Internet Security For Writers – The Basics

The discussion on Sanford’s post on Tuesday started me thinking there needs to be a basic guide to Internet security for writers because most writers aren’t that into tech stuff and mostly only want to be able to sit down and write, then do whatever they need to to get their work published.

The problem here is that there are unfriendly sorts out there who like nothing better than to cause trouble. Some of them do it purely for the giggles, others will target those whose views they dislike (like the atheist group that sent a trapped message to religious groups that would infect them and block religious sites and text), and still others will go after people they have some inexplicable grudge against.

It’s a whole lot easier to take basic preventative measures than to try to clean up after something blows up, so here are some very basic suggestions.

  1. Forget the One True Operating System wars. All of them are vulnerable. The main reason Microsoft systems get so much flak is that they’re popular. Looking smug and saying “get a Mac” when someone gets hit with a virus is asking for trouble.
  2. Microsoft has been working hard on improving security without getting in the way of the user. Each new operating system they release does that part better. That said, Windows XP is in that lovely timeframe where it’s still popular enough to have a lot of users, but Microsoft doesn’t support it any more. Don’t use it.
  3. If you can’t afford to upgrade to get off XP, try Debian (http://www.debian.org) . You don’t even have to lose your Windows: you can burn yourself a live CD and try it a few times, or install and run from a USB drive, or you can install on the same hard drive and boot into Debian (and still be able to read all your Windows files).
  4. Learn all you can about computers and how to protect yourself. There’s all manner of crap out there, and all it takes is going to the wrong site to get infected.
  5. Back up onto something that isn’t your computer’s hard drive. Programs can be reinstalled, but losing a novel is irreplaceable. This isn’t just a security precaution, either. Hard drives can fail and you don’t want to be trying to piece together the novel you’d almost finished because your hard drive crashed and burned and took the file with it. Trust me on this.
  6. If you don’t know what it is and who it’s from, don’t click it. If you’ve got any doubt, check with the so-called sender.
  7. Invest in a good antivirus. One antivirus. Some swear by Norton, others by McAfee. Either is better than nothing.
  8. Use whatever firewall you have access to. The Windows Defender is actually quite reasonable these days, and updates itself frequently.
  9. Invest in a password protection application then use it and make your passwords longer and nastier. I personally use KeePass because it’s free and used by my employer, but there are others. It’s a bit of a pain, but better that than passwords that a casual hacker can guess quickly. The last thing you want is to lose an email account because someone got in and changed your password on you.
  10. Remember that most online applications aren’t all that secure. Neither are most phone apps. That applies to the casual criminal trying to scrape credit card numbers as much as it does to anything malicious – and if you’re publishing independently you need to make your online financial life as secure as you can.
  11. Facebook is not secure. Neither is Twitter, LJ, or Blogger. I don’t know about WordPress, but I’d guess not – I’d honestly assume that nothing in any social networking site is secure. Don’t say anything in any of these places that you don’t mind going to the entire Internet.
  12. Once you’ve got a firewall running, if it tells you something is trying to run and it’s not something you actually expect to run, block it. You can always get the details of what was trying to run and find out later if it’s harmless.
  13. Don’t think that because you’re small fry you’re safe. Random hacking of anything that looks like a target can happen.
  14. Learn how to handle a fake DMCA takedown. These get used – although thankfully not often. There are ways around it (hopefully Sarah’s tame IP lawyer can write a guest post on how to deal with this? Pretty please?) There are sick and twisted people who do this for the laughs, so even Joe Nobody can get hit (even though it is kind of unlikely).

There’s a lot more than can be done, but this is a basic starting point. I’m no expert in Internet security, but basic Internet hygiene for writers is probably something that needs to be said.

(Disclaimer: This advice has been checked by people who do know Internet security, so there’s nothing here that’s incorrect)

(P.S. There’s more information on the way: I’ll update when I have links to add)

139 Comments

Filed under Uncategorized

139 responses to “Internet Security For Writers – The Basics

  1. I have a Mac, but do download from the internet so anything is possible. With regard to the novel, I have two flash drives that gave saved to regularly, and I always carry one with me in case I come home to find the place burned down. This is so easy it’s laughable, since you can get cheap flash drives at Staples or Best Buy. I have friends who’ve found out the hard way how easy this stuff is.

    • So do I – save the current chapters to the cloud and to a USB stick that goes with me. I darned near lost four chapters of an early book to a crash, but fortunately, I had a computer geek friend who revived the computer without any damage to the files.

      • Kate Paulk

        I’ve lost work to drive crashes, and it’s exceedingly painful and demoralizing. Not worth the suffering, and backing up to a USB drive you can carry with you is a very easy way to prevent the worst of it.

  2. Oh, and, fun; you can use a USB stick to actually boot and run Debian without having to install it on the drive. That’s how I did it before I moved to Australia. I think something like a 16 gb USB stick will do nicely. This allows you to test Debian and get used to it.

    Make sure you’re clean of viruses before backing up – this makes sure that you’re not accidentally infecting your backups. I know of some folks who go offline to back up their most important stuff then go back online afterward, but it might be inconvenient for some folks (like me!) who work work work till I am almost facedown on keyboard or Cintiq.

    As for a hard drive failure – phew. Good thing we had the hard drive on my art Mac replaced. I’m told it had only hours left in it’s useable lifespan. I’d noticed something was wrong because the computer itself was actively slowing down. This was strange because it would do it even if I was just at the sketching point of the artwork, when prior to that I’d need 30 layers before it started to slow. So I mentioned it, and Housemate had a look. Nearly lost lots of in progress work there!

    Good post.

    • Draven

      Debian, or even Linux Mint (Derived via Unbuntu) can run from a 8 GB thumb drive, its what i use to run dispcalGUI for testing displays.

      • I dual boot Mint currently but I’m looking into moving to Debian. Might do the thumb drive to test it out first.

        • Kate Paulk

          I’m familiar with Ubuntu myself, but the way it would screw up anything beyond an uber-basic install with each new upgrade finally got me sufficiently pissed off that I didn’t bother rebuilding the old box into an Ubuntu box when I got the Windows system.

          I really need to take it apart, vacuum out the impacted cat hair, and set it up. Maybe Debian this time, since I know just enough Linux hackery to be dangerous.

          • I don’t even do it for myself, I have a friend do it for me. They’ve been talking about wanting to put a fresh install on it, probably Debian this time, and I’m a little wary about moving to something I don’t know well.

    • I’d been using time-machine for back-ups to an external hard drive. Then my main computer (the Old Gray Mare “she ain’t what she used to be”) started pl;aying a tango when the hard drive spun up. When you computer goes “clack clack CLACK clack, clack clack CLACK clack,” it’s a sign. One GSOD and a new hard drive later . . . Thanks be for daily back-ups.

      I run Intego, in part because its firewall works with the Mac firewall. Thus far it’s worked as advertised.

    • Kate Paulk

      Oh, *ouch* on the Mac hard drive. That was a close call, all right.

      I came close with a drive which I noticed was starting to make grinding noises. Not a happy thing…

  3. Actually, for Windows users, Linux Mint ( http://www.linuxmint.com/ ) is probably the way to go. It’s Debian-based, and a Ubuntu derivative.

    Although Linux is typically more secure than Windows or Mac, I’d still recommend Anti-malware (to include anti-adware/anti-spyware)

    ClamAV is the most common Linux AV, and clamtk gives it a nice GUI user interface.

    To install Clam on any Debian-based Linux, the command is:

    “apt-get install clamav clamav-daemon clamav-freshclam clamav-unofficial-sigs && freshclam && service clamav-daemon start”

    To update Clam, run “sudo freshclam” every so often, I suggest doing it as a weekly cron job.

    ClamTK can be installed via the command:
    “sudo apt-get install clamtk”

    If you want something even simpler, there’s Avast, ( http://www.avast.com )

    Mind you, learning to REALLY use Linux really opens up the possibilities, you have a plethora of tools at your disposal.

    To REALLY learn, I suggest you follow ESR’s advice:

    http://www.catb.org/esr/faqs/hacker-howto.html

    Trust me. Read it. A Hacker is NOT what you think it is. . .

    • Kate Paulk

      Good advice – and the linux distribution of choice can depend a lot on the user preferences. Also nice link. Clear and well-put arguments. Thank you!

    • Robin Munn

      I’ll echo the Mint recommendation; it’s probably the distribution best suited for people who want most things to Just Work™ out of the box, while still looking good.

      If you’re installing Mint right now, there’s Mint 17, which is available today, or Mint 17.1 which is in “Release Candidate” stage. That means that with a bit of hunting you can find the DVD images to download, but they’re not yet on the front page. (Its official release is scheduled for the end of the month). However, 17.1 brings a few improvements that I think are worth it (i.e., updates are shown in a way that’s easier to understand*), so for someone installing it now, I’d probably recommend hunting for the 17.1 DVD image. Or, you know, waiting a week until it’s the official release. 🙂

      * The highly-technical notes, if anyone’s interested (if you’re not, skip to the next comment): Debian-based Linux distributions, including Mint, usually separate out one application into a bunch of smaller “packages”, which sometimes allows you to install only the components that you’re interested in. E.g., you might want libreoffice-core and libreoffice-writer, but not care about libreoffice-draw (those aren’t typos: Debian packages are usually spelled in all-lowercase). But when the main LibreOffice project puts out an update, each one of those Debian packages gets updated — so you’ll see a dozen updates in your list: “libreoffice-core will be updated from version 4.3.3 to 4.3.4. libreoffice-writer will be updated from version 4.3.3 to 4.3.4. libreoffice-draw will be updated…” And so on.

      What Mint 17.1 has done is group all updates that come from a single source into a single line in the Update Manager. So now instead of being told about a dozen packages updating from 4.3.3 to 4.3.4, you’ll just be told that “LibreOffice is updating from 4.3.3 to 4.3.4”, and that’s it. (The fine print at the bottom will say “This affects 22 packages: (list of package names)”, but most of the time you won’t ever need to check that list). This makes it much easier for people to say “Yes, give me all those updates” or “No, I don’t want to tie up my Internet connection for an hour right now, do it later” because it’s a lot more obvious to them precisely what’s being updated.

  4. Draven

    WordPress’s security is as good as anything else.

  5. rustypaladin

    AVG is also very good anti-virus and it’s free.

    • Kate Paulk

      AVG is what I run on my system. So far, it’s done well for me.

      Of course, this could be like the fellow falling from the skyscraper as he passes the 10th floor: “So far, so good!”

  6. Majestic_Moose

    I’d suggest a distro other than Debian, Debian’s number one mission is to only support “truly” open-source projects which is sometimes an issue. And when I evaluated it years ago it wasn’t as call it polished an experience as Ubuntu was at the time (note this was before Unity or Gnome3 both of which I despise.)

    • Kate Paulk

      There’s always a trade-off between stability (which Debian has) and polish. Ubuntu has a nasty habit of moving things to their main branch that aren’t really mature yet – with often messy results.

      The best thing in my view is to pull some live CDs or USB-runnable versions and try the things for a while to see what suits. The recommendations here will help people find a starting point.

    • I would recommend Debian over Ubuntu myself, because as a current user, I’d rather get the stable-has-had-its-code-combed-over-with-a-fine-tooth-comb version that’s perhaps 2 months behind BUT is not only stable, but works with the existing apps AND is secure Stable Release. They have a Debian Unstable (aka Sid), which gets you the latest programs made available, but they will also tell you “This is not stable, if you crash, you were warned.”

      And I can say, with firsthand use, that it’s not bad to use. The reason for the open source projects focus is so they can make sure the code’s clean.

      I originally was very, very hesitant to go Linux because I had a friend install RedHat into my computer …back in the 90s. That friend dropped me into ‘there’s nothing but command lines’ …. without any idea of command lines, or how to pull up the list of commands… or anything. I was told ‘figure it out.”

      Years later, when recounting this story, Housemate said he’d love to gut that then-friend, because not only did he put me off trying another OS for more than a decade (Macs included), he put me on an OS that required an Internet connection (I didn’t have one at the time) he probably also installed a barely functioning incomplete installation.

      On an amusing note, we did have someone who insisted they wanted Debian Sid ring us up and complain “WHY IS DEBIAN UNSTABLE SO FREAKING UNSTABLE?!”

      Face -> palm!

  7. I’ve used Zone alarm for 18 years, with (so far) good results. Eventually, I will go to a variant of Linux. I also have a 2 TB external, *not* normally connected,* that I “back up to.” For really important files, it’s zip, then back up. I use the format. File nn-nn-nn, where nn is date. I see externals advertised on sale at Fry’s every couple of weeks, for about $100. If I, on $42/month after Medicaid takes the rest, can afford one, so can anyone.
    I also posted this great info, on LinkedIn, in the SF & F group, and will repost on FB.

    • Here’s a zone alarm story for you: I worked at a software company that was a frequent target of hackers because of the high profile (in certain quarters) of the CEO. So the IT group had a security specialist, paranoid like all true security guys. He had alerts and tripwires and scanned access logs constantly and fought many a Pyrrhic battle on access versus security against the developers.

      So, a smart guy with dozens of smart tools. I had free zone alarm on my pc. One day, I look down, zone alarm tells me someone with an outside ip address is scanning my ports. A few faint screams to the security guy, he looks, runs for his own station, and finds the entire corporate firewall had gone down.

      Zone alarm is awesome 🙂

      • Kate Paulk

        Zone Alarm has been good for me, too – I’m currently running the free edition and have no real complaints.

        Access vs security is a constant battleground between developers and security. Devs really need their own quarantined subnet where they can control everything and flush and re-image at need.

  8. The free version of Malwarebytes Anti-Malware is a great little program to have as a backup to your regular security software, too. And a second, different program scanning your system every so often is never a bad idea.

    • Dan Lane

      Second this. Malwarebytes has thrice caught nasties that Norton, McAfee, or AVG missed on different computers I’ve worked on. I only use it once a month or so, after updating it, with all other antivirus off.

  9. Here’s one of my favorite bits of advice: if a good friend sends you an email or a facebook post with instructions on how to remove a virus …don’t. That file they want you to delete? run32.dll? You don’t want to remove that one.

    To remove a virus, go to your AV provider’s website, download the most recent definitions, and run a scan. If your av program doesn’t work, please go to an experienced computer tech. Not your 16-year-old nephew. (yes, I’ve had to clean up the computer problems caused by clever 16-year-olds)

    • If your av program doesn’t work, please go to an experienced computer tech.

      Go to an experienced computer tech that computer people you know vouch for.

      The ones in my mom’s area install backdoors to all the computers they fix, WITHOUT TELLING THE CUSTOMER, so they can fix it faster next time.

      They even uninstalled her antivirus, installed a different one, told it to ignore the backdoor, and tried to bully her into ignoring it when she ran a trusted online virus scan (it’s a way around infections that target your antivirus) and it identified the backdoor.

      I had to go over, backup all her files, wipe the drives, reinstall everything and update on her insanely slow internet. I was ready to kidnap her computer and take it home to fix it.

      Charged her greatly for this, too.

      She still won’t let my husband print up the list of laws they broke doing that and walk it to the police station….

      • I loathe it, but I believe it. Boils on the butt of the profession. They should be lanced with prejudice.

        • Kate Paulk

          Amen to that! They’re the IT version of the shonky mechanic, and should be destined to the same hell.

          Not that I’m prejudiced or anything…

      • *dry* The majority of customers we have are people who have had done all kinds of stupid shit while overcharging customers. You SHOULD have kidnapped her computer and checked to see if they swiped the hardware too and replaced it with inferior components.

        Aff’s base price for a look is $25 bucks (locally. I think it’s slightly higher if he has to teamviewer in because of exchange rates). If he can fix whatever the issue was with minimal stress and effort (think, virus scan, registry and program cleanup, basic system maintenance, fresh reinstall if desired, and a few others) it stays $25 bucks. Base price for tidying up a Mac is slightly higher, but Dell computers give him serious headaches so it’s like 50 or so.

        • Thankfully, we built her rig from a Tiger Direct budget gaming system– it’s got a huge window in the side, and everything is either really unusual looking or outlined in LEDs. The worst they could do was claim that a replacement fan wouldn’t fit (it was the same one the system had come with, just reordered) and over charge her for that.

  10. Google, Facebook, Twitter, WordPress and many other sites have added “two-factor authentication”. This will not help cases when private information is leaked, but it will keep people from hijacking your account to impersonate you. Use it.

    • masgramondou

      2FA is a really really good idea. Use it where-ever it is available.

      • Kate Paulk

        Yes. But don’t assume this means that supposedly private data on those sites will remain private. The biggest and most popular platforms are also popular targets of attack – everyone wants to take the big boy down.

  11. sabrinachase

    Also useful: My credit card company has a feature where you can get “throwaway” CC numbers for online purchases. They are only valid for one month, and ONLY for the merchant you first use it for. Even if a hacker scrapes it, it can’t be generally used. Check and see if your card company offers that, or get one that does for online purchases.

    Valid company emails will not have “click here to go to site” links, or shouldn’t. They will say “go to our site and select this menu item”. Get in the habit of not clicking email links.

    My sister and I are our mutual off-site backups 😉 We meet on a semi-monthly basis and exchange backup external drives, so we always have a full copy of important stuff in a completely different location. Note that using programs like Dropbox also can backup works in progress in the cloud. Belt, suspenders, duct tape, *and* superglue.

    Be very careful about giving out information also used for validation. Many sites ask for your date of birth merely to ensure you are old enough. Feel free to lie about month/date so your real birthdate is not on their servers. Hackers can’t steal what isn’t there. (If they need your actual date of birth for validating you are you, like for medical sites, use the real one of course).

    • Kate Paulk

      Firefox ate my larger reply, but that’s all good advice.

      • TextAreaCache for Firefox is a GODSEND for saving your comments. I have mine set to save the last hundred. Now if only they could add saving the link you were writing to at the time, it could evolve into a comment management system.

    • re: CCs – there are cards or bank accounts you can use that have $0 maintaining balance as well. They’re geared to be ‘refillable’ – ergo you put in money only if you are planning to make purchases online. This is what they did back in the Philippines to slowly allow people the ability to set up ebay and paypal so they could start mini businesses as well as buy from companies overseas.

      If using the fake birthdate / month, make sure to write that info down somewhere – offline.

      I like the idea you and your sister have.

  12. Christopher M. Chupik

    My main computer is an ageing dinosaur, while my laptop I use mostly for my writing now. I’m just trying to avoid any disasters until I have something better.

    • Kate Paulk

      Avoiding disasters is a good thing. And ageing dinosaurs that are old enough are fairly safe because all the viruses and malware are too advanced to run on them… (mind you, you have to get pretty ancient for that)

      • Dan Lane

        I still have an old 486 that runs somewhere… and maybe a Commodore 64 if I can find the tape drive… *chuckle*

        • Kate Paulk

          You win!

          • Draven

            Working Commodore 16 with tape drive. Three working Amigas. two semi-working SGIs. One old Win2k pc with an SD editing card that hasn’t been plugged in in years…

            • Dan Lane

              *grin* Fond memories. “Load *.*” “Press Play on Tape Drive.”

              Earliest I have memories of is the tape drive pc, but there may have been others before.

          • I still have the TRS-80 Model I that my father and I bought in 1980, and it still works as well as it ever did, which is not saying much: that machine was a born lemon. Also an Apple IIe, a Lisa 2, and an Atari 800, packed away in various boxes.

        • *fond smile* The windows 95 machine that mom let me have in my room for a word processor probably still runs, and I know mom hasn’t gotten rid of it, if I could find a monitor that’d work with it….

          • Dan Lane

            There are some odd things that you can plug a VGA cable into. My mother has a generic flat panel that has the port, and last time I checked, would actually display (although all it would display was monochrome…)

        • Wayne Borean aka The Mad Hatter

          I still have my Timex Sinclair. 2K ram, and it uses a standard cassette tape deck to load programs.

          Haven’t used it in years 🙂

          Wayne

        • Hey! Don’t write those off yet! I’ve been hearing how some of the older comps get entered into things like the Republic of Gamers overclocking competitions.

          *biiiiig grin* we have an Amstrad. It still works.

          • Dan Lane

            Nice. I see I’m not the only one with a strange attachment to old hardware. *chuckle*

            Well, except old cathode-ray monitors. Most annoying electronic buzz sound in the world, used to drive me nigh insane. LCD displays are one of the best modern inventions I can think of.

            • *chuckle* I’m no tweaker myself, but I hear lots and lots of stories. Most of the people doing the ROG contests with older machines are doing it for the pure love of pushing tech to it’s limits, but they’re not going to tell you that you can use the old hardware for everyday use.

              We had my son learn how to type on the Amstrad. Coz, really, he can’t break it.

            • Robin Munn

              I used to think I was the only one who could tell when I walked into a room that a CRT was turned on somewhere in it, because nobody else I met ever talked about being able to hear that sound. I would have described it as a whine rather than a buzz, though: it’s incredibly high-pitched. (Unless you’re talking about a different sound than the one I mean).

              • Dan Lane

                Whine is the correct word. When the power button is turned on, even some regular people can hear a quiet whine, but it quickly goes higher pitched. A very few other devices could create a similar noise for me, but those old tvs and monitors were the worst offenders by far.

                I’ve never actually met a person who could hear it either, but I had to prove it once or twice by telling folks in the next room over I could hear it, even with the sound turned off. It’s nice to be able to walk through a mall or store without completely avoiding the tech displays now.

                • Draven

                  Probably the high-voltage transformer.

                • Robin Munn

                  It’s nice to be able to walk through a mall or store without completely avoiding the tech displays now.

                  You’re probably more sensitive to it than I am; I don’t remember it ever bugging me that much (though I do remember sometimes going over to a CRT that had been left on and turning it off, so maybe it bugged me more than I remember now?). Certainly I never avoided the tech displays in a store — I generally could only hear the whine in a quiet room.

                • I used to be able to hear that noise. It’s the flyback transformer, which governs the vertical scan rate of the CRT – one pulse from the transformer, one scan line. For NTSC video, the transformer runs at about 15 kilohertz (I used to know the exact number; you had to, to program Atari 800s properly; don’t ask), which is within the hearing range of the young and able-eared. When multiscan monitors came in around 1990, I got such satisfaction out of setting mine to a higher resolution so that the flyback transformer would operate at a frequency too high for me to hear.

                • I could hear it – pretty constantly at an earlier age. In my teens, I could be walking down the street and know that there was a television on, inside houses that I passed. Frankly, I thought that everyone could hear that odd sort of squealing noise – then I read an article (sometime in my twenties?) which said that women could hear it more often and better then men, mostly.
                  I don’t hear it much – and haven’t for quite a while, likely due to hearing degenerating, or the passing of the CRT in technology generally.
                  But until I read that particular article – I assumed that it was something everyone could hear.

              • My husband hears it, too.

                About the fifth time that he was able to tell people the TV he couldn’t see was on but showing black, they started believing him.

  13. BobtheRegisterredFool

    A lot of operating systems these days let you have two different types of account on the OS. Sometimes they are called administrator and user. Make one of each type. Always surf and work on the user profile/account. Never do anything but install software, run scans and change settings on the administrator/root account.

    • Kate Paulk

      Oh, yeah. No matter HOW annoying it is. The reason for this is so that nothing that hits the user account has the permissions to do anything truly evil on the system – which doesn’t always work, but it’s better than anything that gets past you having full unrestricted access by default.

      • And DON’T name the Admin account Admin. I once had an FTP server set up on my old Mac, and Every once in a while a chinese (based on the IP) hacker would try a 100 entry dictionary attack. But the account name was always admin. Wouldn’t have worked on the Mac anyway, but it was edifying.

        The only good thing about my ISP is they upgraded from the original WiMax modem that exposed everything to the net to a 4G modem that functions as a router. So most port scans etc. stop there.

        • /amen

          Sent my laptop in for warranty work, and they added an “admin” account. With the password of “password.” And total Admin access to the machine.
          For an issue with the case. (There’s something you can do with physical possession of the laptop to add accounts like that– at least Lenovo didn’t make it so they could do it from a distance, and I was able to remove the account.)

          Thank goodness I checked; I’d already pulled everything possibly sensitive off of the drive and made a dummy account, but someone decided that wasn’t good enough, and if I’d just assumed that they’d left everything the way it was like they’re supposed to…..

  14. Wayne Borean aka The Mad Hatter

    Posting this is a great idea, but some of it is inaccurate. I’m going to quote the suggestions, and explain where I see issues, and also in some cases possible alternatives.

    Forget the One True Operating System wars. All of them are vulnerable. The main reason Microsoft systems get so much flak is that they’re popular. Looking smug and saying “get a Mac” when someone gets hit with a virus is asking for trouble.

    Inaccurate. Windows only held 19% of the Operating system marketplace n 2013. Seriously. The real big shot is Android, which has been rock solid as far as security and viruses is concerned.

    Microsoft is attacked more often because design decisions made by management. They wanted Microsoft products to work better and faster, so they built in short cuts that those products can use, which bypass much of the basic security. The company has been removing those shortcuts for the last ten years (Windows XP Service Pack 2 was the first move on this front). This is why there was such a long time between the release of XP and the release of Vista, Microsoft literally had to go back and rewrite huge portions of both for security reasons.

    Microsoft has been working hard on improving security without getting in the way of the user. Each new operating system they release does that part better. That said, Windows XP is in that lovely timeframe where it’s still popular enough to have a lot of users, but Microsoft doesn’t support it any more. Don’t use it.

    True. If you are using XP, you are way too vulnerable. Get rid of it. Fast.

    If you can’t afford to upgrade to get off XP, try Debian (http://www.debian.org) . You don’t even have to lose your Windows: you can burn yourself a live CD and try it a few times, or install and run from a USB drive, or you can install on the same hard drive and boot into Debian (and still be able to read all your Windows files).

    This is problematic. Debian is designed to be rock solid. It is, but it isn’t designed to be user friendly.

    If you have an older computer, an excellent option is Bohdi Linux. The entire Ubuntu family is good, with Kubuntu being an excellent choice for someone who likes eye candy. Sabayon is a really nice option, especially for gamers. Mageia is a really nice option too.

    Check Distrowatch dot com for more options. Way more options. Like 291 different Linux/BSD/Solaris operating systems. Talk about choice!

    Learn all you can about computers and how to protect yourself. There’s all manner of crap out there, and all it takes is going to the wrong site to get infected.

    Inaccurate. This is only an issue if you are running Windows. It also affects older versions of Windows more often. I haven’t heard any reports of this being an issue with Windows 8, but I have heard of drive by attacks which are aimed at Windows 7, with Windows XP being a total disaster in this area.

    That said, you can partially safe yourself by:

    1) Install another web browser, like Firefox, Chrome, Seamonkey, or Safari. Internet Explorer is one of the programs designed to ‘integrate’ with Windows, and is a highway for attacks to hit the operating system internals.

    2) Never use a Microsoft email client, they have the same weaknesses as Internet Explorer, and in fact use Internet Explorer as a base.

    3) Always have your firewall turned on. Preferably replace the built in firewall with something like ZoneAlarm.

    No other operating system has the same susceptibility to ‘drive by’ attacks. This is because none of the rest of them use the ‘close integration model’ that Microsoft used on Windows. Note that Microsoft is abandoning this model.

    Back up onto something that isn’t your computer’s hard drive. Programs can be reinstalled, but losing a novel is irreplaceable. This isn’t just a security precaution, either. Hard drives can fail and you don’t want to be trying to piece together the novel you’d almost finished because your hard drive crashed and burned and took the file with it. Trust me on this.

    Definitely. In fact any writer (or anyone else using their computer for anything other than gaming) should have automatic backup software installed. Macs come with Time Machine, which can be set to backup over your network (Apple also sells the Time Capsule mini-server/wifi hotpoint – wish I could afford to buy one). There are free, or inexpensive backup solutions for Linux and Windows.

    But…

    Most people keep their backup media at home. What if your house burns down? I’m lucky. My mother-in-law lives five minutes away. I keep an offsite backup at her place. Offsite backups are a must!

    If you don’t know what it is and who it’s from, don’t click it. If you’ve got any doubt, check with the so-called sender.

    Yes, but…

    With many earlier versions of Windows, clicking on the file is enough to install the trojan/virus. With any other operating system you will get a prompt asking:

    a) Do you want to install this software
    b) Please enter your password

    Windows 8 is supposed to have the same prompts. Don’t know, never used it. I do know that with Windows Vista you could turn most of those prompts off, which wasn’t a good idea. Problem was that Microsoft had the prompts popping up in all sorts of places where they may not have been strictly necessary, and annoyed users. I haven’t heard the same complaints about later versions of Windows, so I assume that they’ve fixed the issue.

    Invest in a good antivirus. One antivirus. Some swear by Norton, others by McAfee. Either is better than nothing.

    This is good advice if you run Windows. If you run anything else, you can ignore it.

    Use whatever firewall you have access to. The Windows Defender is actually quite reasonable these days, and updates itself frequently.

    Absolutely! You wouldn’t go outside naked in January north of the 40th parallel, and you should NEVER go on any network without a Firewall, not matter what operating system you use.

    Invest in a password protection application then use it and make your passwords longer and nastier. I personally use KeePass because it’s free and used by my employer, but there are others. It’s a bit of a pain, but better that than passwords that a casual hacker can guess quickly. The last thing you want is to lose an email account because someone got in and changed your password on you.

    Macs come with KeyChain.

    But password managers are useless if no one knows your password!

    Seriously. What if you get run over by a bus? How do your heirs get access to your computer?

    Never mind all your online accounts, some of which may have things they they need access to, like your GMail account. Make sure that you have copies of the important passwords where the people who need them can find them.

    Remember that most online applications aren’t all that secure. Neither are most phone apps. That applies to the casual criminal trying to scrape credit card numbers as much as it does to anything malicious – and if you’re publishing independently you need to make your online financial life as secure as you can.

    Inaccurate. Most of them are pretty secure. Yes, issues have arisen, but the problems tend to be with non-tech companies like Target.

    Facebook is not secure. Neither is Twitter, LJ, or Blogger. I don’t know about WordPress, but I’d guess not – I’d honestly assume that nothing in any social networking site is secure. Don’t say anything in any of these places that you don’t mind going to the entire Internet.

    You have a choice. Either you stay off the Internet, or you use sites like these. That said:

    1) DO NOT REUSE PASSWORDS
    2) When possible enable two stage security (like using your Mobile as an extra stage of security).

    Most of the hacked accounts I know of were hacked because the user made mistakes, like using the name of their spouse, child, pet, or whatever as a password. Which is where KeyPass comes in handy with its password generation features.

    Once you’ve got a firewall running, if it tells you something is trying to run and it’s not something you actually expect to run, block it. You can always get the details of what was trying to run and find out later if it’s harmless.

    Do not assume all Firewalls have this capability, some don’t. Make sure yours does.

    Don’t think that because you’re small fry you’re safe. Random hacking of anything that looks like a target can happen.

    A lot of attacks these days are driven by economics. They want access to your Twitter account to spam your friends. With automated attacks, they get access to thousands of accounts per hour, while the operator sits back drinking beer.

    Those thousands of accounts then spam thousands of users each. They make their money off volume.

    This means they deliberately target small fry, because the small fry tend to be less knowledgeable about security. To them you are cash in the bank.

    KeePass can save your bacon when it comes to online attacks.

    Learn how to handle a fake DMCA takedown. These get used – although thankfully not often. There are ways around it (hopefully Sarah’s tame IP lawyer can write a guest post on how to deal with this? Pretty please?) There are sick and twisted people who do this for the laughs, so even Joe Nobody can get hit (even though it is kind of unlikely).

    This is a minor issue. I’ve been hit with a fake DMCA notice, but it isn’t a daily threat. making sure you have secure passwords, and that your computer is secure is a far higher priority.

    *****

    I heard several comments on Facebook about how this was approved by experts. The problem is that there are many types of experts, and what one considers Gospel, another ignores.

    I’m a programmer. I did a lot of low level stuff (which is hard to explain to someone who doesn’t know programming). This gives me a different viewpoint then say, a SysAdmin. I’m used to crawling around in the internals of the operating system.

    Which doesn’t make me an expert on current operating systems. Quite frankly no one is. Unlike the days of CP/M and DOS, current operating systems are so complex that no one can really claim to be an expert in the way we used to be able to claim expert status.

    When you get people claiming that Windows is the dominant operating system, they are ignoring 89% of the computing market (smartphones and tablets – and yes, those are computers even if they don’t have keyboards). I have a keyboard for my iPad. Works great for writing (but not for editing). I know one guy who wrote a novel using a BlueTooth keyboard and his iPhone. Personally I think he was nuts, just think of the eye strain.

    Current operating system market share is:

    1 (1) . . . . . Android . . . . . 845 M . . . . . . 57% (38%)
    2 (2) . . . . . Windows . . . . 290 M . . . . . . 19% (24%)
    3 (3) . . . . . iOS . . . . . . . . 270 M . . . . . . 18% (22%)
    4 (4) . . . . . Blackberry . . . . 23 M . . . . . . . 2% (3%)
    . . . . . . . . . Others . . . . . . . 64 M . . . . . . . 4% (12%)

    Numbers are from Tomi Ahonen – see the Communities Dominate Brands website. Odds are that IOS will move past Windows into the number two slot this year. Neither Android nor IOS have the security problems that Windows has had.

    As mentioned above, there are major differences to the internal designs of the different operating systems. The only major operating system that requires anti-virus software is Windows. While anti-virus software is available for Linux and Mac computers, the aim behind it is to protect Windows users you deal with.

    But, there are applications for Windows that aren’t available on other operating systems. Another issue is that most writers just don’t have the technical skills to install another operating system on their PC, nor do they have the time to do so. They are busy writing! There are companies who supply computer with Linux pre-installed if you are interested in that option.

    As to Macs, you’ll hear they are expensive. This is incorrect. I did an evaluation a while back. If you look at Windows computers with the same specifications, there is no real difference in purchase price. There is a huge difference in operating costs though, because the Mac doesn’t not need anti-virus software, and requires far less maintenance (my current Mac is four years old, and has had zero maintenance except for installing operating system updates since I bought it, and I’m still getting two hours use out of the battery).

    Use the software store for your operating system when possible. When not, like with LibreOffice (not included in either the Mac or Windows stores to the best of my knowledge) make certain you are at the correct website. There are scammers who will charge you for it (it is free) or who have installed trojan software in it. A good place to find clean links is Wikipedia.

    Wikipedia is also a good place to find lists of software. If you don’t like KeyPass, there’s a list of password managers. And a list of Office Suites. And a list of Web Browsers. Fantastic resource.

    In closing, you aren’t paranoid if they really are out to get you. Be careful.

    • Wayne, I will give you one chance to go back, reread Kate’s post and then accurately respond to her. You didn’t even get out of your first few paragraphs before you started misrepresenting what she said. I won’t even get into your wall of text that no one is going to bother to read. So here is your challenge: read the post again — and without your built in prejudices and, yes, we all know you have them — and then briefly and succinctly answer her. While you are at it, correct your own inaccuracies within your comments.

      Am I testy? Yes. But you brought it on yourself by first attacking this post on FB and not here or on Kate’s wall. Second, by the wall of text and by misrepresenting what Kate said. Am I surprised? Not at all. So don’t be surprised if you find other comments in response to it as sharp as this one — or more so.

      • davidelang

        while there are things to disagree with, I am not seeing the misrepresentation. It’s directly quoting the points and addressing them.

        I see the responses as being fairly reasonable additional data/point of view.

        While Microsoft is getting better than it was, A large part of the problem is their basic design and approach (when the computer is going to do things for you so that you don’t have to understand or know what’s going on, with everything integrated, it’s a got a huge attack surface becuase things that you would never dream of being accessible end up being accessible). Drive By Malware is a good example (where you get infected by mearly visiting a site or reading an e-mail), Wayne is correct that this is mostly a Microsoft problem (although some of the competitors seem to be trying hard to become as bad)

        My day job is computer security, and even with professional administrators, Windows is a lot harder to keep secure and protected than other operating systems.

        I agree that there is no “One True Operating System”, but that doesn’t mean that they are all equal.

        Windows XP is so old that Microsoft is no longer fixing security vulnerabilities that have been discovered (and in just the last week there have been quite a few, including ones that let anyone be an administrator on your system if they can just talk to it, so even if you have a firewall at home, if you use your laptop at a coffee shop, you can be attacked there), so you REALLY need to use something else as your main OS.

        Any flavour of Linux is a good choice, as you see from the comments, different people like different ones, so try a couple to see what you like.

        As far as the security of online apps, their security can vary, for the most part they are reasonably secure, but they are also big targets. Most of the problems that people run into with them are related to their security, not the site security. They use weak passwords, or they give real answers to the security questions that let you get back into the system if you forget your password, and the attackers then use these to get in and control your account. In any case, you can’t depend on any online service to remain there permanently, so keep copies of things in multiple places so that if a company goes away you don’t loose everything.

        • David, I am not going to get into this with you — my comment was to Wayne and it comes from a history most of us at MGC have had with him. However, since you said you see no misrepresentations, I will note that when he first quotes ” Forget the One True Operating System wars. All of them are vulnerable. The main reason Microsoft systems get so much flak is that they’re popular. Looking smug and saying “get a Mac” when someone gets hit with a virus is asking for trouble,” and then proceeds to tell her she is wrong because MS has only 19% of the OS market, that misrepresents what she is saying. It is also a backhanded way of doing exactly what she said she wasn’t going to do. I will also note that I’m not the only person who reacted to his comment in this way, nor am I the only member of MGC to do so. You are welcome to your opinion but my challenge was to Wayne. It is up to him to respond — or not and prove our suspicions were correct.

          • Note on the ‘Apple is not attacked’ myth – it’s no longer true. It was true years ago, but it’s definitely not NOW – we’ve had customers bring in macs and get them cleaned and secured because Apple isn’t fantastic about dealing with the sudden deluge. And for the safety of the various mac users here I won’t mention the specifics.

            I *will* however, tell them figure out how to turn on the firewall and check that it’s on, and get Norton installed – which is advice Housemate gives his customers.

            • Draven

              And they give puppy eyes and say “but the guy at the Apple store said we didn’t need antivirus”

              • Yeah. ~_~;;; We get that sometimes. The response is “Times have changed. Would you like to know how to protect your computer now?”

                Most of the ones we’ve gotten haven’t been the smug Machole user. There’ve been a couple and they get charged the Jerkass Surcharge. They’re very rare though.

                We had this one guy who had his computer fixed remotely, was told what NOT to install and what NOT to do. But that didn’t suit the guy to listen and yep, he came back bitching at Aff, trying to get him to fix the thing on warranty. Aff had a look and said “…all the things I told you not to do and what you should avoid you ignored. This voids the warranty. You’ll have to pay for a full repair.”

                We honestly couldn’t figure out why the guy refused to listen and kept installing Chrome and a whole host of malicious apps, no matter how much Aff explained what each and every one of them did. He had keyloggers and botnet zombie code and things that transmitted his credit card and banking info to Nigeria, Russia, Iran, China, and gods knows where else.

                The clincher? This guy came back THREE TIMES, paying full price each time. On the fifth time, Aff said “If you are going to keep wasting my time like this and refusing to listen to the the next time you come back I will charge you five times the normal price, and I will multiply that resulting amount by six if you come back with the same problems AFTER THAT.”

                And this was a guy who was referred to him because he’d kicked such a giant stinkfit with all the other techs and was a flat out misogynist with the female techs NOBODY wanted to help him.

                • Draven

                  In college I worked in the support office and one of my jobs was to check the library systems out… they all had win 98 on them (they upgraded to XP later) and were constantly fragmented all to hell and infested with spyware and viruses. more than once, i found pirated software installed on them. I kept telling them we needed to lock down the machines and give all the students their own logins but it just didnt happen.

                  The same supervisors that wouldn’t allow that were also shocked when i demonstrated that yes, even Macs need defragging.

                • Robin Munn

                  We honestly couldn’t figure out why the guy refused to listen and kept installing Chrome …

                  Um? Not seeing the problem here, Chrome’s a pretty good brow—

                  … and a whole host of malicious apps …

                  Oh. (Emily Litella voice). Nevermind. 😀

                  • Yeah. Plain ol’ chrome wasn’t good enough for him without the apps, apparently. ~_~

                    Of course, we also had this guy today:

                    Aff: Greetings, this is David, how may I help you today?

                    Client: *angry* I HAVE (security suite) installed and I STILL GOT VIRUSES AND MALWARE ON MY COMPUTER. YOUR COMPANY’S PROGRAMS SUCK!

                    Aff: There may be something wrong with the settings. Let me access your security program and have a look…

                    *five minutes later*

                    Aff: Sir it seems that you have had the program off for the last 3 months. How long have you had the program installed?

                    Client: Three months.

                    Aff: You need to have the program turned on for it to work.

                    Client: NO I DO NOT. I HAVE IT INSTALLED. THAT SHOULD BE GOOD ENOUGH, I THINK!

                    Aff: *typing to Shadow over IM* Do we still have any scotch left?

      • Wayne Borean aka The Mad Hatter

        Amanda,

        If you have issues with what I wrote, please list them specifically. Saying that what I wrote is wrong, without telling me why doesn’t do either of us any good.

        Yes, I have my prejudices. Everyone has, but I’ve written the above as prejudice free as possible, and indicated where I agreed with Kate, where I disagreed, and gave reasons why.

        What did I get wrong?

        Wayne

        PS: As explained on FaceBook, I was on the iPad at the time, and had to wait until my pain levels would let me sit at my desk. That’s why the delay. Unfortunately pay isn’t negotiable.

        Luckily it is no where near as bad as it was last year. I’ve been off morphine for six months now. It is nice to be able to think again.

        • Wayne, what part of re-read and address what Kate said in a brief and succinct manner do you not understand? When you start off by saying she is wrong and basically misrepresenting what she said — see my comment about her not going to debate which OS is best and then you basically back-handedly doing it — you only get one chance to clarify. As for pain levels and iPads, join the club. But at least I know not to start something if I don’t feel capable of fully dealing with it — something you obviously have no qualms about doing, especially since you made the initial comment on someone else’s wall where it was very possible Kate would never see it.

          So, one last time. Go back and read Kate’s post, and note that she has run it by internet security specialists so she knows what she wrote is accurate, and then properly quote her and respond. Again, in a brief and succinct manner. Also remember, most writers are not techies and never will be. They don’t need to know all the percentages of who does what. They need to know just what Kate told them. A down and dirty guide to protecting their work.

          Oh, btw, Wiki is anything but a valid source for anything authoritative.

          • Kate Paulk

            (putting this here because of an overzealous malware screen – irony, huh?)
            In answer to Wayne:

            There is a reason I chose to ignore the whole “one true OS” thing, and you walked right into it, then jumped up and down on the remains.

            Take a look at the title of the post, particularly the part that is for writers and the basics. You are a geek. I am a geek. Many writers are NOT geeks. They look at this computer stuff and their eyes glaze over the way mine do when looking at things that make accountants warm and fuzzy.

            I guarantee you VERY few writers would see their tablets and smartphones as computers even though they have more computing power than my first computer back in the dark ages when Windows 95 was all the rage. To most of my writing colleagues, a “computer” is either a laptop, or a box with a monitor, keyboard, and mouse. In THAT group, yes, Windows IS still popular. It’s the DEFAULT on most “computer computers” sold over the counter (as opposed to tablets, smartphones, and so forth).

            Your mega wall of text is – frankly – irrelevant to my target audience. They want to know how to research online without getting hammered by the various ugly things lurking out there. They want to be able to communicate with their peers without getting hammered by the various ugly things lurking out there. They want to be able to manage their finances without… you get the idea.

            I’m not going to go through all your points because it would take too damn long, but you’ve admitted that you’re not a security specialist. I got my fact checking from security specialists – people whose job is to protect data from the black hats.

            One last thing, Wayne. Kindly take the “smug Mac user” attitude and put it somewhere else. I’ve had too much of it from clueless idiots to be polite about it when my goal is to help people who aren’t techie geeks to improve their Internet safety.

            • Wol

              > I got my fact checking from security specialists – people whose job is to protect data from the black hats.

              I’ll just add a little bit of advice. NEVER TRUST THE SPECIALISTS. I’ve had – for example – lawyers screw up on law – often enough for me to always double-check somebody else’s work. If you’re going to tell someone they’re wrong, make sure YOU know why they’re wrong, don’t take someone else’s word for it.

              That antivirus checker, for example. Why on earth WOULD one want to run AV on linux? I have a challenge for your security guys. Name just ONE linux virus out there in the wild that linux AV will save you from. (I can name just one linux virus, Bliss, and that wouldn’t survive five minutes in the wild.)

              That said, linux does need anti-malware protection, and there are plenty of browser exploits out there that attack linux systems. But they attack the browser, not linux.

              At the end of the day, if your writer friends want to be safe on the internet, they need a bit of geekiness. And you’re patronising them when Wayne is trying to educate them. If they don’t want to be educated, fine, but on their heads be it when ignorance leads to disaster. But if you want to leave them in ignorance, then you’re to blame when things go wrong. ALWAYS try to give them a little bit more than they’re ready for – they may surprise you … it always upsets me when people treat my grand-kids like babies, they’re eager to learn and yet people treat them like they’re too young to be taught …

              Cheers,
              Wol

              • Kate Paulk

                Wayne is wrong – and I have this from people who don’t just work with security, they’re plugged in to the white hat and gray hat communities.

                You’re a geek and a programmer. I’m a geek and a tester and often have to translate “geek” to “normal human”. I’ve found that a lot of writers want a focus of “don’t bother me with the technical stuff, just tell me what to do to keep me from disaster.” That’s why this post is “the basics”. A more advanced post will happen sooner or later and have the more detailed information.

                That said, there are (albeit uncommon) Unix and Linux viruses do exist, and they can cause problems.

          • Wayne Borean aka The Mad Hatter

            Amanda,

            What I said was:

            Posting this is a great idea, but some of it is inaccurate. I’m going to quote the suggestions, and explain where I see issues, and also in some cases possible alternatives.

            I said part of what she had written was inaccurate. I then proceeded to quote every section, and give my comments on where I agreed, partially agreed (with why I partially agreed and my own suggestions), and where I thought there was a definite issue (and again, gave my own suggestions).

            As to which OS is best, if a specific OS has a problem of a certain sort, then that has to be addressed. Take Mac OSX. For a long time it was incapable of being used for banking, because most of the banks wrote their code for Internet Explorer only. That was a huge weakness, and at that time I suggested that Mac users either run WINE or have a copy of Windows installed under BootCamp for their banking needs.

            Yes, I made the comment on Facebook. Then as soon as I could. I made made a comment here, where Kate would see it. I also went back to Facebook, and suggested that everyone read all of the comments here.

            And yes, I do security work too. That I don’t agree with Kate’s experts is not unusual. Get two experts in a room, and you’ll usually get three opinions on any subject.

            I also mentioned that writers aren’t techies – and made suggestions that would make it easier for them, like mentioning that there are suppliers of Linux pre-installed systems. I didn’t provide a link, but most people know how to use Google or Bing. If they don’t, they are free to ask me, and I’ll give them a list.

            As to Wikipedia – one thing it does an really well is provide lists. If you are looking at your options, a Wikipedia list is a decent place to start.

            Wayne

            • Wayne, you still have not done what I asked. You continue to try to justify what you said and yes, you did misrepresent what she said. Even in your last response to me, you oh-so-conveniently forget that you then went on to debate which OS is best when she said she wasn’t going to. The post had nothing to do with what OS is better and what you should choose. Like it or not, most folks are not going to ditch the OS they are used to just because there might be something else that is marginally better. They can’t afford it. So, instead of dealing with the very easily followed check-list she posted, you went into a technical diatribe, wall of text that had eyes glazing over. You have yet to do what I asked: re-read and admit that she had posted correct information in general, which is all she said she was doing. Note again, she is an IT specialist. She deals with security in her job. She ran the post by internet security specialists. It isn’t just something she pulled out of thin air. Now, either do as I’ve asked or go away. I’ve already wasted too much time on this.

              • Y’know, I kinda banged my head a little on my desk when one of the reasons why there’s advice to try out Linux-based distributions/ OS is aimed at the people who cannot afford to buy new computers / upgrade to current commercial software. Thus, saying that there are people out there who install ‘nix into systems is useful for only the people who have the money to upgrade anyway… and are completely NOT the target audience either.

    • The real big shot is Android, which has been rock solid as far as security and viruses is concerned.

      Do a search for ‘android slave armies’ in the news section. That they tend to call it malware doesn’t really help you when you’re infected, and both our smartphone and my kids’ tablet have antivirus programs. Heck, part of the rise in the sale of android products is probably because of McAffee doing a huge rebate thing where you get a $20 tablet with a year of their antivirus, for $80 upfront and waiting three months for the rebate.

      ******

      Windows is only 19% of the devices sold when you include tablets and smart phones. That shrinks normal computers down to less than a third of the “computer” market.
      I understand the desire to count “all computers” in a catholic sense of computer, but it’s really obvious that this article is focused on the keyboard and full sized screen types, with the peripheral devices being mostly a vector for violation. I also notice that the #1 result when I searched the19% stat thinks name-calling is their strongest argument for a catholic definition of computer.

      • Exactly. My family has four “full time” computers (microsoft), four travel laptops, eight Kindles (Android) four phones (android) and 2 eee pcs (it’s easier for me to use it in the car and for younger son to carry everywhere) which means the microsoft machines seem to be a minority. BUT they are the most used for any real work.

        • Sounds like my family. Three PCs — two are our workhorses and one is a back-up — one Macbook Air, one eee, two kindle fires (android), one iPad and one iPad Air. Taken altogether, Windows is the minority. However, drop out the tablets, it is the majority — at least in our household.

          • Draven

            One email/game machine, one workstation, one testing/work workstation, all windows. One Android phone, one Android tablet, and that’s just *me*

        • Windows machines are still the majority, but that’s because my husband has the Kindle now, and I have my smart phone to fill the kindle, camera, texting angle.

          We actually have more android things than I thought, because heavily locked down versions of android are go-to for kids’ computers. Most families do not go our route of having an old gaming rig retire to be a kids’ computer.

          • We put together a seriously locked down, heavily monitored ‘spare parts crapbox’ for the son, to do homework with but when it blew the RAM, we couldn’t get our hands on any old RAM any more. Oh well, we can whack together an APU for $700 AUD that’s a decent ‘everything PC’ for him, once we save up a little money (in progress).

            For gaming though, he’s playing a Dreamcast. House of the Dead with a light gun = YAAAAAAAAAAAAAAAAY KILL ZOMBIES.

        • Kate Paulk

          Our place there’s one windows box (mine, NOT XP), three *nix boxes (one of which gets used, one which needs anti-cat-hair surgery, and one that’s semi-retired), the first-edition EeePC (*nix), 2 original kindles (custom OS), 1 kindle Fire, and 2 android smart phones.

          BUT all the writing happens on the Windows box. The Eee is used for writing when away from home.

          Oh, wait. There’s also the last stable version of Windows ME in captivity hiding somewhere. That might actually be safe to use by now, it’s so out of date. Or the box could have just crapped out from old age.

          • Kate,
            The Windows ME box still working is why you’re going to end up burned for witchcraft. My box lasted six months of continuous crashes before it gave up the ghost fourteen years ago.

            • Kate Paulk

              Yes, yes, I know… That box does not go online. I don’t think it’s been booted up in years, but it’s still hanging around somewhere.

              • BobtheRegisterredFool

                I have a 95/98 box I keep my NaNoWriMo notes on. I last booted it up inside a month or two. I have a fresh HDD I plan to stick in it and convert to Linux someday (TM).

                • *grin* did you read the story I had about the guy who was also using a win95 box for mostly offline purposes? He was asking if he should upgrade…

                  Housemate: …you should.

                  Customer: To win98? I have an installation CD, still wrapped. *sound of plastic being ripped open*

                  Housemate: O_O

                  Since housemate staggered out of his room after that call and I saw his face, I can tell you that humans do have BSODs and sometimes, the expressions that result are freaking hilarious.

                  • BobtheRegisterredFool

                    Hahaha…

                    I don’t have a working mouse for it, so I only use the keyboard. I’m not quite stupid enough to try putting it on the internet.

                    My choice in the OS holy wars is 8-bit DOS, because it is the least defensible position I can plausibly stake out. Anything more risible would need too much research on my part to be plausible.

                    • Just to see if he could, Aff did put the Amstrad on the Internet for a short period of time. Accomplished it for bragging rights and giggles, then took it completely offline again.

                      Every so often we chat about what horribly impossible sounding things we could do with the Amstrad just because it sounds insane and hilarious. This includes running Windows 8.1 on it. Or Windows 10.

                      And no, we haven’t done that yet. But then again, Aff accidentally made a movie play on his keyboard’s little dot-display LCD screen once… (it really was an accident too. He was doing two things at the same time and plunking the kids in front of an Aliens movie marathon was the third. Instead of tweaking his keyboard’s lcd display to do something he wanted, he accidentally had the movie play out of the keyboard, instead of play from the DVD in his room to output to the kids’ monitor in my son’s room…)

          • I bet you could do something still with the hardware of that ME box.

            I never got to use it but I hear horror stories about Windows ME. You might wanna mention it to Aff just for giggles sometime that you have one.

            …I wonder if it’ll still boot up.

        • I adore eeePC. ASUS’s older models (the pre-Seashell) ones are perfect for my hands. I really should take a photo of the first 4 gig one I use when I want to do NOTHING BUT WRITE but am bedridden, it’s so freaking cute and tiny. But it really isn’t good for anything but typing these days. I got a new one that was for use when I was taking up a course to get me a teaching license, but the poor baby needs a replacement battery. It used to run for something like 13 hours on a single battery stretch, if used for just listening to music and writing, and I put one of the little X-mini hamburger speakers on it for better volume. By the way, those little X-mini speakers are seriously tough. I’ve been using that poor little thing for five years now and it’s STILL loud and has ridiculously awesome sound. When I got introduced to the things, for giggles the owner put on a Lady Gaga song and we watched the thing shimmy its way across the desk from the bass beat.

          I’m tempted to invest in a Surface Pro 3 for drawing on, but I’m gonna be realistic here and not do that because the whole thing about having problems being close enough to the Cintiq to draw is a temporary one. *grin*

          • You can get a battery for the eee on ebay. I did, so I have two eleven hour (almost typed year) ones, which keeps me sane on trips to Portugal.
            Okay, I lie. It keeps me what passes for sane.

            • *grin* No worries. I kept having to retype ‘skillset’ today because I kept writing it as “skillet.” Don’t know why. I conclude that it is One Of Those Days.

              Yeah, I’ll get a new battery for my eee Seashell. We call them SqueeePCs at my home.

              I actually used it to play Bejeweled at one time.

              *smile* I thought the “passes for” part was left unsaid in this bunch of delightful Odds. I mean, the only thing we lack is the Certification of Madness… which we’d consider “ACHIEVEMENT UNLOCKED.”

    • *jaw drops*

      I was going to respond with a huge rebuttal of a lot of your points, which is full of inaccuracies that are horrifically out of date. ESPECIALLY FOR MAC USERS.

      But I’ll just go with this one.

      You’re a flaming dumbass because you haven’t got a clue and thinks you are an expert. Programmer does not equal network or system security expert. Those are completely different things with occasional overlaps, but programmers are not generally interchangeable with ‘security’. There will be network/sysadmins who are also programmers, and programmers who are versed in security, but to make it sound like that they’re immediately interchangeable things is to claim false authority.

      To highlight this: Libreoffice is a free, open source office. It is not and will never be bundled with commercially available operating systems..

      http://www.libreoffice.org/

    • Draven

      Actually, unless you’re buying workstation-class hardware, a Mac is 5-10% more expensive than an identically equipped PC. When you compare an iMac to a PC, you need to compare it to the sub-$1k all-in-ones made by HP, Dell, Asus, etc, not to the HP Z1.

  15. A note on the backup issue. There is a type of malware out that that’s been nicknamed ‘ransomware’, what it does is to encrypt all the data on any drive it can get access to (including USB drives that happen to be plugged in) and offer to sell you access to your own data if you pay them a chunk of money

    So you really need to make periodic backups to completely separate systems, make them read-only if you can (burning a CD/DVD is a good example of this), and DON’T replace your old backup with a newer backup, that runs the risk of replacing good data with bad.

    • masgramondou

      Some comments in random order.

      0) DO NOT USE WIN XP TO SURF THE WEB. IF YOU HAVE TO USE IT, USE FIREFOX AND NOSCRIPT TO DISABLE MOST 3RD PARTY SCRIPTS. AND DON”T USE IT ON PUBLIC WIFI EVEN THEN.

      I can’t repeat this enough. If you use windows XP you WILL become infected. That’s not a threat, its a prediction as there are known security holes in XP that MS not only will not fix, but in a few cases essentially CANNOT fix. Precisely what you get infected with is unclear but the chances are that it won’t be just one thing…

      1) AV is generally pretty much useless. However Amongst AV companies AVG, Kaspersky and Eset appear to be the best. As a general rule though you want the pay version. The free versions are worth about what you paid for them.

      2) Install OS updates on your system. Regularly and promptly. Also updates to Adobe products and MS Offce (if you use it). If you are using an OS version that is no longer supported then make a plan to upgrade. Ubuntu 10.04 is coming to the end of it suspport life (April 2015), XP is (as noted above) out of date already, Vista is getting there. I forget which Apple OS X releases are still supported but I know that a lot are not.

      3) The best protection is separation. If you can’t physically separate things then use virtual machines where possible. For example I use one VM (Xubuntu linux) for most of my web surfing and a different one for work. And a different browser for ebanking etc..

      4) The crooks go for easy money. If they take Amazon roaylties (say) from 1000 struggling self pubbers that’s going to equal the haul from a best selling traditional author, and that could be easier because they just have to convince amazon to change the account it sends the money to. Robbing the trad pub author means intercepting the check.

      5) Don’t reuse passwords for sites you care about: basically any site that involves money should have a different PW, so should key social media sites (FB, twitter etc.) and your blog. Do use 2 factor authentication for these sites if it is offered. Try NOT to save user names and passwords for them, because

      6) As a general rule don’t click on links in emails. If you really think you have to copy the link and paste it into a browser windo instead of just clicking on it. When you paste it in check it to make sure that the first / is where you think it should be. And that the link is HTTPS not HTTP for anything security related
      E.g. hxxps://www.amazon.com/cgi-bin/payments.pl/myaccount/blahblah/ is OK and will go to amazon but
      hxxp://www.amazon.com.cgi-bin.payments.pl/myaccount/blahblah/
      is going to the polish site http://www.amazon.com.cgi-bin.payments.pl

      7) Do run an ad blocker or Noscript. Why? because one great way tpo infetc people is run a fake ad campaign that uses a vulnerability to infect you from the ad. This is called “malvertizing” and it is highly profitable for the crooks

      8) Anything you do in a coffee shop can be captured by anyone else it the shop. Only use HTTPS links unless you really don’t care that someone can see what you are doing

      • masgramondou

        That wasn’t meant to be a reply to the comment it was on, it was meant to be a general reply. Sorry

      • Good note on ransomware, and ‘getting what you pay for,’ with regard to AVs and security suites. Also the coffeeshop stuff and clicking links on emails. Disagree with the AV being generally useless. Norton has prevented malicious scripts from running when I’ve gone browsing on it for something I need to look up – yes, even though I’ve got javascript disabled and do not run flash. That’s how I discovered images can have active code embedded in them. Rather terrifying aspect for someone like me.

        WATCH OUT FOR SOMETHING CALLED CONDUIT SEARCHPROTECT. IF YOU FIND THIS ON YOUR SYSTEM YOU WILL NEED HELP.

        MS cannot protect XP any more because technology has simply overtaken it to the point that it cannot be protected any more – the vague understanding I have is, the code infrastructure at kernel level is simply unable to keep up. It’s not a ‘don’t want to’ it’s a ‘cannot.’ Snow Leopard, the Mac OS that came out at the same time as XP has the same issue. I think Apple has also ended support for Snow Leopard, but I don’t know that for sure because I’m not using Snow Leopard.

        • Snow Leopard did not come out at the same time as XP, and does not have the same issues. XP was released in 2001. Snow Leopard (Mac OS X 10.6) came out in 2009 – almost simultaneously with Windows 7.

          Wayne is correct about one thing at least: the design of XP was fundamentally borked at the kernel level. Mac OS X is a certified BSD Unix, which means that it was designed from the ground up for intensive network use and lacks the glaring design flaws of XP. It certainly isn’t perfect, security-wise, but its foundation makes it a lot easier to fix vulnerabilities incrementally.

  16. dgarsys

    Backups – Three copies (including the original) , Two different formats, one offsite.

    I back up to external drives, and to offsite backups. Both are rigged to be automatic when the computer is docked.

    For offsite, the best deals right now seem to be Backblaze, and Crashplan. The former won’t recover anything that’s more than 30 days old, but is a bit cheaper. Both can be subscribed for a reasonable “unlimited” price, and both do a lot of work to make sure even local backup copies are encrypted, and data is stored.

    I can say from personal experience – if you don’t have the proper username/password, you can’t recover / decrypt the local or remove backups for a computer with Crashplan. They don’t keep the keys in a way that can be otherwise accessed.

    And if it has to be done manually – you WILL forget

    Pass keepers – the Mac keychain is pretty OK, but nowhere near as flexible as KeePass or LastPass. (the latter is free unless you want to access passwords on your mobile, or share groups of passwords) Its integrate with Safari on the iPhone, and the security model doesn’t really keep the passwords in the cloud permanently if I recall.

    I strongly recommend Keepass or Lastpass to most people.

    I personally use 1 Password. Mac/Win. Works great. Keeps strictly local copies on PC and mobile, NOT free, but no monthly subscription. DOES sync via dropbox, but the archive that is synced is encrypted. Where the cloud – based (lasts, etc.) keychain services are coming under attack more and more, and so is dropbox, of course, cracking the password archive i a two-step process for a third party

  17. Remember that most online applications aren’t all that secure.

    Do NOT mention “the Cloud” to my husband as some kind of a secure option. Or, if you do, make sure you warn me so I can leave the house with the kids, pick up chinese, have a play date, maybe detail the car and come back for the middle of the rant….

    • masgramondou

      Encrypt anything before you upload it to “the cloud”

      • And by ‘encrypt’, we mean ‘triple-delete and replace it with an innocuous picture of a cute kitten, and not your own kitten either, because that could be traced back to you for phishing purposes’.

        The only thing I have stored on ‘the cloud’ is my Kindle library, and that’s because Amazon insists on it.

    • Kate Paulk

      Tell us how he REALLY feels about that! 🙂

  18. Arwen

    Okay, this was very useful. Thanks!

  19. Kate Paulk

    I’ve had a chance to talk with my IT security friends and I’d recommend ignoring most of Wayne’s comments – since when they read his comments, I nearly had my ears pinned back by a fascinating selection of swear words, a lot of angry sputtering, and some choice comments about Mac fanboys, out of date idiots, and a whole lot more that really are not worth repeating.

    The point is that Macs are just as vulnerable as Windows systems.

    Apple is struggling to keep up with the new Mac exploits that are being discovered. The built-in firewall helps because it protects at root level.

    Wayne is wrong. Well-meaning, but wrong.

    On something like this, it’s important not to be wrong.

    • Robin Munn

      Just for starters, he put Android in the same category as MS Windows. They’re both operating systems, but they’re OSes for ENTIRELY DIFFERENT KINDS OF THINGS. Smartphones and tablets fill different roles than laptops and desktops, and while you can buy a Bluetooth keyboard and type on your smartphone or tablet that way, you should only try to write fiction on your smartphone or tablet if you’re a masochist who likes inflicting pain on yourself.

      And for the rest of it… I started skimming his post after a while. A few points that I actually agree with, like using Firefox or Chrome instead of IE, but mostly not for the reasons he cited. Firefox and Chrome are not panaceas and should not be considered such. You can still get malicious code on your system with those, if you (for example) install Trojan-horse apps that claim to do one thing and really do another. See the story that Shadowdancer posted about the dumbass tech-support client. (And by the way — NEVER install “search toolbars” like Ask dot com* or whatever the latest turd-of-the-day is. Never, never, NEVER. And always beware of how they get “bundled” into installers like Java — Oracle has taken Ask dot com’s bribe and bundled their cr*pware into the Java installer. Be sure you UNcheck that “Install Ask dot com for you?” box before clicking Next).

      * Sorry for using swearwords like “Ask dot com”, Kate, but sometimes you just have to call a spade bug-riddled piece of cr*pware a spade bug-riddled piece of cr*pware.

      • Kate Paulk

        Oh, I DETEST the crappy malware bundled into legitimate stuff like Java – and make damn sure I don’t ever install the things.

        Also when installing freeware, install it from the ACTUAL VENDOR, never from a bundled download site. If you’re lucky, the download site will just load a bunch of crapware into the bundle that you can turn off. If you’re not you can find yourself with a nasty infestation.

        • masgramondou

          Which reminds me. Unless you actually NEED java to do something, uninstall it. You are highly unlikely to miss it and by not having it you avoid a bunch of horrible vulnerabilities

      • Just for starters, he put Android in the same category as MS Windows. They’re both operating systems, but they’re OSes for ENTIRELY DIFFERENT KINDS OF THINGS.

        Several people have jumped on him for that, and they have all missed his point. He was addressing the often-made claim that Windows is only subject to more exploits because it is more widely used. To malware developers and the organized criminals who hire them, an Android phone or tablet is as valuable a hacking target as a PC. Thanks to sheer numbers (and the amount of critical personal data stored on people’s smartphones), that makes Android a target with a bigger profile nowadays than Windows. He was quite correct about that, and did not deserve the pile-on.

        • It would be a good point, if he were right about Android not being (successfully) targeted.

          Good grief, besides the “zombie armies” from installing turned-out-to-be-questionable stuff– even if you only install from trusted sources, etc, the facebook messenger ap had a major exploit, and that was in the last few months.

        • Example with numbers:
          http://adtmag.com/articles/2014/03/06/android-targeted-by-97-of-threats.aspx

          I can find reports that don’t list Android as a target…but they’re looking at computer type computers, not “mobile OS” type computers.

          • Kate Paulk

            And since I was aiming for writers and their WRITING computers, I wasn’t looking at tablet and smart-phone OSs – those make a sufficiently different computer ecology that they need their own separate post.

            That point aside, so much of the rest of what Wayne said was outright *wrong* – either by being years out of date or simply mistaken – that yes, there was a need to jump.

            • That’s nice. But it has nothing to do with the fact that Windows is not the largest target for malware. Organized crime doesn’t care whether you use your computer for writing novels at your desk or watching Netflix on a 3-inch screen.

              And I am not arguing about the other points on which Wayne was mistaken. But it is, in fact, not true that Windows is subject to so many attacks because it is the most widely used OS; and several people ignored his other points to attack him specifically for the one thing that he was indisputably right about. The fact that he went on to construct an invalid argument using that point does not invalidate the point.

              Some things, you know, are true even if Wayne says them. In fact, some things are true even if I say them. I have spent the best part of my life having to struggle against people who think that the very same statement of fact is gospel truth when made by A, and a damned lie when made by B – I being most often cast in the role of B. It makes me very angry to see it, and I thought the MGC folks were better than that.

              • But it has nothing to do with the fact that Windows is not the largest target for malware.

                He actually claimed that Windows wasn’t the most popular (by using a different definition of computer than was being used in this article) and that the most popular one wasn’t targeted. (which is false unless you’re using data drawn from the “desktop” type definition of computer used in the article)

                • These guys get their information from collecting data on the computers that visit their websites:
                  http://netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
                  (may take some playing around to get recent information)

                  and a SINGLE windows program is more than all the non-windows put together. More use= more risk of infection.

                • The statistics are likely to ignore the fact that Windows is also greatly pirated outside of the US – which then doesn’t count entire reams of users. Macs, because they were so expensive, were not common, versus building a box from picked-out parts and then installing a pirated copy of Windows. Most widely used isn’t the same as market share in that case, I don’t think.

                  I actually don’t remember there being any alternative to Windows being offered for laptops or desktops until the eeePC came along – it was offered with either Windows, or a ‘nix variant, and that was a big stir because it wasn’t Apple software, which was the only other type most folks were even aware of back then, over there.

  20. snelson134

    Avast! antivirus is better than either McAfee or Norton…. and for single PCs, it’s free. I’ve used it for 10 years and liked it enough to pay for a site license for my whole home network. I have literally had Avast! shrug off things on my home network that the McAfee provided by my employer let through.