Thursday, December 26, 2013

May I suggest a New Year's resolution?

The BBC reports that a new and "virulent form of ransomware has now infected about quarter of a million Windows computers (...) Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock". The article then goes on to describe a few general things about Cryptolocker and ends by providing a list of measures Dell and, by implication, the BBC recommend to protect computers from malware/viruses/backdoors:
  • Install software that blocks executable fields and compressed archives before they reach email inboxes
  • Check permissions assigned to shared network drives to limit the number of people who can make modifications
  • Regularly back-up data to offline storage such as Blu-ray and DVD-Rom disks. Network-attached drives and cloud storage does not count as Cryptolocker can access and encrypt files stored there
  • Set each PC's software management tools to prevent Cryptolocker and other suspect programs from accessing certain critical directories
  • Set the computer's Group Policy Objects to restrict registry keys - databases containing settings - used by Cryptolocker so that the malware is unable to begin the encryption process
This is *laughable*.  What these corporations and corporate shills do not tell you is that all versions of MS Windows are inherently and inevitably dangerous because of deep design flaws.  Because of that, it is possible, but extremely difficult, to secure a Windows computer.  A very skilled and experienced professional system administrator can, if he takes the time, make a Windows computer more or less secure, but no home user will ever acquire that level of skills.  If you really think that by installing a firewall, an anti-virus application and, say, some kind of backdoor detector you are making your Windows computer safe you are kidding yourself. Anybody who says otherwise is lying to you.

What are your options?

Simple - use any other operating system.  OSX, iOS, Android, GNU/Linux, or any form of BSD are all far more secure out of the box then any version of Windows.

Apple products come with a long list of bad features: they are hyper proprietary, they are overpriced, they are typical bloatware, and they suffer from terminal vendor lock-in.

Android is an excellent OS, but it is designed for mobile devices and you really can't run it on a notebook, laptop or desktop.  But for mobile devices, that is the way to go.

All BSD versions are very good and highly secure out of the box, but they are not very user friendly.

The best choice, by far, is GNU/Linux aka "Linux".  Linux comes in various "flavors" (called "distributions").  Here are few I recommend:

Debian, the Universal Operating System
Mint, the easiest to use distribution
Xubuntu, distribution for older hardware
Knoppix, general purpose distro on live-CD
Puppy, small size distribution and live-CD
Tails, the privacy and security oriented distro
Ubuntu Studio, distribution for artists
Trisquel, the 100% free software distro

Frankly, if you are new to Linux, I recommend the Linux Mint distribution.  It is extraordinarily easy to install, easy to use, it comes with an absolutely superb desktop environment (user interface) called Cinnamon and it has an extremely friendly user community.  The latest version of Linux Mint is called "Linux Mint 16 Petra".  The hardware requirements to run Mint 16 are minimal:
  • x86 processor (Linux Mint 64-bit requires a 64-bit processor. Linux Mint 32-bit works on both 32-bit and 64-bit processors).
  • 512 MB RAM (1GB recommended for a comfortable usage).
  • 5 GB of disk space
  • Graphics card capable of 800×600 resolution
  • CD/DVD drive or USB port
The vast majority of computers in use today fall well within these specs, so no need to spend any additional money.  And, of course, you can download Linux Mint legally and for free from here:

Finally, you can test-drive Linux Mint at no risk by burning a live-CD which you can also use to install if you like it.  You can even keep your old Windows OS if you want by installing Linux Mint and Windows side by side.  The Linux Mint installer will offer to install Mint while keeping Windows.  You will have a "multi-boot" computer with both OS installed.  And when your Windows crashes you will easily be able to access your files and rescue them using Linux Mint.

Guys, be good to yourself, don't continue to suffer in "Windows hell", ditch the damn thing and switch to the free world of GNU/Linux.  And if you don't want to do that for technical reasons, do it for political, moral and ethical ones: you cannot fight the Empire and sheepishly use its tools.

Do the smart thing and the right thing, make a really good New Year's resolution, ditch Windows and replace it by Linux Mint!

The Saker