I’m watching all the ire coming across the wire from everyone under the sun over Lenovo and Superfish and I can’t help but laugh. I’m sorry for poking fun at everyone over this mess, but let’s be a little realistic here. Are you really so gullible that you just blindly placed your trust in a company for no reason other than the fact that you bought their product? Let’s get something straight here, a computer is a very personal thing. It’s like your wallet, your social security number; your deepest darkest secret.
Why on earth would anyone just buy a device like a computer, pull it out of the box and start using it!?!! Are you really that naive to trust your security to an “out of the box” installation of a new laptop, phone, or tablet? Now, I’m not like most people and I actually have the technical skills to completely tear down a piece of equipment and put it together with just a “few parts” left over, but overall, it’ll still work.. (sort of..) lol. **just had to inject some humour here
Let’s be honest though. Reinstalling an operating system on a machine is pretty much a mindless exercise these days. The install discs pretty much walk you through the entire process. Yes, there are a few drivers that might be missing, but that is easily resolved by calling on your local computer nerd friend, a call to tech support, or even a little bit of surfing on your iphone, android, or even your blackberry.
I’m writing this piece, because it’s pretty clear there needs to be a basic education in security and compute devices here. Sometimes I place too much faith in Darwinism to root out the truly mindless acts of idiocy, but to be up in arms over this; REALLY!?!!
Some basic “must do” things to secure yourself:
New Computer: Reinstall the OS and Applications from the REAL install disks or downloads directly from the manufacturer’s site. (Microsoft, Apple, Adobe, etc.)
New Phone: if you have an Apple i-Device, reinstall the official Apple IOS Firmware via iTunes or take it to the Apple Store and have them do it. If you have an Android Phone, at a minimum, a factory reset.
Passwords: Don’t share them with anyone except for your domestic partner or someone you implicitly trust.
Some basic “must do” everyday things when it comes to computers and personal devices:
1. Don’t let anyone “check their email” or “look up” something on your computer or device.
2. Don’t trust anyone with your password.
3. Work at a company with “BYOD”? Don’t let IT “reconfigure” your device with their Antivirus, windows profiles, etc. Have them provide you with their equipment that they can lock down to their heart’s content. IT departments are notorious for spying on your personal stuff.
4. Boyfriends / Girlfriends / Babysitters / whoever: They shouldn’t ever have access to your personal devices.
Surfing the Web / Internet Access:
Hotels: Get a VPN and Use it to connect to the internet when on their network.
Starbucks / Airports / Public Wifi: Get a VPN and Use it to connect to the internet when on their network.
Work: If you’re connecting your personal device to their network (which you probably shouldn’t be doing), Get a VPN and Use it to connect to the internet when on their network.
Tethering off your Wireless Phone or Mobile Hotspot: Get a VPN and Use it to connect to the internet when on their network.
Home: Supply your own Cable modem or Router if possible, otherwise, build a pfsense router and route all your traffic to a VPN provider you trust.
Websites with sensitive data: Check the Security certificate validity! If you’re not sure, call your bank, healthcare insurance company, etc. and double check with them on what the certificate should say!
Internet Access on a plane: Get a VPN and Use it to connect to the internet when on their network. (Just do a Google search on “Gogo and Man in the Middle”)
Assume they’re completely insecure and don’t use them to give out your credit cards or sensitive information.
Assume it’s insecure and don’t use it to give out your credit cards or sensitive information.
The bottom line is there is no such thing as secure anymore. If your information is digital, expect it to be culled somewhere. The best case is that whoever has this information is going to be reputable (like your bank) and the worst case, they’re going to use it for nefarious reasons: (Insert large corporate entity who is giving you a “low cost or free” service).
Even your VPN provider can be a shithead, but you have to choose the devil you know vs. the devil that just sold you a laptop, internet access, or the Brooklyn Bridge. As for me? I run my own VPN server(s) and own, manage, and configured all the hardware and infrastructure.
Bottom line: Remember all those people that trusted Mt. Gox with their Bitcoin? yeah.. ok. They just said, “Trust me” Oh.. and that guy / girl you just met? uhm.. You ever wonder why your computer all of a sudden got a lot slower after they came over and “checked their email” from your computer?
TLDR: Don’t be so gullible. If you wouldn’t trust them with your ATM pin number, why on earth would you trust them to configure your computer for you?