A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |


This website is huge, so if you read nothing else here, always remember these most basic rules of the road.

Act accordingly. If there were a contest for the most useful advice in the fewest words, the above would be my entry.

Expressing basically the same sentiment, a March 2022 article in the Washington Post suggested: "To avoid a scam using the conflict in Ukraine ... start with the premise that every direct message, link, email or text is fake and work from there. This should be your default response to any contact you did not initiate".


Do not re-use passwords. I know this is hard as it requires a system for managing the dozens of passwords we all need to keep track of. At the least, use different passwords for the most important accounts. Which accounts are the most important is up to you but certainly financial and email. I wrote a long article on passwords, The worlds best password advice where I introduce the concept of a password formula. It can provide reasonably secure, reasonably unique passwords that are easy to remember and safe to write down on paper.

The same advice applies to email addresses, the more the better. There is no simply answer to this however. The available options are on this site, here: Multiple Email Addresses.

Non-technical computer users should use a Chromebook. Compared to all other mainstream operating systems, ChromeOS (the name of the operating system on a Chromebook) is much more secure and requires no care and feeding. Also, no viruses.

As a rule, avoid software from Microsoft.

If you are prompted to install software, don't do it. This advice comes from Brian Krebs. Non techies can be easily scammed into installing malicious software because they don't know what software is really needed to perform any given task. The safest thing is to just say no.

Advice from the mainstream media, such as the New York Times, the Washington Post and the Wall Street Journal is frequently bad. For whatever reason, they hire reporters, not nerds. You should not take technical computer advice from anyone without a technical computer background. No one writing for the mainstream media has a technical computer background. They may mean well, but they are rarely qualified to offer an opinion.

Some companies have behaved badly and the Defensive Computing thing to do is avoid their products.

  1. Western Digital and SanDisk fall into that category according to this August 2023 article. WD refused to answer our questions about its self-wiping SanDisk SSDs by Sean Hollister for The Verge. "For months, the company has been laughably silent about how its pricey portable SanDisk Extreme SSDs might lose all your data ... Months after our inquiries, Western Digital continues to sell these drives due to deep discounts, fake Amazon reviews, and issues with Google Search that rank favorable results far higher than warnings about potential failures." This issue has generated three lawsuits. "Western Digital was already forced into a class action settlement over a previous questionable practice: in 2020, the company brazenly tried to sneak SMR drives into its WD Red lineup marketed for network-attached storage devices. The company paid $5.7 million to settle those claims."
  2. If you are buying a printer, probably best to avoid HP. For more, see the Printers page here.

If you depend on a VPN for privacy, do not use iOS devices. Apple sends data to their own servers outside of the established VPN tunnel. This has been ongoing for a long time and Apple can not be shamed into doing the right thing.

For secure messaging use Proton Mail or Tutanota mail. Both email systems offer normal webmail so they can be used on a Chromebook in Guest mode to insure that they leave no traces behind. There is no need for a secure messaging app. Any app that runs on Android or iOS will never be as secure as a Chromebook, especially in Guest model. With each company, messages between their customers are secure by default. The public and the companies can see the FROM and TO email addresses but they can not see the body of the messages. Proton can also not see into any attached files. Not sure about Tutanota. Both companies offer free accounts that you can sign up for anonymously.


  1. A stranger wants remote access to your computer.
  2. You are prompted, out of the blue, to install some software. As Brian Krebs says "If you didn't go looking for it, don't install it!"
  3. You must act immediately or the Earth will stop spinning and all humans will fly off into space and die. OK, slight exaggeration to make a point. The point being that scams pretend that you must act quickly so that you don't have time to take a breath and question things.
  4. Official agents of the U.S. government will never message you on Facebook, WhatsApp or any other social media or messaging app. If you think you are being contacted by the U.S. government the best thing to do is to contact the agency directly.
  5. The person contacting you knows so much about you that they must be legitimate. No. As a result of far-too-many data breaches, the bad guys know a lot about you.


Any time you are asked to pay for something with a gift card,

it is a scam. Here we see a drug store that fought back against these scams.


And, again

Rules of the road

Act accordingly.

 This page: 10 views per day (over 404 days)   Total views: 4,063   Created: August 16, 2022
This Page
Last Updated

August 29, 2023
Site Page

Site Page

Website View

3.6 minutes ago
Website by
Michael Horowitz
Website Average Daily Page Views: August 2023: 558   See the website change log
Copyright 2019 - 2023