Steps you have taken to secure your computer(s)

[Pu-239]

List them here:

My computer [Debian Linux "Sid"]:
Don't use Windows
Set up iptables to filter traffic
Tweaked permissions

My Dad's computer [Win2K SP4]

Forced everyone to be restricted user- programs can be run if one manually adjusts permissions- Ground Control appears to run fine.
Hid all IE icons and cranked up security to "High".
Computer's internet access is via my Linux computer via NAT.
Use Firefox

Attempted to disable write to C:\ - unsuccessful since this disables the recycle bin for all users - probably not a real improvement in security, but I'm used to / being non-world writable.

I don't have antivirus or spyware software though or spyware detection, but I'm sure it's pretty safe since no one moves executables around on disk- stuff download on the internet is a different matter, but I have never gotten any viruses when using downloaded stuff... most of the stuff is from trustworthy places anyway, so unless the server gets cracked... Downloading AV software is too slow and bothersome, and I have never been infected with a virus except for CIH when it came on a CD-ROM that had... um... software of questionable origin *wink wink*.

Computer is unpatched- too bothersome over dialup (26.4kbps shared between 4 computers)... will need to do that some time in the future- for now it seems safe behind NAT.

Administrator is almost never used- I use runas on Windows Explorer as the Windows equivalent of 'su'

My sister's computer [Windows NT 4 SP4]:
Still need to upgrade to SP6 or something...
Internet Explorer not used (forgot to adjust security settings, but will do so later)
Everyone forced to be a restricted user
Otherwise no steps taken.


There's probably more I should do, so what should I do, that doesn't involve downloading something...

[Praxis]

List them here:

My computer [Debian Linux "Sid"]:
Don't use Windows
Set up iptables to filter traffic
Tweaked permissions

My Dad's computer [Win2K SP4]

Forced everyone to be restricted user- programs can be run if one manually adjusts permissions- Ground Control appears to run fine.
Hid all IE icons and cranked up security to "High".
Computer's internet access is via my Linux computer via NAT.
Use Firefox

Attempted to disable write to C:\ - unsuccessful since this disables the recycle bin for all users - probably not a real improvement in security, but I'm used to / being non-world writable.

I don't have antivirus or spyware software though or spyware detection, but I'm sure it's pretty safe since no one moves executables around on disk- stuff download on the internet is a different matter, but I have never gotten any viruses when using downloaded stuff... most of the stuff is from trustworthy places anyway, so unless the server gets cracked... Downloading AV software is too slow and bothersome, and I have never been infected with a virus except for CIH when it came on a CD-ROM that had... um... software of questionable origin *wink wink*.

Computer is unpatched- too bothersome over dialup (26.4kbps shared between 4 computers)... will need to do that some time in the future- for now it seems safe behind NAT.

Administrator is almost never used- I use runas on Windows Explorer as the Windows equivalent of 'su'

My sister's computer [Windows NT 4 SP4]:
Still need to upgrade to SP6 or something...
Internet Explorer not used (forgot to adjust security settings, but will do so later)
Everyone forced to be a restricted user
Otherwise no steps taken.


There's probably more I should do, so what should I do, that doesn't involve downloading something...

Bought a Mac.

Don't use IE.

As for the Windows PC's, I've installed FireFox on all of them and have my router firewall protecting all but one (mine), which is allowed via DMZ for games.

[Uraniun235]

I stay patched and occasionally run a virus scan and spyware scan.

I'm not motivated enough to put real effort into security.

[2000AD]

Since the only threat is my sodding brother i've set up a crappy limited acount for him and passworded my Admin account with a 20 character.
By my calculation there's 1.887e39 different combination there.
Let's see the bitch crack that motherfucker!

[Brother-Captain Gaius]

I'm not motivated enough to put real effort into security.

I salute you sir. Effort sucks.

As for myself, pretty much the same. ZoneAlarm, occasional spyware/virus scans, Firefox... not much else.

[Lord Pounder]

For my sins i bought not 1 but 2 editions of Windows XP Pro. One for my computer and one for the family computer. On each computer i have the Windows Firewall and Norton Internet Security installed. I also deleted IE of each computer and installed Mozilla. Also my sister is under orders that if any virus gets onto the family computer she will suffer in ways that will give me nightmares. My brother is just a dumbass and we don't allow him near the computer much.

[Vendetta]

Bought a Mac.

Put it behind a hardware Firewall.

Use Opera.

Watch hawkishly anyone allowed physical access to it.

[Vendetta]

Since the only threat is my sodding brother i've set up a crappy limited acount for him and passworded my Admin account with a 20 character.
By my calculation there's 1.887e39 different combination there.
Let's see the bitch crack that motherfucker!

Just don't let him get physical access whilst your user's logged in, or he could create a Password Reset Disk.

[General Zod]

copy and paste all feasible passwords and logins from a notepad file rather than typing it in so you don't have to worry about keyloggers.

[2000AD]

Since the only threat is my sodding brother i've set up a crappy limited acount for him and passworded my Admin account with a 20 character.
By my calculation there's 1.887e39 different combination there.
Let's see the bitch crack that motherfucker!

Just don't let him get physical access whilst your user's logged in, or he could create a Password Reset Disk.

I seriously doubt he knows how to do that, but even so i don't let him on on my account anyway.

[HemlockGrey]

Well...my laptop has a password...

Which, considering that it isn't hooked up to the 'Net yet, is more than enough.

[Pu-239]

My linux computer is the only one secured with proper passwords- the other PCs use blank passwords- I keep "sensitive" stuff on my computer though. However, my web accounts all have the same passwords, except yahoo and this board, which is hazardous in case some corrupt employee looks through one and uses that on all other sites. I've been too lazy to change passwords, since I can't think of something both easy to remember and short enough to type in on a regular basis. My GPG passphrase and shell account passphrase are similar, except for words in the passphrase shifted slightly, which needs to be rectified. The shell account password really is insecure though, since the server only pays attention to the first 8 characters, resulting in a password easily subject to a dictionary attack (I filed a bug, but it's probably not going to be fixed).

[Ma Deuce]

I got rid of IE and now use Mozilla, I always make certain my firewall and antivirus is up to date, and I also use SpyBot and AdAware to remove any unwanted spyware and adbots.

[Asst. Asst. Lt. Cmdr. Smi]

I've started using Mozilla Firefox, have been running Ad-Aware and/or Norton AntiVirus whenever I feel that there's a problem in the making with the computer, and only downloading stuff from reliable sources.

[Ace Pace]

I use Windows XP Pro custumized, with only 19 services runnin.

AVG anti-virus since norton license died
ZoneAlarm pro
Opera
Full updating

Not running on admin

[The Yosemite Bear]

laughs manically

dude your talking to someone who once disconnected his virus friendly boss from the internet, no I mean physically disconnected/burned his modem, and allowwed him to keep his network card because then the secretaries could monitor his activities, and runfirewalls to prevent him from bringing in any more bugs!

[Crayz9000]

5 computers running in the house. All on Linux.

1 Freesco firewall/NAT box
1 Mandrake 9.2 webserver (will be upgraded soon)
2 Mandrake 10.0 Official boxen, one for my mom and one for my dad. Both run GNOME 2.4 and Mozilla, and have been tweaked for various things. Both user accounts have somewhat locked down permissions and regular passwords.
1 Mandrake 10.1 (Cooker) box, that one's mine. Never updated less than once a week, sudo is used for most administrative duties, long passwords, etc. iptables and shorewall are enabled.

[Gandalf]

We have one shared computer in the house, running Windows.

I password my login with 12 numbers and a LoTE word. Good luck cracking it.

[EmperorMing]

Hardware router/firewall
All 3 boxes running:
Win2000 with the latest patches;
Protowall with the latest blocklist;
Software firewall (Sygate);
AVG antivirus;
Spyguard popup stopper (or whatever);
Spybot 1.3 and Ad Aware for manual scans;
I also run HouseCall antivirus every now and again;
Mozilla Firefox for a browser.

[Hamel]

I never used a virus scanner until recently. No viruses found. The only thing I've done on a regular basis is running Adaware, and it hasn't caught anything in months. The admin account is what I use in XP. No need for user accounts.

Most security issues come from people being fucking dumbasses with their computers. That's why my brother's, mom's and other peoples' computers are filled to the brim with viruses and retardware, while mine isn't and never has been.

The only constant security I have is my firewall/router.

[Vohu Manah]

Firewalls enabled on all computers. NAT router setup that handles Comcast connection. No virus scanners (sadly), and no Windows machines (two Macs and a PS2). Only services running on the Macs are FTP (passive FTP never seems to work) and file sharing (for file exchanges). Print server additionally on my computer (only printer in house).

I considered encrypting the home folders, but I don't see why (both machines being desktops).

[Pu-239]

I recommend using libtrash for Linux users, to prevent accidental deletion from the command line. Occasionally some commands such as 'at' have problems with it though, so you have to make shell aliases to disable it.

[Daltonator]

Got my box behind a router with a firewall, also running Kerio firewall and AVG, as well as Spybot. Security is not that big of a concern; what'll they find if they hack into my computer besides porno, fanfics and videos?

[Shinova]

I don't have anything on my computer right cause I don't have internet connection at the moment (this is being posted from campus).

I plan to install some free virus scanner, and use Firefox and Thunderbird like usual. And use the router's NAT and firewall to block whatever ports I need blocked.