Testing Grounds Here

Your virtual pastor bears a shepherd’s compassion for computer stuff, of course. This is how we commune, so we have to make it as effective as we can, and that means helping people keep their computers healthy and secure. I’m not reducing my other output, but adding some articles here that will become part of a curriculum I hope to use in my future mission. I’ll label them accordingly so you can ignore them if you like, but this is part of my calling and it belongs on this blog. Here’s the first:

CompSec: Compartmentalize

For the typical home user or SOHO operation, CompSec considers two basic concerns in this order:

1. Maintain control of your system. This is your computer and you should have as much control over it’s use as possible.

2. Maintain control over your data. This is your information and you decide who sees it and under what terms.

We want to keep others out of our systems and out of our data, because often enough, what helps you with one will help with the other. However, what separates the two is that normal human interactions through computers requires that some of your data leave your computer.

In theory, computer networking is wholly voluntary in the sense that two or more computers operate as equal partners over shared connections. While we use the terminology of “server and client,” it has more to do with each specific transaction, not a permanent status. Most of the time, your system working as a client can still set limits on how much it gives up to the server. It’s up to you as a human to maintain an awareness of how that works so that you don’t surrender your human existence across that communication link.

Learn how to assess what they are demanding, including the implications for you. Learn how to negotiate limits on those demands, and what your options are. Very few people in your life can justify full access to your person; very few computers on any network can justify full access to your computer. Sanity requires that we limit the scope and duration of access.

The primary model for computer security is compartmentalization: breaking up access into compartments that have conditions attached.

For example, it has become somewhat the norm to engage your bank online for at least some activities. Nothing inherently wrong with that, but it’s not the same as walking up in person to deal with a teller. Virtual space is different from meat space. The basic theory is the same, but how it’s implemented is quite different. You need to make sure your banker has only what is necessary to complete the transaction, and that no one else gets involved in ways that risk your control of your assets. Most banking websites institute certain security measures for your safety, but those do no good if you are profligate in leaving every window open for third parties to snoop.

If you use for banking the exact same browser you use for everything else, your security is almost nonexistent. Browsers do a lot of stuff in the background that we hardly comprehend, to include keeping a lot of stuff in something called a “browser cache.” Some of the stuff stored there amounts to a set of keys to your bank account. There are ways your browser can be tricked into exposing those keys. That’s the way browsers work; that’s the way the Internet itself works. There’s virtually nothing we can do to change those things, but we can take some steps to limit the access.

First, learn to think in terms of compartmentalizing your banking from other activities. In your mind, think of it as a session that is separate from other things you do. Put it in a separate compartment in your mind. At a bare minimum, clean out the browser cache before and after a banking session. Learn to use cache cleaners — cache cleaner apps like Bleachbit of CCleaner, or browser add-ons like Click-n-Clean.

Better is using a separate browser or browser profile for banking only. Any browser based on Google Chrome (Chromium, Opera, SlimJet, etc.) offers a built-in, easy to use profile manager that allows you to keep things compartmentalized with a fair degree of security. If you simply use a different browser altogether, one that is used only for banking, it’s just a little bit more secure.

If you have reason to be more worried about it, consider using an entirely separate user account on the computer. Virtually every computer you use these days has a built-in capability for multiple user accounts. Create a separate user account for banking only and log out or switch users temporarily for banking. Make that banking user account more secure (which is invariably less convenient).

If that’s not good enough, and you can afford it, use a different computer entirely. Keep that banking computer disconnected from any network until you need to run a banking session. Make that banking computer more secure and more difficult to crack from outside.

Now extend this principle in other directions. It’s not as if you can simply disengage from the Internet and neglect all your social obligations via the most common networking behavior. If you use Facebook or some other social website, make sure your sessions there are compartmentalized from other activities, because Facebook is quite aggressive about making money from snooping in your life. Learn to recognize how some of your activities are a greater security risk than others.

Learn to understand that advertising on websites is now a major threat vector for malware and viruses. The mechanism for placing those ads in a webpage viewed through your browser contains a lot of security holes. Every day some criminal discovers a new trick using advertising for slipping dirty software onto your computer and taking control of your system and/or your data. Advertisers have shown little interest in taking measures to stop this abuse. Until we can force the advertising business to hold itself accountable, there is absolutely no ethical or moral reason you cannot block all the advertising possible. Keep an eye on the way advertising works in computers and learn how to limit it.