Defensive Computing for email attachments

Credit to Author: Michael Horowitz| Date: Wed, 15 Mar 2017 12:12:00 -0700

Email attachments remain an effective way to infect/compromise computers because people trust them too much. Blindly opening them is easy, simple and quick, but, it’s also not secure. What is secure?

Never open email attachments using Microsoft Office or Adobe’s PDF reading software.

Really should go without saying at this point.

Never open attachments on a Windows, Mac or Linux computer you care about or use regularly.

These old desktop systems are simply not as secure as more modern operating systems.

The safest computers for opening suspect files run iOS or Chrome OS.

For iOS folks, it is safer to open email attachments on a iPad rather than your iPhone. Since perfect protection is impossible, the iPad can function as a sacrificial lamb. Better it get hacked than your phone. 

For Chrome OS, it is safest to open attachments in Guest Mode.

While Chromebooks normally require you to logon with a Google account, Guest Mode does not. So, even if you don’t use Gmail, you can still use Guest Mode as long as your email system offers a web based interface.

Guest mode is somewhat like private browsing mode (Chrome calls it Incognito Mode) on steroids.

Like private mode, it removes all traces of your activity when you are done. However, it is an attribute of the operating system, not the browser, so it also removes files you downloaded, unless you specifically copy them to a USB flash drive or, if the Chromebook supports it, to a flash memory card.

Just as importantly, Guest Mode starts you off with a fresh clean copy of the operating system. No bookmarks, no browser extensions, nothing but Flash*.

Guest Mode also blocks the installation of extensions making it much less likely the browser will pick up anything malicious. But, even if the browser does get infected, there is nothing about you to leak; no browsing history or saved files. It’s like running a Live edition of Linux off a CD/DVD.

Security is always going require some inconvenience. We each have to decide for ourselves how much of a hassle we are willing to endure for the extra security. The more important you are, the more secrets you know, the more these Defensive Computing steps make sense.

If nothing else, let this be a reminder that a large percentage of computer infections come from email attachments. They are the modern Trojan Horse and should be treated as such.

Hat tip to Matthew Green: Secure computing for journalists.

– – – – –

*NOTE: Flash is technically a Chrome plugin rather than an extension. The default setting in Guest Mode is “Detect and run important plug-in content” which translates to: run it sometimes. Flash can be blocked by default in Guest Mode by changing a setting. From Chrome, click the three vertical dots -> Settings -> Show advanced settings -> Gray Content settings button -> Flash. Change the setting to “Block sites from running Flash”. This is, however, just the default behavior. An individual Flash app can run in Chrome OS by Alt-clicking on the light gray puzzle piece that replaces Flash content and opting to “Run this plugin.” Like everything else you do in Guest Mode, this setting is not saved, so if you want to block Flash by default, you need to make this change each time you logon in Guest Mode.

– – – – – 

Now that Computerworld, and all of parent company IDG’s websites, have eliminated user comments, you can still provide feedback two ways. Privately, email me at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput.

http://www.computerworld.com/category/security/index.rss