One can generate all the security in the world, use the best encryption algorithms possible but if the computer you are generating them on is compromised you have spent a good bit of time and effort chasing your own tail. The very first step is do not use Microsoft products for any secure transmission. Linux or BSD are the only real choices for secure communications. You cannot secure Microsoft products, Microsoft long ago and continues to build back doors for not just the US but other governments. Microsoft was actually a strong supporter of the clipper chip and has backed every invasion of privacy this nation has seen from day one. Microsoft operating systems also have a built in design flaw in the very kernel which up to at least Windows 7 still exists in every Microsoft operating system since NT. Microsoft has repeatedly helped repressive after repressive government break into people's computers who use Windows as their operating system. We all heard about Google and it's battles with China over censorship. What we did not hear was how Microsoft not only never put up a fight, it was probably their idea which put China, various Arab nations even some European nations into censoring their search results. In short if you use Windows and want secure communications your wasting your time. This is why the only developed nation in the world which uses Windows in ANY secure facility is the US and only in places where Microsoft bribed enough of congress to force Windows down unwilling throats. Most secure facilities in the US use Linux. NASA, the NSA, the Navy, etc.
Linux is just as easy, actually easier in most instances than windows to use and install today. With a very short learning curve most applications you are used too on Windows can easily be replaced by OSS apps. Often OSS apps are the standards such as Firefox, The Gimp, Open Office, etc.
Just using Linux improves your security by a hundred fold but that only discourages the casual hackers. If you want to make life difficult for governmental agencies you need to first keep your system updated and second harden your system. There are excellent guides on hardening a Linux system, however be wary of software put out by the US government. The NSA is a major contributor to Linux security software. However unless you are an expert programmer and can inspect the code or know one it is generally best not to use their software. That is one advantage of Linux. Everything on your system you can inspect and look for back doors. Most of us do not have the time or expertise to do such, however a good hardened and patched Linux system will be difficult enough to get into that only the spooks are generally going to be able to get into your system.
Do not use the same computer for browsing the web as you use for secure communication. Various doo dads such as Flash contain very insecure code and all any agency needs to gain access to your machine no matter what OS you use is to lure you too a website while there is a flash vulnerability. This will bypass all your security efforts. It is best to air gap a secure system except to patch it. That is take your ethernet cable and unplug it except when you specifically need it to talk to the net to receive security updates and to transmit/receive. Do not use thumb drives or share USB drives of any sort with your secure machine. Back it up to an external drive which only gets plugged into your secure machine. Do not use the same passwords on your secure machine as you do for your other computers. Do not write them down and leave those passwords near the computer. Instead if you must write them down stash them in a book or something else extremely difficult to find and located far away from the computer, the farther the better. Generally best to memorize your passwords. Do not use easy to guess passwords. When you need to transfer files use SSH to log into the insecure machine. Then pull the files over that way. Save documents as text or RTF not in Office formats as Office (even Open Office) may have hidden code which can be used to create computer viruses. Add your fancy fonts and mark ups on the secure machine. Check your logs at least once a week on the secure machine.
For a primary machine if you are just completely uncomfortable in Linux you may wish to use a Mac. Mac's are not acceptable as a secure machine, but are far more secure than a Windows system, so for browsing the web and all your fancy doo dads a Mac works quite well. Mac's unlike Windows can be hardened and made secure enough to discourage all but the best hackers. This requires a good bit of IT knowledge however as ready guides on hardening a Mac are not as easily found or followed as similar Linux guides and the updates and source code is just not available for critical parts of the OS. Using a Mac also at least sends a statement to Microsoft about it's anti-freedom pro censorship policies. It was not that long ago that Microsoft tried to bribe enough of congress to force a law which would have made encryption only possible on a hardware level. Hardware sold by Microsoft of course. With appropriate government back doors of course. Hardware which would have rejected any software meant to make your computer secure. It took a major outcry from watchdog organizations and hardware vendors such as AMD and Intel to stop this law. Any penny you give to Microsoft is a penny donated to a company who is out to end your freedom. You might as well make campaign contributions to the DNC as Microsoft is a major supporter of the DNC if you use Windows as your operating system. Just by using Microsoft Office for example you make money for Microsoft as it encourages others to buy Microsoft Office and part of that money winds up in the campaign chests of the DNC as well as more of it going in bribes to politicians.
If there is an interest I'd be glad to do up a guide to hardening a Linux machine and secure communications practices.
Replies