There's no Such Thing as a Secure Computer--How to be Relatively Secure

(See also for guidance if you are running Unix or Linux)

Giant companies spend millions of dollars a year on computer security staff to keep their computer systems "secure". And, as we've been hearing for years, data is stolen out of their computers all the time. The bottom line is this: no matter what anyone tells you, there's no such thing as a secure computer. It's inherently impossible. There are only more secure computers and less secure computers. Computer security is really, really hard. So how does the average person who isn't a computer security professional go about having a more secure computer without spending millions of dollars?

I understand that you want to be free to enjoy all the benefits of modern technology. You want to be free to surf the Internet, visit all those cool websites, and maybe find out what the Illuminati are up to these days, and just explore to your heart's content. And you also want to be able to do some online shopping and banking, maybe check your stock portfolio, and send that private email to your girlfriend. But you also want to keep those financial records and other personal data on your hard drive safe. You don't want your bank account emptied, your credit card numbers intercepted, or your passwords stolen. I hear you. We all want those things.

Okay, I'm not going to lie to you. For the average person, being able to do all those things relatively securely takes some effort, but it can be done. And, in my opinion, it takes more than what everyone else is telling you about buying a new router every few years and keeping your software updated and using strong passwords and two factor authentication. Don't get me wrong. Those things are a great start. By all means, do them. But doing those things only gets you what I would call a less secure computer. That's better than the average person, which I would say has only slightly better than an unsecure computer. But if computer security were that easy, huge companies wouldn't be spending millions of dollars on it--and still getting their data stolen. Computer security is more about understanding the risks, coming up with a plan, and sticking to it, than it is about buying some particular hardware or software. In other words, it takes vigilance. I've come up with a way that so far has worked for me (fingers crossed), but you may not be willing to use it because it takes vigilance. So, if you're not into vigilance, stop reading here. The rest of this article is not for you.

Before I tell you about my method, let me introduce you to a little operating system called "Qubes". Qubes is billed as "a reasonably secure operating system" for "securely compartmentalizing your digital life". It was developed by a postdoctoral researcher named Alison Hales. Like me, Alison realised that there's no such thing as a secure computer. So, she came up with a plan for an operating system that would keep you "reasonably secure", even if your computer has already been compromised. She spent years writing Qubes. Her basic idea was to use a very secure underlying operating system (Qubes) that hosts virtual machines to separate the operations that you might perform on your computer from each other according to their relative levels of risk. A virtual machine is created by a piece of software that isolates what you're doing in one window on your computer from everything else you're doing--all the way from the application software you're running, right down to the operating system you're running it on. So, if you want, you can even have different operating systems running on different virtual machines all at the same time on one physical computer. Don't worry if you don't grasped the concept immediately, it may take some thinking to understand.

The basic idea that Alison had is to separate security-wise risky things you're doing from things that you want to be less risky when you're doing them. That way, if something risky that you're doing compromises one of your virtual machines, the malware or whatever can't spread to a virtual machine where you're doing something you need to be absolutely unrisky. So, with Qubes, for example, when you're surfing the Internet and checking up on those pesky Illuminati, you can be using a "less secure" virtual machine. When you're sending email and watching Netflix, you may be using a different, "moderately secure", virtual machine. And when you're doing your online banking, buying that great troll doll online, and working on your taxes, you can be using yet a different, "more secure", virtual machine. With Qubes, you are the one who decides which operations are more or less risky and how to set up your virtual machines to group your operations accordingly. If you choose, you can even use a different virtual machine for each program you use--one for your email, one for your Internet browser, one for your tax program, etc. So, you can basically separate operations any way you want. It's a great idea.

The only problem is that, about a year ago, I spent two weeks trying to get Qubes to work on any computer that I owned, and failing miserably. I did get it to install on one of my computers, but I couldn't do anything with it after that. It turned out that Qubes was not at that time completely compatible with any computer--not just any computer that I own, any computer, period. So, you're not going to get it to run "out of the box", if at all. Alison, if you're reading this, know that I feel for you. Writing an operating system all by yourself that everyone can use on whatever PC they're using is an incredibly ambitious and difficult undertaking. But the Bottom line is that so far Alison has failed. It's heartbreaking but true. So, at least for the present, Qubes is out as a way of securing our computers.

Now back to the method I've come up with. Conceptually, it's very much like Qubes, only without the single underlying operating system or the virtual machines. Instead of virtual machines, I use the ability of Linux distributions to run from USB sticks. So, I install Linux Mint (you can use whatever distribution you want) onto three fast USB sticks. One stick, I label as "unsecure", one I label as "medium security", and one I label as "secure". Then, when I'm surfing the Internet, I use the "unsecure" USB stick, and I can go to any risky site I want, because that's all I use that USB stick for. I never go to any site where I have to enter a password. I never type in any personal information. With the "medium security" stick, I only go to my online email site and watch Netflix because I have to enter passwords. I don't go to those risky sites--just email and Netflix. Here, I want to be safe, but if I'm compromised, it's not the end of the world. With the "secure" stick, I only shop online and do other things online that I absolutely don't want compromised because they involve credit card numbers, etc. If I did online banking--which I don't, for reasons I'll discuss in a later article--I would use this USB stick.

However, understand that even with the "secure" USB stick, there is still a possibility of being compromised. Perhaps your router has an infection, or there is "Bad USB" in your computer's firmware, or something else that you don't know about and my three-USB-stick system can't protect you from. You have no way of knowing about processes that are running on your computer at a very low level, which makes them beyond your control. You just can't protect yourself from them. In fact, the only way to be relatively certain that someone on the Internet isn't spying on you is to never connect to it in the first place. So, for my needs which require the most security, like storing financial records, and actually anything sensitive that doesn't require Internet access, I use a completely separate computer that I never connect to the Internet. In fact, I have one computer in my home that I designate as my Internet computer, and the rest I keep off the Internet, unless I have a burning need to update their operating systems or some such thing. For those of you who only have one computer, an approach that is nearly as good is to encrypt your computer's entire hard drive before you store your sensitive data on it. That way, when your Linux USB stick is plugged in, it not only can't see anything on your hard drive, it can't even tell that you have a hard drive. If you don't believe me, try it and see.

There are a few details that you need to know to use my three-USB-stick method. First, you need to know if Linux Mint will even run on your computer. Microsoft has done a good job of preventing anything but Windows from running on computers manufactured after 2012. So, you need to check that. You also need to know how to install Linux Mint on a USB stick. There are websites that explain that. Then, you need to understand that you will have to reinstall Linux on the "unsecure" Linux stick fairly frequently, like once every four to six months or so, because it will eventually be compromised to the point where it stops working.

So, to summarise ... Realise that there is no such thing as a secure computer. If you want to put in the effort to be "relatively secure", you may want to try my three-USB-stick method. It gives you nearly the security of Qubes--which is, as far as I can tell, the most secure operating system out there. But my method actually works.