I do volunteer work doing software repairs on people's computers (I don't do hardware, I have a habit of frying motherboards). I am also slightly-to-moderately paranoid about data security. Anyway, here's how I set up other people's computers (and my computer) so that a. the computer is probably not going to get virused up, and b. if it's stolen then nobody's going to get anything good off of it. This assumes that you've got a PC.
Part I: Your computer is working fine
A: Program Security
1. Get an antivirus program, I recommend the free version of Avast because it's probably got all of the features that you want/need (in particular, it's got file and web shields, a boot-time scan, and the ability to make a rescue disk). I don't think that there's ever a reason for a home user to buy an antivirus program.
If you've already got an antivirus program that you're happy with, then keep using it. Otherwise, try Avast.
2. For intrusion prevention, you've got two options:
a. The easy solution is Windows Firewall + the free version of Sandboxie. Sandboxie lets you isolate a program so that it can't muck with the rest of the system, so that you can more or less safely run dodgy programs that you downloaded from Sourceforge or a more nefarious source.
b. The comprehensive solution is to install the free version of Comodo, which is a firewall, host intrusion prevention system (HIPS), and sandbox. If Comodo doesn't recognize a program then it will either block its execution or else run it inside of a sandbox, depending on your config settings. Comodo can be a bit of a beast to configure properly, but it's essential if clueless people (e.g. your kids) are going to be downloading programs to your computer.
B: Data Security (Plus Backup)
First off, you'll need at least two partitions: a relatively small System partition which has your operating system and non-secure programs, and your Data partition which has your data and secure programs. The reason is that you're going to be making an image of the System partition and so you don't want the stuff on the Data partition expanding the size of this image, and also you're going to be encrypting the Data partition but you're not going to be encrypting the System partition. In order to repartition your hard drive(s) without having to reformat, use the free version of Partition Wizard.
1. To encrypt the Data partition, use Diskcryptor - use all of the defaults (AES, no wipe). Don't encrypt the System partition as this will make it more difficult to perform backups.
I recommend putting "secure programs" such as web browsers on the Data partition in the form of portable apps, e.g. Firefox Portable or Chrome Portable - this way if somebody steals your computer then you don't need to worry about the integrity of your cookies, saved passwords, internet history, etc.
As a supplement to putting your browser on the Data partition, you can store your passwords using Lastpass - this way you'll be certain that you're never saving a plaintext copy of your passwords anywhere.
Note for the ultra-paranoid - the government can probably subpoena your encryption key (or beat it out of you if you're Serb). Previously the free program Truecrypt let you create an encrypted container with a hidden section on it, but this program has since been deprecated (there's a bit of dodgyness about this in that the developers were a secretive bunch and the program had just passed an independent security audit, so there's some speculation that the developers sold the program and then claimed that the previously free version was broken; so, use at your own risk). I'm not aware of any good free program that offers this functionality, but there are commercial programs that do (e.g. Bestcrypt). The way this works is that you create an encrypted container of size X encrypted with key K1, then within this container you have a second container encrypted with key K2 - it's impossible to tell that the two different sections of the container were encrypted with different keys. When you're forced to reveal the container's encryption key you reveal K1, and so the data encrypted under K2 is still safe. But again, this is way overkill unless you're planning on overthrowing the government or whatever.
2. To securely erase files from your unencrypted partition(s), use Eraser. You'll need to configure this program so that it uses Pseudorandom as the default wipe for files instead of the ridiculously overkill Gutmann wipe that comes as the default. (Definitely DO NOT use Gutmann on a flash drive.)
3. Use Paragon to back up your System partition to an external hard drive - then if things go horribly wrong you can just restore from a backup. For backing up data from the Data drive, use an encrypted external hard drive and then use Puresync to sync your files.
Part II: Your computer is ****ed
This is assuming that you don't have a good backup.
1. Start with using an antivirus cd, such as Kaspersky.
2. To get data off of your computer prior to a reformat, use a live cd - I recommend Hiren's Boot CD because it's got a GUI (not a given with a live cd) and comes as a pre-built ISO (typical for Linux-based live cds, pretty much unheard of for Windows based live cds; Hiren's can read/write NTFS, so its Linux-ness doesn't really matter). Pull your data from your computer, and if you're feeling ambitious then try mucking around with the rescue tools. If you're feeling even more ambitious then you can build your own Windows boot cd, e.g. Ultimate Boot CD For Windows or LiveXP - these aren't pre-built ISOs, instead you need to furnish your own Windows XP cd and build a live cd out of it.
3. Reformat and reinstall your operating system.
Part I: Your computer is working fine
A: Program Security
1. Get an antivirus program, I recommend the free version of Avast because it's probably got all of the features that you want/need (in particular, it's got file and web shields, a boot-time scan, and the ability to make a rescue disk). I don't think that there's ever a reason for a home user to buy an antivirus program.
If you've already got an antivirus program that you're happy with, then keep using it. Otherwise, try Avast.
2. For intrusion prevention, you've got two options:
a. The easy solution is Windows Firewall + the free version of Sandboxie. Sandboxie lets you isolate a program so that it can't muck with the rest of the system, so that you can more or less safely run dodgy programs that you downloaded from Sourceforge or a more nefarious source.
b. The comprehensive solution is to install the free version of Comodo, which is a firewall, host intrusion prevention system (HIPS), and sandbox. If Comodo doesn't recognize a program then it will either block its execution or else run it inside of a sandbox, depending on your config settings. Comodo can be a bit of a beast to configure properly, but it's essential if clueless people (e.g. your kids) are going to be downloading programs to your computer.
B: Data Security (Plus Backup)
First off, you'll need at least two partitions: a relatively small System partition which has your operating system and non-secure programs, and your Data partition which has your data and secure programs. The reason is that you're going to be making an image of the System partition and so you don't want the stuff on the Data partition expanding the size of this image, and also you're going to be encrypting the Data partition but you're not going to be encrypting the System partition. In order to repartition your hard drive(s) without having to reformat, use the free version of Partition Wizard.
1. To encrypt the Data partition, use Diskcryptor - use all of the defaults (AES, no wipe). Don't encrypt the System partition as this will make it more difficult to perform backups.
I recommend putting "secure programs" such as web browsers on the Data partition in the form of portable apps, e.g. Firefox Portable or Chrome Portable - this way if somebody steals your computer then you don't need to worry about the integrity of your cookies, saved passwords, internet history, etc.
As a supplement to putting your browser on the Data partition, you can store your passwords using Lastpass - this way you'll be certain that you're never saving a plaintext copy of your passwords anywhere.
Note for the ultra-paranoid - the government can probably subpoena your encryption key (or beat it out of you if you're Serb). Previously the free program Truecrypt let you create an encrypted container with a hidden section on it, but this program has since been deprecated (there's a bit of dodgyness about this in that the developers were a secretive bunch and the program had just passed an independent security audit, so there's some speculation that the developers sold the program and then claimed that the previously free version was broken; so, use at your own risk). I'm not aware of any good free program that offers this functionality, but there are commercial programs that do (e.g. Bestcrypt). The way this works is that you create an encrypted container of size X encrypted with key K1, then within this container you have a second container encrypted with key K2 - it's impossible to tell that the two different sections of the container were encrypted with different keys. When you're forced to reveal the container's encryption key you reveal K1, and so the data encrypted under K2 is still safe. But again, this is way overkill unless you're planning on overthrowing the government or whatever.
2. To securely erase files from your unencrypted partition(s), use Eraser. You'll need to configure this program so that it uses Pseudorandom as the default wipe for files instead of the ridiculously overkill Gutmann wipe that comes as the default. (Definitely DO NOT use Gutmann on a flash drive.)
3. Use Paragon to back up your System partition to an external hard drive - then if things go horribly wrong you can just restore from a backup. For backing up data from the Data drive, use an encrypted external hard drive and then use Puresync to sync your files.
Part II: Your computer is ****ed
This is assuming that you don't have a good backup.
1. Start with using an antivirus cd, such as Kaspersky.
2. To get data off of your computer prior to a reformat, use a live cd - I recommend Hiren's Boot CD because it's got a GUI (not a given with a live cd) and comes as a pre-built ISO (typical for Linux-based live cds, pretty much unheard of for Windows based live cds; Hiren's can read/write NTFS, so its Linux-ness doesn't really matter). Pull your data from your computer, and if you're feeling ambitious then try mucking around with the rescue tools. If you're feeling even more ambitious then you can build your own Windows boot cd, e.g. Ultimate Boot CD For Windows or LiveXP - these aren't pre-built ISOs, instead you need to furnish your own Windows XP cd and build a live cd out of it.
3. Reformat and reinstall your operating system.
Comment