« | Home | Categories | »

Security Guidelines for Congressional Campaigns

Posted on March 11th, 2018 at 18:34 by John Sinteur in category: News -- Write a comment


Having antivirus is like putting a hole in your stomach to monitor for food poisoning; it creates more problems than it solves.

  1. Sorry. I will not give up my antivirus.

  2. In the very next sentence, the article recommends using Windows Defender, so:
    – @Rainymyth does that satisfy your desire for security?
    – @John is this cherry-picking, including only certain snippets without context?

    I find myself agreeing with the (paraphrased) statement, “Use Windows Defender as your AV, and not anything else”, given:
    – a) many AV products for Windows use clever work-arounds to increase their access within Windows 10,
    – b) many AV products have security flaws which make it easier for an attacker to compromise the system,
    – c) Microsoft has learned from its mistakes and has actually become pretty good at security,
    – d) this document gives easy-to-remember advice to a non-technical audience in high-visibility targets.

    Windows 10 is much more secure by default than any previous version of Windows, so an organization which has limited IT resources would actually be better served by doing nothing than by starting to do something else but not having the time to maintain it. If there’s not a dedicated team within my organization monitoring my PC to keep it safe, I’d rather keep the system in a state where its security can be maintained by the dedicated security team at Microsoft.

    And yes, 5 years ago, I’d have thought that what I just wrote is crazy.

  3. Ah… yeah, I realize this may look like cherry picking, but I basically picked that bit because it stood out to me – we’ve internally been using “Additional Vulnerabilities” as the expansion of “AV”

  4. Well the author is full of contradictions. I will cherry pick one “Use Google Chrome as your default browser on your laptop.” And if you do, as in the Facebook example, Google will know everything about you (in addition to Microsoft because you use Windows (spyware platform) 10

  5. @Mykolas The article was not written for you to protect your browsing habits from megacorporations: it was written to reduce the attack surface for congressional campaigns, whose adversaries are likely political opponents, either domestic or foreign. The threat model legitimately doesn’t include Google, Microsoft, Facebook, or anyone with lawful intercept or subpoena power.

    The suggested procedures are very good for providing a level of safety for a non-technical audience, including how to handle email attachments, how to share of documents, and how to use U2F dongles. Yes, a lot of it boils down to “trust Google”, but that externalizes the sandboxing for opening files and provides a rudimentary level (1st-degree) of DRM and auditing in a way that exceeds anything available via email.

    For protecting the members of an organization, the recommendations in this article do a very good job of blocking the majority of effective attack vectors without imposing too many barriers to actually getting work done.

    If you want to read a more paranoid article, targeted at the needs of a different set of users, try the recommendations by the same author for journalists and activists, which includes the line “If you believe your hotel room is monitored, work under the covers on the bed. It is less conspicuous, and prevents video surveillance of what you’re typing and viewing.” https://techsolidarity.org/resources/basic_security.htm

  6. Unless you really need Windows, consider Linux Mint, a desktop OS done right. Free as in speech and free as in beer, with built-in security and speed-runs on even slow PCs. Mint is the the OS windows wishes it was. Does not phone home to various tla agencies like Win10 spyware does. Download it for free and free yourself from Redmond. You have nothing to lose but your shoes.

previous post: Living in a sea of false signals: Are we being pushed from “trust, but verify” to “verify, then trust”?

next post: The race to conquer the Arctic – the world’s final frontier

Leave a Reply