We all struggle to find the right balance of productivity and security. If you search the internet you will find stories and articles about the dangers of downloading an application. After reading these stories you will be very uncomfortable with installing any application. However, using applications is the very point of having a computer. This post will help you to find the right balance between security and productivity when running an application on your home computer and in an enterprise.
If you have the right information, it is easy to make the right decision. You need to know the source, the author, the reputation, and alternatives of an application.
The source of the application is very important. You would not buy your new watch in a shady alley without papers. The same goes for any software. Download applications directly from the platforms’ store. Microsoft Store on Windows, App Store on OSX and your favorite package manager on Linux. Using built-in stores have many other advantages. Applications downloaded from the store kept up-to-date automatically. The store protects your privacy by forcing applications to ask for your consent for many things such as to use your camera or access your location information. If the application is not available in the store your next best option is the author’s web page.
Reputation is a way to share the burden of diligence work. Both Windows or OSX have built in tools to get the reputation of a software. On Windows you have SmartScreen and Windows Defender. SmartScreen not only looks at the executable, but also the download URL to flag low reputation sources and files. Pro tip you can use SmartScreen in Chrome by downloading an extension called “Windows Defender Browser Protection”, Edge has it built-in. Defender Anti-Virus also flags malicious executables for you. In fact, most AV product will highlight applications that are shady as “PUA” (Potentially Unwanted Application) or as a malware. Similar built-in tools exist on OSX called Gatekeeper and XProtect. XProtect blacklists known bad software and Gatekeeper whitelists known good software. If you want to be on the safe side, go to Security & Privacy in System Preferences and on the General tab change “Allow apps downloaded from:” to “App Store”. This will prevent running any applications that has not been scrutinized by Apple.
When you run a program on your computer, you effectively share your computer with the author of the application. He can do what you can do with your computer that includes banking, bitcoin mining or encrypting all files. You would not share your computer with a stranger on the street, yet we all run strangers’ code every day. Try to stick with companies that are large enough not to be bothered with your bank account, or with people who are well known altruists. Major opensource projects fall into the second category and paid for applications in the first category.
The best software is the one that comes with your computer. You will be surprised by the quality and quantity of the built-in tools in OSX and Windows. A quick google search opens many well-hidden secrets like screen recorder built into Windows, or a hidden text summarizer on OSX. Many applications are available in your favorite browser leaving you with much more control over what the provider of the application can do with your computer. Giving preference to web applications over traditional installed applications is good for security and helps running your computer smooth. Modern applications are often written for the web and adapted to run locally later.
To sum it up: Use AV and install browser plugin, download from App/Microsoft Store, go for the big names and use built in tools. By taking these reasonable steps you can get things done without sacrificing security and privacy.