Computer security and Malware

Lastpass sends an encrypted copy of yuor vault to it's cloud servers. The encryption is as hardened as you can get. If you log in from a different machine *and* it is allowed in your security settings, you can download the vault (ony a small file) and then decrypt locally. However you can set up security so that only one machine can ever access the vault. It also keeps logs of ever IP that tries to access the vault.

It's not 100% secure. Nothing is. But it's enough to deter casual attack.

That if I may say so, is a very blinkered view. The main reason for windows issues is that a lot of people use it, and so its worth the hackers time to get past the protection, whoever it is by. If miraculously Linux was the main OS then I'm certain you would have a similar situation there as well. My feeling at the moment is that much of the malware seems to get in not just because there are ways in Windows, but mostly due to the ignorance and gullibility of users who will do daft things like open attaches without even knowing what the file extension is and who go toweb sites of a dubious nature because some email that might possibly be from somebody they know had a link to it.

Very few of the infections seem to come from drive bys or direct attacks these days, aminly, I'd imagine as they have a trail direct to the nasty person or a machine botted by them.

Msse seems to catch most of the normal run of the mill stuff, as do most of the virus scanners, but there is always going to be a trade of between being able to use the machine easily and the are you sure, are you completely sure type of stuff that false positives generate quite often in avg, avast and Norton for example. Just remember, there is always going to be the first person to encounter a new nasty designed to get past your anti virus system. Brian

Some sites use two stage authentication. Eg google can be set to require a code sent to your mobile to log on from new machines and/or locations. If you are using google drive, etc. you should use it.

Agreed 100%. It's why I only ever download email on this ancient Acorn. If by any chance I do need to read a PC only file which is attached, I can easily transfer it to one. But that only happens once in a blue moon.

But that does not alter my reasoning that the easiest way to stay clear of Windows issues is to stay away from Windows, especially while connected to the Internet. Since Linux is not the main OS, then, as you say, it is not the subject of hackers' attention the way that Windows is, and so is inherently less likely to be the conduit to a hacker. There is still every incentive and reason to be very careful about what attachments etc are opened, that is just plain sensible operation.

What happens if these password sites - Latpass etc - get hacked? Better than hacking individual banks etc if user takeup is big enough.

No it isn't. It's very simple to use. I'd avoid any bank which didn't do better than just username/password.

There's an element of that, but it's a VERY long way from being the full story. Windows - especially in the XP days and before - was insecure by design, compounded by abysmal default settings. The UAC in Vista was a half-arsed attempt to sort that, but was so badly implemented that it merely succeeded in pissing users off so badly that most switched it off, leaving them back as they were. Compound all THAT with many application developers ignoring dev guidelines and using the myriad of back doors - or just being a bit clueless - and running a secured install of XP wasn't even an option for many user.

B'sides, it also ignores the fact that Linux IS the main OS for internet- facing server installs. Millions of them.

And we all know how secure *they* are.

Yes, we do.

A _damn_ sight more secure than your average user's desktop.

To be honest, that's a *very* low bar.

Unlikely to be true in isolation - i.e. without action taken by the user, a remote hacker is unlikely to be even able to make contact with the window box. The server on the other hand is sitting there accepting incoming connection from all comers by design.

very very secure mostly.

Until idiots load 'frameworks' on them...

ISTM that most security problems allegedly associated with operating systems seem to be related to what the users load onto them.

And preferably, don't use the same email address for logging in in different places. Anyone who only has a single address has already shared that info with loads of people, giving anyone (perhaps especially people who know them) a head start in logging on here and there as them.

People say that... but changing a password that is unknown to anyone else is pointless. Of course if it IS known to others, the sooner the better.

Someone who wants access to your personal data, for one.

What about HTML emails (spit)?

Does it work correctly with NAT?