Originally Posted by
Aouzr32
Hello,
I have quite a few questions, so I'll try not to ramble on for too long...if someone knows the answer to one of my questions but not all, feel free to give me some partial help. I'm fairly new to security, so I've been trying to teach myself a lot of stuff, but these are some questions that I haven't been able to find definitive answers to.
I'm on Windows 7 Home Premium, running Norton.
Ditch Norton, install Avast. Norton lacks useful heuristics, and has a really shitty record with software incompatabilities. Avast is also free.
Okay, so my basic situation is: Despite the fact that I'm 19, my dad has decided to monitor everything I do on my laptop (I'm currently in college, but living at home). So I'm trying to set up a general package of security measures that will prevent him from keeping track of what I do (honestly I'm not doing anything that bad, I just have issues with him invading my privacy). He has my laptop password, so he has the ability to install software and stuff on my laptop without me knowing. Here's what I have set up so far: I've used Spybot Search & Destroy, Malwarebytes Anti-Malware, and a little program called kl-detect which claims to detect keyloggers - all came up clean. I access the internet with Google Chrome in Incognito mode, and use the Tor Project for anonymity. Every week or so, I use BleachBit to wipe temporary files, mru lists, etc. and then wipe my free disk space to remove any traces of deleted files. So my first question is: are there any holes in this protection scheme? What else should I be doing to ensure my privacy?
Chrome is insecure and leaks information even in Incognito mode. IE is the best option for "private browsing." Opera is also a good choice.
Now some more specific questions:
1. I know there are a lot of security problems with the Tor Project, particularly at the exit nodes. Should I be okay as long as I am careful to use SSL for sensitive information?
If you're concerned about your father seeing things, Tor will prevent easy snooping over the network unless he is somewhat advanced. Tor and SSL *will not* prevent a local sniffer from watching you.
And on that subject, when I log into Facebook the default is http, however I read that you can use https just by changing the web address, if the website supports it. The problem is that I have https on the login page, but when I login it takes me to an unsecured page. So are my username and password sent using SSL, or not?
Credentials are sent via SSL, session cookies are in the clear. You're ****ed either way.
2. My dad doesn't have them set up yet, but he's planning on putting parental controls on our router (maybe on my computer too, I don't know). People seem to think that the Tor Project or a proxy server will circumvent these, but I'm not sure I understand why. If the parental controls are based on a block list, it seems like it should work. If they scan the content of a page to determine whether to block it, how can a proxy overcome this? Really shouldn't the router be able to see everything that comes through it, even if it doesn't know where it came from? For example, even though the router can't tell I'm getting a page from google.com, can't it see an HTML file that looks like google.com come through? And is it possible for someone to view these pages?
If you're using Tor, nothing from the session can be viewed at the router other than the encrypted stream which does not disclose anything that would trip parental controls. However, it is simple to filter the allowed ports so that Tor will not work. On a purely SSL connection, only the headers can be seen; source, destination, etc.
3. Everyone says that Flash is a major vulnerability in Tor - since I use youtube a lot, this is a bit of a problem. I always assumed that youtube sent me an swf file over the same connection as everything else. But it sounds like Flash establishes its own direct connection between youtube and me? Am I understanding this correctly? Is there any way to overcome this problem?
Use of a VPN can overcome this, all network traffic is routed through the VPN. Still vulnerable to local attacks/monitoring.
In general, I'm primarily concerned with the security of my own computer and the ability to hide my internet traffic within my house - I'm not doing anything illegal, so it doesn't matter if my ISP or people can keep track of what I'm doing. Any advice will be greatly appreciated!
Thank you very much! I hope I haven't scared you all with the length of this message!