Published on March 21st, 2013 | by seanbutnotheard6
The KBMOD Guide to Safer Surfing, Part II: Software
Last time, in the first installment of our Safer Surfing series, we looked at a few handy addons that can greatly improve your web browser’s security features. In this second installment, we’ll dig into a few security-enhancing tools that live outside of your browser. As before, huge shout out to Sagesparten007 for his help with this guide.
Additional Security Tools
Beyond using browser add-ons, you can further enhance your privacy and security by using additional, external programs. Though the more secure you wish to be, the more involved the process becomes. Here are a few options to consider:
- Use an antivirus program. This one is so obvious that you should be facepalming over its inclusion in this guide. But it’s absolutely essential that you use quality antivirus software. If you follow the rest of this guide to a T but you somehow get a piece of malware controlling your computer, your observance has been in vain. Because the quality of antivirus software is in constant fluctuation, I recommend checking out independent reviews from a site like AV Test before you decide on one.
- Encrypt your DNS. DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. The “last mile” is the portion of your Internet connection between your computer and your ISP. DNSCrypt is a way of securing the “last mile” of DNS traffic and resolving an entire class of serious security concerns with the DNS protocol. DNSCrypt helps prevent MITM (Man in the Middle) attacks on your traffic. Get DNSCrypt here.
- Use a VPN service. A VPN (Virtual Private Network) is a third-party network which is accessed via an encrypted “tunnel”, which then forwards your anonymized traffic out to the internet at large, thus making 100% of your internet activity unreadable and untraceable. Using a VPN gives you the some of the highest security possible while browsing the internet. None of the traffic you recieve or send while connected to a VPN can be read by your ISP, as it is fully encrypted from end to end. VPNs are also a good way to get around website blocks that your government may have put in place, or copyright regions enforced by YouTube. VPNs are also the best solution to protect yourself from your government spying on what you are doing on the internet. There are two kinds of VPNs: Paid VPNs (which are the best, especially ones that take anonymity seriously) and free VPNs. The primary difference between the two is how the services handle your web-surfing data. While paid VPNs will tend to do a better job of protecting your privacy (though the extent varies), free VPNs will fully cooperate when the authorities come knocking on their door for information about activity originating from your IP address.A few VPN services used by various KBMOD community members are: Witopia, FlyVPN, BlackVPN, Mullvad, Spotflux, and VyprVPN. (Thanks Ajay, K9, Brandon, and of course Sage for the recommendations… more information is available over in this TorrentFreak article).
- Use TOR. Similar to a VPN service, TOR anonymizes your web surfing by encrypting and anonymizing your internet traffic. The difference with TOR, however, is that it uses a distributed network of volunteers rather than a central, managed private network. Because of this, the actual origin of your traffic is nearly impossible to trace because unlike VPN providers, the members of the TOR network don’t even know where the traffic is originating. As a side effect, the bandwidth available via TOR is limited by the number of people supporting the TOR network and the bandwidth available to those people. As of now, typical internet access speeds via TOR will be slower than you are probably used to. Importantly, just installing TOR and turning it on is not enough, as they’ll tell you on the project’s web site… true privacy requires breaking some habits and making compromises on the fullness of your surfing experience. Check out the TOR FAQs for more info.
- Set up a dedicated proactive firewall. At home, I’ve got an old computer running an Untangle Firewall, which is a self-contained Linux firewall distribution. If you have a computer sitting around unused that’s got about a 1GHz processor and a half-gig of ram, you can put a second network card into it and use Untangle to turn it into a proactive content-aware firewall that will protect your whole network from spyware, viruses, as well as certain types of network intrusion attempts and denial-of-service attacks. You can even use it to block undesirable web content categories to help protect the kiddos. Oh and don’t worry, the “Lite Package,” which is free, is plenty sufficient for a small home network; the for-pay packages are meant for businesses. (Another firewall OS to keep an eye on which is more privacy-centric but not quite production-ready is FreedomBox.)
- Use open-source software. Of course there’s a mixed bag when it comes to the quality of open-source software, but all else being equal, a piece of open-source software is going to be more trustworthy than its proprietary counterpart because its code is freely auditable. Additionally, many open-source projects spring up specifically because the proprietary offerings do not have adequate security measures in place. While smaller software projects won’t always be trustworthy just because they’re open-source, it will tend to hold true, especially as a software project matures and attracts more developers. As Linus’s Law states: Given enough eyeballs, all bugs are shallow — or in this case, security issues… whether accidental or intentional. That said, there’s nothing wrong with using proprietary offerings, and many times there just won’t be a viable open-source alternative available — just look at games for a perfect example. You’d just better trust the company who builds your software to take your security seriously. To find alternatives to the proprietary software you currently use, you can use a software directory such as AlternativeTo.
- Embrace the penguin. Linux is currently the safest platform of the big three. However, using Linux only really helps with spyware and viruses, and it probably won’t be the perfectly safe platform it currently is forever. I recommend trying out Mint, Ubuntu, Fedora, or if you’re really concerned with privacy, try out a privacy-centric distro like Liberté Linux. (Personally I use Arch because, well, it’s amazing.) Of course chances are pretty slim that you would fully make the switch to a different operating system, but having one or more Linux boxes around to tinker with is a great way to learn a little more about how PCs work under the hood. Additionally, if you’ve started using mostly open-source software, using Linux won’t be nearly as overwhelming as it might otherwise be.
Help Us Help You
That’s it for part two. As always, we want to hear what you do to keep your information secure. Let us know here in the comments, or jump over to the appropriate section in our forums for a more in-depth conversation.
Next time, we’ll take a closer look at some privacy-enhancing habits you can start practising to protect yourself.