So for $200 is it worth getting a "secure" computer?
It sounds like it is worthwhile to limit a potential major headache. Comments?
-
I've never thought of that, but actually it sounds like a pretty good idea. If you go only to secure sites with your secure computer, and keep it unplugged most of the time, it seems like you would minimize any chance of infection...
-
Disclaimer: I'm an information security professional at $DAYJOB. A separate computer can certainly be worthwhile to use exclusively for sensitive transactions, though I'd add at least one element: a separate email account used only for secure transactions, that will never be used to originate email. Something like a dropbox; an account vendors can use reach you if they need to send a notification, but nothing you'll ever exchange messages with. Since email accounts are pretty much free, feel free to segregate your online persona, as the compromise of one account will limit damage potential to services linked to that account.
The 'leaving it unplugged all the time except when in use' part can backfire, as most modern operating systems require the ability to call home to mama, or they stop working. They expect to be able to get updates and do other maintenance for the operating system and other crapware that they load on the machine before you buy it.
Another option is a 'live CD/DVD'. Download the .iso (disk image), burn it to media (CD or DVD), and boot off it. Basically, it's an operating system that is run completely from a CD or DVD, that writes NO files to the hard drive, and cannot be modified, as the media is read-only. If you absolutely need to, you can use a thumb drive to store temporary files, but this increases your risk slightly. In layman's terms, it permits you use a second (or as many as you like) operating system on the computer you already own. It is considerably slower because CD/DVD reader speeds are much slower than a hard drive. If you have a relatively modern machine (<=3 years old) they generally run well if you have sufficient patience. Older hardware may require a 'lightweight' distro. If you really like the new operating system after you try it, many have the option of permanent installation on the same computer if you have sufficient hard drive space.
The 'live CD/DVD' and private email account(s) is most definitely my preference from a security standpoint. Here's the live distro that I prefer: http://www.debian.org/CD/live/ (http://www.debian.org/CD/live/) Give it a try, and if you need help, drop me a line if you have trouble addressing it by reading the FAQ: http://www.debian.org/CD/faq/ (http://www.debian.org/CD/faq/)
About the only choice I'd recommend against for secure online communication is your cell phone. Security on Android (and Apple too) is abysmal, and you're at the mercy of any software developer that has software on your phone/device.
**edit: Just a note that the 'live' distro mentioned above is free, as in speech and beer.
-
On a different note, I have my CAD workstation completely firewalled from the internet. It has powerful hardware and some big, specialized software / drivers that are a major PITA to restore. I block it at the router, and have set up local security policy rules to block all of the typical ports for html traffic going in or out. I can't afford to have the workstation go down from a drive-by download or other nastyware. I use a second cheap computer next to it for all email and internet surfing. A network drive lets them swap files. Regular backups to another network drive make restoring files a breeze.
This has served me very well for years. I can quickly bring on another cheap computer or an iPad if the little one catches a bug, (though it hasn't yet- thank you Chrome with NoScripts and Adblock!) The high-horsepower rig stays clean and happy, since it has no need to run firewalls or anti-virus stuff that take up processor overhead.
-
No computer expert here but a couple of observations:
1) We have 7 computers in our home based business. Some of them are dedicated to special purposes and though they are connected to the internet to maintain communication with software vendors (ETAP), they are not used to generally communicate or cruise the internet. Those computers remain very responsive one generation longer than the ones that do cruise the internet.
2) I know of another business that has a network off-line: no connection to the internet. That proprietor has never had a computer failure. (I am attempting to set up a second network of this nature, share files but no outside connection. I believe he has ONE internet computer, and if someone needs access they go to that stand alone workstation. That would also seem to help employee productivity >:(.
3) I find it despicable how intrusive some of the main stream software companies are. EVERY time I shut things down Oracle/Java wants to update "my" computer's hard drive; Mr. Ellison is some kind of pussy if he can't manage his bazillion dollar business without intruding thus on my little computer. Same deal now with Windows 8, apparently Mr. Gates can't manage the product I've purchased without a password and email address to intrude on me. I suspect we are stuck with these self serving antics, but these guys couldn't hold a candle to previous generation.