I have thought about solid ways to operate safe online. Changes in the computer market will greatly expand on an existing option to produce an opportunity to get more secure. It started with advice I heard about involving two separate laptops. I probably read it on an internet forum. I thought the idea was attributed to Bruce Schneier but a search on the Web did not reveal such statements from him. However, a write-up on this approach is on CNet from 2011 and basically gives an overview of the idea.
Here’s the problem. A few years ago, this approach was too expensive for most of us. Things have changed.
You have a laptop or desktop. You do things on it. Even if those things are simple, boring things, the idea of even a casual breach of your environment isn’t the most inspiring idea in the world. When you are conducting activity online, you tend to want to contain any spill over effect from the reset of your computer.
Netbooks, Chromebooks, and CloudBooks
It starts with Google Chromebook. This is an Internet computer you can use to surf the Web. The environment is more locked down so it has the least amount of unintentional spill over from a breach. Before Chromebook, you had what was called netbooks. Offered the same opportunity. Today, there are many 11″ machines at a low-cost that offer you the ability to use them in a way similar to a Chromebook. A dedicated Web computer.
Around the corner are CloudBooks. Whatever they are called, these machines offer people an opportunity to have two computers. Your main computer is you do a lot of things offline. The second computer is where the data you choose meets the Internet.
The offline computer could be a machine you’ve invested a little more in to be your personal workhorse. It is rarely connected to the Internet. About the only time you do connect it to the Internet is maybe once every few months to update it. This machine does not need to change that often and rarely connects to the Web.
You back this machine up often including the data that is on it. The system is still secured with security software, secure configuration, and so on. There is less of an opportunity for sensitive info to leak from this machine since it is connected to the Internet maybe 4 times out of the year. Perhaps once a quarter. Hopefully, the updates do not take too long to download and install. With proper care, a machine like this could last a good while.
You do not need very much to run a Web browser to get on the Web. You shouldn’t for most websites. The least expensive computer would normally suffice. Chromebook offers the most locked down experience while CloudBooks and similar machines offers more flexibility in how the machine can be configured beyond Internet use. You can convert a CloudBook to something similar to a ChromeBook by installing Linux on them.
Anything involving money, credit transactions, or other highly sensitive information that is to be communicated online (healthcare, stocks and finance for example) should be done on a computer dedicated for that purpose. That means the same computer you use for social networks, news, and online email websites should not also be involved in online banking, healthcare, and government affairs. You really need a dedicated, secured computer for those activities.
Not an All at First Strategy
Doing something like this is a gradual thing. This is my recommendation, but I cannot financially afford to do it. One day I may. The cost of machines to pull this off is becoming more affordable everyday. Now, let’s turn our attention to the difficult part. Setting this up and living with the arrangement.
Daily Use Model
The hard part is you have two machines, maybe three. At worse, you need a USB drive or SD card to move files from one to the other (download/upload) and you have both or all three running at the same time. First, let’s see what we can do about the machine for online banking/highly sensitive information.
More ordinarily, you would keep the online banking/sensitive info computer locked up most of the time. You’ll probably want that machine to either be a ChromeBook or Macbook, or a CloudBook fully retrofitted with a secured Linux setup. ChromeBook is the best because it requires the least amount of maintenance, even out of cold storage. It will be maintained for the foreseeable future with no further cost and requires the least amount of bandwidth off a mobile hotspot to stay up-to-date. Like the security expert I mentioned earlier, you will want this machine locked up in a safe.
Now we have brought the daily scenario to 2 machines since the rarely used 3rd machine for online banking is only brought out when needed. The Internet machine is going to be a small laptop no more than 11″. That is the only way you will be able to carry both with you. This is not a strategy you apply just when you are at home, but it is something you apply all the time whenever you use your own computers. A laptop bag is going to have room enough for a 15″ laptop and a thin, small 11″ machine.
Throughout this discussion, the smaller Internet machine doesn’t have to be a laptop. It can be a tablet.
Simply get used to the small screen when browsing the web when on the go. At home, you can plug the small machine into a larger monitor. The hard part is where this whole strategy earns its security stripes.
Ergonomic and Ease of Use
Good security, by definition, is inconvenient. That is part of the reason why a single machine isn’t going to work. The old expression, “have your cake and eat it too” applies here. Breaking things up this way is inconvenient but less inconvenient than a security breach.
In reality, you might have a larger laptop whose screen you don’t mind right next to a smaller laptop whose screen content you would like to see in a larger screen. The full and complete details of which machine gets an external wireless keyboard and mouse is an exercise left to the specific circumstances. Here is a start.
One idea is that could work is as follows. Use two monitors. Each laptop gets a monitor. The monitors are side-by-side. The external keyboard and mouse are designated for the main laptop/desktop. The idea is that browsing the web, even to the extent it is interactive is primarily a reader oriented experience. What comes next is how to handle situations involving writing content and posting to the Web, replying through web email.
You compose content for the web on your main laptop. The beauty of this is it provides a disconnect that allows you more space to compose your thoughts in a more thoughtful way. Second, you can save the written content to a text file on a USB drive or SD card. Insert the card in the Web computer, open the text file, copy and paste into web e-mail, forum post, and so on. Alas, problem solved.
This approach is not an absolute solution for Internet security. It is a better way to keep a primary computer more secure by allowing a Web computer to take on 100% of any residual malware exploits. Even with this approach, any files you download from the Web computer to a USB drive or SD card to the primary computer could deliver malware to the less connected machine. The most you could do in that situation is do a scrub of the disk and files using the best anti-malware software you can obtain. There is much more you could do. Some of them involve temporary primary machine boot images, virtual machines, and periodic whole system OS renewals. Unfortunately, that is a ton of information that would normally be considered impractical. As I mentioned, in the ordinary case, the general approach mentioned so far is not 100% but can work well enough to create a better situation.