DrunkenSleipnir in his Gmail hacked from China IP thread wrote:
I follow the 'rules' - unique, hard passwords, safe browsing habits, etc. I even have java and flash disabled on all websites by default.
Some really cool guy wrote:
Speaking of which - is there anywhere out there that has a good, succinct list of "the rules" to share with normal end users?
If not, perhaps we should write one. Something simple, direct, and opinionated instead of generic and passive voiced.
Numerous people, paraphrased wrote:
Great idea, cool guy!
This is the thread where people submit their "rules" for safe personal computing, and we discuss them. The goal at the end of this is to have a list worthwhile of being handed to non-techie computer users and saying, "here, read this". As such, the focus on rules is to be simple, clear, brief, direct action items (do this, don't do that, rather than vague descriptions of security issues). Some rules will be broadly applicable and some will be OS-specific.
Because some good suggestions will inevitably be a bit beyond the scope of Grandma's computer ability, we'll have a "More Advanced Rules" list addendum at the end. When someone brings up NoScript, for example, that's where that will go.
The rules are to be opinionated. By that, I mean "use a good antivirus" is a bad rule, because it requires (a) knowing what software falls under "antivirus" and (b) being able to evaluate them to know which ones are good. Finding a consensus on opinions is what this thread is for. But since we've pretty much hammered out this one in previous threads, I'll make it the first rule submission:
* (Windows): Download and install Microsoft Security Essentials