Matthias Kirchhart <matthias.kirchhart@freenet.de> (06-04-10 12:30:48):

> > What makes you think that it isn't 100% secure?
>
> That's simple: nothing is 100 % secure.

I didn't ask, because I believe it is. I asked, because the OP wrote
that he's uncertain, and I wanted to know, if his uncertainty is
reasonable.


> > First: Drop all proprietary products, including their protocols.
> > For example, use IRC or some other free standard protocol for live
> > conversations, instead of MSN. You can encrypt everything in IRC as
> > well as in MSN, and there are ways to guarantee authenticity. Use
> > GnuPG instead of PGP, because PGP is constantly losing trustfulness,
> > and it's not free. GnuPG is a free alternative.
>
> Where is the sense in that? If you use encryption properly it doesn't
> matter which protocol you use to transmit your data. Changing the
> protocol would just mean a lot of work. Where is the problem in MSN
> anyway? Just because it was developed by Microsoft it doesn't mean it
> is bad.

It's simple: By supporting proprietary protocols, you make writing free
alternative clients harder. You wouldn't use Microsoft extensions, when
writing a homepage, would you? And that's the same thing. The other
reason: Proprietary protocols get changed often. See the ICQ (OSCAR)
protocol, as the worst case example. I guess, most people will agree
that following standards is the better way.


> > Next, don't do things you don't understand.
>
> That's always a good thing :)

Unfortunately one, which many people don't consider.


> > To the threats on the internet, look that you have recent software
> > versions, so they don't possibly have some ancient security problem.
> > Keep your system up to date. That doesn't include the kernel,
> > unless some security problem is found, which affects you. You might
> > also be interested in various kernel patches. I use the
> > 'grsecurity' patch.
>
> That's right, but if really want to secure your system that won't be
> enough. Bare in mind that security is a process and not a state that
> you can achieve. You always have to analyse your system and think
> about steps to further improve its security. Updates can only be one
> of those steps.

That were the most basic items. Sure, that's not enough to be able to
claim to have a secure system. For me this includes the stuff you
listed as well as cryptographic techniques. One thing, which is very
important: Your system is not secure, if you need to disclose things.
My security system consists of:
* offsite backups
* encrypted hard-disks and swap
* fully hand-written configurations
* security add-ons
* programs with a clean security history


> Further steps to improve security could be:
> - - data backups

That's not enough. Your must check the integrity of your system, before
doing backups. And you must guarantee that nobody could tamper with
your backups.


> - - not to safe data on the computer but on a CD and cut off the
> internet connection while working with them.

Unfeasable in most configurations, as in mine. And remember that CDs
can be stolen. So offsite-backups are in fact the same thing, but much
easier.


> - - configure a firewall

Theoretically a secure system doesn't need a firewall (in terms of
'packet filter', I guess you meant that). But it wouldn't hurt, too.


> - - put a NAT-Router between your system and the internet to hide your
> PC to the outside world.

That's actually the same as configuring a packet filter properly. Just
more expensive and harder to maintain.


Regards.