“A nearly impenetrable thicket of geekitude…”

Schneier on Safe Personal Computing

Bruce Schneier is a well respected professional paranoid (“internationally renowned security technologist” is the way his web site puts it). He recently updated his list of tips for safe personal computing after a gap of a few years. Both old and new lists are full of sensible things you can do to make yourself more secure: if you do these things, you will be more safe. If you don’t do these things, you should at least have a rationale ready.

This year’s list is about 50% longer than the May 2001 version; I guess that doesn’t surprise me, as the environment has taken several steps in the direction of “more evil” since then. For example, phishing for bank account information was relatively unknown “way back then”. In the last year or so, this particular attack has grown by a factor of twelve (or more, depending on who you listen to) to the point where there are so many of these things in my inbox that it is sometimes hard to believe that anyone is taken in any more.

Having said which, the really interesting thing about the new list is that it is mainly the same as the old list. There are a couple of new things (buy a cheap NAT firewall box for home, don’t ever use Internet Explorer) but most of the changes seem to be rewording, clarifications and more detail.

I would personally be very interested to see Bruce’s own take on what he thinks has changed over the period. I’d also like to see him renew this list regularly. The only thing I worry about is that if the environment continues to get more hostile and nothing else improves, we are likely to need a list with just one entry: Trust No One.