When shopping for a computer to trust your valuable data, it can be overwhelming to decide which features to prioritize. There are many computer manufacturers and hundreds of models and options on the market that all promise to be secure.
The most secure computer is a Librem laptop from Purism which pairs hardened hardware and a custom operating system to help protect users’ data. Manufacturers like Apple produce more familiar and user-friendly devices with good data privacy. Consumers must consider some key factors before buying.
The best way to protect your digital life is by selecting a computer that matches hardware, operating system (OS), and user software to your expected threat model. Let’s dig into each factor along with identifying the biggest threat to your computer’s security and your privacy.
Table of Contents
- Selecting The Most Secure Computer Hardware
- Selecting The Most Secure Computer Operating System
- Selecting The Most Secure Computer Software
- Selecting The Most Secure Computer Habits With These 9 Tips
- 1. Smash Your Hard Drive
- 2. Be Paranoid AF
- 3. Habitually Lock Your Screen (Or At Least Use Auto-Lock)
- 4. Watch Your Back: Pay Attention To Shoulder Surfing
- 5. Encrypt Everything Including Your Whole Drive
- 6. Use These Secure Browsers
- 7. Don’t Use Passwords
- 8. Passphrases Aren’t Enough: Two-Factor Authentation (2FA)
- 9. Is Virus And Malware Protection Software Still Needed?
Selecting The Most Secure Computer Hardware
The first aspect most consumers consider when selecting a secure laptop or a desktop computer is the hardware. Find a PC manufacturer that’s focused on using safe components as a foundation for their secure systems.
Generally, the best hardware for a secure computer is entirely open and transparent. The hardware should be designed to limit attacks and contain no backdoors allowing the component or system manufacturer control.
For example, Intel’s Management Engine on their processors is a common target for hackers since it can be exploited to run processes completely bypassing the operating system. A threat actor can potentially install malicious software and carry out advanced attacks like tampering with the BIOS or altering the boot sequence. AMD Secure Technology is a similar subsystem lest you think their chipset is more secure.
An excellent example of secure hardware is Purism’s Librem laptops, designed with security in mind from the ground up. The company ships laptops with Intel’s Management Engine disabled. They also include security features like hardware switches for WiFi and Bluetooth and the ability to completely disconnect the webcam.
The hardware element of computer security is crucial because it affects everything else, including how the operating system and other software running on your computer works.
Selecting The Most Secure Computer Operating System
The operating system (OS) is the second most important consideration when selecting or running a personal computer. The OS is the most essential part of a computer to defend, having access to both your data and the hardware.
The most secure computers tightly integrate hardware and operating system. Secure operating systems are typically open-source. This development transparency allows a community of experienced programmers to audit, patch, enhance and secure OS.
Linux is the most common secure operating system, but it’s often criticized for the lack of quality user experience (UX). Its open-source development causes fragmentation in a cohesive user interface (UI), which can deter new users. The community has been making great strides towards UX and UI with friendlier distributions of Linux like Linux Mint and elementary OS.
The other operating systems from manufacturers like Apple and Microsoft are not as secure due to their proprietary nature and single-company development. While both companies have put billions of dollars towards securing their respective operating systems, they both have been known to contain severe vulnerabilities. In general, Apple OSX has a reputation for having more secure default configurations than Microsoft Windows for consumers looking to stay with mainstream options.
A Bit of Advice:
There’s an ongoing debate over the most secure mobile device. My advice: For users that are not tech-savvy, an Apple iPhone is more secure out-of-the-box than most Android smartphones. However, advanced users can make an Android phone more secure by flashing to an Android variant designed for security and privacy like CalyxOS or GrapheneOS.
No matter which hardware manufacturer or secure operating system you select, ultimately, users are the weakest link in security. Consumers who install vulnerable software on top of an OS become the problem.
I recommend that you only select and use only the most essential software from trusted sources. But, how do you know what software is secure?
Selecting The Most Secure Computer Software
TLDR; Basically, download, install, and use only paid or open-source software. Here’s why…
Users often choose programs or apps because it’s free or offers a free trial. These software programs are typically unknown (security vulnerabilities) and more likely to contain bugs, exploits, or at a minimum, harvest users’ data.
Software with paid licensing is usually higher quality, commercially supported, and generally respects user privacy (though read the privacy policies). Companies offering paid products have a financial incentive to secure their software and act in the best interest of their customers.
For the sake of all that’s holy, please do not pirate commercial software! Not only are you doing something illegal, but you’re also installing pre-hacked applications onto your device. You’re reading this article because you want a secure system. Besides, I’m a programmer, and pirating means I can’t keep clothing and feeding the kids. 😜
Alternatively, consider finding free and open-source software (FOSS) alternatives if you’re budget-constrained in buying commercially licensed programs. FOSS applications are usually developed by a community of programmers and function just as well as their paid counterpart products. Although these projects may not be as polished as closed-source versions, they have the potential to be more secure because the source code is open for public review.
Whether you go the paid route, leverage FOSS applications, or some combination in between, selecting secure software is the final step in establishing your secure computer.
There’s an even larger threat to your laptop or mobile device’s security and your data privacy.
Selecting The Most Secure Computer Habits With These 9 Tips
In the security industry, the human in front of the screen is simultaneously the cause for a large attack surface and also the weakest link in the security chain.
Here are 9 unique habits and tips to help you keep the most secure computer system possible:
1. Smash Your Hard Drive
Since you’re buying a new secure computer, you’ve got to decide if selling your old one is with the security risk. I usually repurpose old laptops by wiping and handing them down to the kids to know where the hardware is going. The most secure way to handle an old machine is to remove the memory and hard drive and smash the chips (and magnetic platters for older hard drives). You can then properly recycle or dispose of the hardware.
2. Be Paranoid AF
When it comes to using a computer on the internet, you’re just one click or a poor decision away from being hacked. That’s why it’s important to be paranoid at all times when online. Pretend your computer, apps, and every site or service you use are already hacked. Make choices from that starting point of view.
3. Habitually Lock Your Screen (Or At Least Use Auto-Lock)
If you frequently step away from your computer, learn the shortcut key to lock your screen.
- Windows: Windows ⊞ + L
- Mac: Ctrl + Cmd ⌘ + Q
- Linux: Ctrl + Alt + L
- ChromeOS: Search 🔍 + L
Please: Do this even if you’re home or in an office setting. In public spaces, close your device and take it with you after locking the screen.
4. Watch Your Back: Pay Attention To Shoulder Surfing
In public spaces, sit with your back to the wall so no one can look over your shoulder. Alternatively, use a privacy overlay on your screen, limiting the viewing angle keeping your data more private.
5. Encrypt Everything Including Your Whole Drive
Fully encrypting your laptop’s hard drive or your mobile device’s onboard memory prevents hackers from mounting your storage if your device is stolen.
6. Use These Secure Browsers
Many people have the misconception that it doesn’t matter which web browser they use. Unfortunately, this isn’t true. We selected the best browsers for online banking (or any secure task). Take a look at these alternatives to Google Chrome, Microsoft Edge, and Apple Safari.
7. Don’t Use Passwords
The humble password is dying. I wrote this article detailing how to create secure passphrases (a short, long sentence) and even programmed a FOSS tool in that post to randomly generate your own passphrases. Please stop using and reusing passwords and put your passPHRASES into a password manager.
8. Passphrases Aren’t Enough: Two-Factor Authentation (2FA)
Multi-factor authentication is easy and saves a TON of headaches. We have a whole article dedicated to why two-factor authentication is necessary and how to get it.
9. Is Virus And Malware Protection Software Still Needed?
This is probably the most recited advice, but folks don’t keep their malware and operating systems updated. Look, operating systems and malware applications update themselves.
Windows Defender is included for you Microsoft laptop owners. macOS is a bit more secure from cyber threats but most malware companies offer mac versions of their software. I also researched the best open-source antivirus software though the options are pretty limited. In all cases, please keep your software updated.
Oh and a separate malware app is not necessary for mobile devices unless you frequently engage in risky online behaviors.