I just had the happy experience of "catching" a new Windows user, who'd just bought his machine at the computer-store, and helping him ... alas,
not to ditch it in favor of Linux
but ... to set up and activate basic security on the machine.
The same maxim holds on Linux, OS/X and so-on.
Adequate security controls exist,[ii] but you must [/i]use
them! So, what does that actually
mean?
(1)
Set up a separate, non-privileged account for your regular daily use: In other words,
lock the door! The administrator or
root user on your computer is all-powerful. Anything that it does,
or that is done in that user's name without the owner's knowledge or consent, will be obeyed by the computer. No questions asked. And that's not a good thing. By comparison, a limited ("ordinary") user will not be
allowed to do damage to anyone other than himself.
(2)
Consider setting up "task-specific" accounts: The accounting folks normally have a separate office, because their files are a little more sensitive. You can do the same thing. Have as many "alter egos" for yourself as you like. The files owned by each one will be automatically protected from the others.
(3)
Don't use dictionary words for passwords: It's no mean trick to get a file of a hundred thousand words and exhaustively try them all. A simple modification to your password, or a combination of words, nearly eliminates this threat.
(4)
Don't answer prompts for the root password unless you
know where they came from.
(5)
Legitimate system-updates never come via e-mail: All operating system software updates are always delivered using
secure, identifiable channels. No one really uses e-mail for this purpose.
