I’d like to talk about something very important with regards to computer security, and really computing in general. Computers are indeed complex machines, with many layers of working components working in tandem to present you with a useful and useable experience. Each one of the aforementioned “components” is a potential attack vector for an attacker. An attacker will try to poke holes in any possible way. While we can’t control what required components are needed for functional use of the computing environment, we can certainly limit how much extra information on top of that goes into our environment. To put it more simply, the less there is, the less can go wrong.
As a user, if you are aware of all of the applications on your system (whether that be your computer or mobile phone) you have a better idea and understanding of the data that is flowing in and out. This helps because when something does go wrong, or if an attack/threat is imminent, you can more easily pinpoint the source and target.
Even more importantly, users have to realize that sometimes applications actually build dependencies within each other. Users must always be careful of what they install. There are many (trusted) applications that are notorious for entrenching themselves and intertwining with the operating system – creating an even more complex web of interdependencies and interconnectivities.
I like to think of all this as it relates to cars. Take fuel efficiency and cleanliness out of the equation – modern cars have many moving parts, computer systems, and the like. You open the hood in a modern car nowadays and it’s like stepping into a jungle. In contrast, muscle cars of yesteryear are simpler machines and if there was an issue, you could more easily diagnose it and work on it. My point with computers is the same. I don’t mean that we should be stuck in the past, because computers get better and faster over time, but people should think “do I really need this app on my phone?” Remember, every single one of those apps is a potential attack vector.
The more technical terminology for this process is called “attack surface reduction” or ASR. Doing this closes all but the required doors on the system – whether that system be a network, or an individual laptop, phone or tablet. Ultimately, every digital asset out there has vulnerabilities that exist, and that will always be the case. There are many that we know of, but many more that are still unknown. By limiting the surface of potential exposure, we can contain attackers to smaller targets, and ultimately mitigate risk.
The takeaway here is simply to be minimalistic with your computing habits. Don’t leave your digital footprint out there for someone to steal. Take an inventory and get rid of what you don’t need. You can easily start by deleting unnecessary apps from your phone. Perhaps you may even be able to just use the website version instead of the app? In the long run your device will most likely run better, last longer, and you don’t leave yourself exposed to getting attacked or having your data stolen.