RaazNet

RaazNetBeta

KNOWLEDGE BASE
On This Page

Desktop OS Hardening and Malware Prevention

Comprehensive guide to securing Windows, macOS, and Linux environments against state surveillance, malware, and physical seizure, specifically tailored for the Iranian threat landscape.

Time25 minutes

Desktop OS Hardening and Malware Prevention

For users in Iran, desktop security is a dual-front battle. You must defend against remote threats—such as state-sponsored malware, phishing campaigns, and fake VPNs—while simultaneously hardening the device against physical seizure by security forces.

This guide consolidates best practices for Windows, macOS, and Linux, focusing on reducing your "attack surface" (the number of ways an attacker can get in) and mitigating the risks of using technology in a high-surveillance environment.

I. Universal Hardening Principles

Regardless of your operating system, these fundamental principles apply.

1. Full Disk Encryption (FDE)

Physical seizure of laptops at checkpoints, during raids, or border crossings is a primary threat in Iran.

  • The Rule: Encryption must be enabled. A password/passphrase is useless if the hard drive itself is not encrypted.
  • The State: When a device is powered off, encryption keys are cleared from RAM (in most modern setups). Always power down your device completely (do not just put it to sleep) when transporting it or if you suspect a raid is imminent.

2. The Danger of "Cracked" Software

Due to sanctions and lack of international payment methods, the use of cracked (pirated) software is the norm in Iran.

  • The Risk: Cracked software often comes pre-packaged with malware, keyloggers, or backdoors. It also cannot be updated, leaving known vulnerabilities open forever.
  • The Solution: Switch to Free and Open Source Software (FOSS).
    • Replace Microsoft Office with LibreOffice.
    • Replace Adobe Photoshop with GIMP or Krita.
    • Replace Cracked IDM with FDM (Free Download Manager).

3. Software Updates

State-sponsored hackers exploit "zero-day" or known vulnerabilities in outdated software.

  • Action: Enable automatic updates.
  • Challenge: If update servers are blocked by censorship or sanctions, route your connection through a trusted VPN/Tor to ensure updates are applied.

4. Account Privileges

  • Principle of Least Privilege: Do not use an "Administrator" account for daily tasks.
  • Setup: Create a secondary "Standard" user for daily use. If malware tries to install itself, it will fail because it lacks the necessary permissions to write to system files.

II. Windows Hardening

Windows is the most targeted OS globally and within Iran.

1. System Protection

  • Version: Ensure you are running a supported version (Windows 11 or later). Windows 10 is no longer safe if it has reached End of Life.
  • Microsoft Defender: Use the built-in Microsoft Defender. It is sufficient for most users and integrates better than third-party tools that may collect data.
  • SmartScreen: Ensure "App & Browser Control" is enabled to block unrecognized apps.

2. Privacy & Telemetry

Microsoft collects vast amounts of usage data.

  • Local Account: During setup (or via Settings), use a Local Account instead of a Microsoft Account. This prevents your activity from being synced to Microsoft's cloud.
  • Debloating: Uninstall pre-installed bloatware (games, news apps) that increase attack surface.
  • Disable AI Features: Turn off "Copilot" and voice recognition features that may record screen activity or audio.

3. Network Security

  • Firewall: Ensure the Windows Firewall is active. Set your home network to "Private" and all other networks (cafes, universities) to "Public".
  • Extensions: Enable "File Name Extensions" in Explorer. Attackers often name files document.pdf.exe. By default, Windows hides .exe, tricking you into clicking.

4. Advanced Hardening (Hardentools)

For high-risk users, use Hardentools (a utility by Security Without Borders). It disables risky Windows features (like PowerShell, CMD, and Office macros) that are rarely used by average people but frequently used by malware.

III. macOS Hardening

While macOS is robust, it is a target for advanced spyware like Pegasus (often used by regional adversaries).

1. Lockdown Mode

Introduced in iOS 16/macOS Ventura, this is the single most effective protection against mercenary spyware.

  • What it does: Blocks message attachments, disables complex web technologies, and blocks unsolicited FaceTime calls.
  • Recommendation: If you are an activist or journalist, enable Lockdown Mode. The usability trade-off is minimal compared to the security gain.

2. FileVault

  • Action: Go to System Settings > Privacy & Security > FileVault and turn it ON.
  • Recovery Key: Do not store your recovery key in iCloud. Write it down physically and store it securely. If your iCloud is compromised, your encryption is bypassed.

3. Gatekeeper & Firewall

  • App Source: Set "Allow apps downloaded from" to App Store and known developers only. Never override this for an app sent via Telegram.
  • Stealth Mode: Enable the Firewall in settings and check "Enable Stealth Mode" to make your Mac invisible to ping requests on public networks.

IV. Linux Hardening

Linux is recommended for high-risk users due to its auditability, but "Linux is secure by default" is a myth.

1. Distribution Choice

  • General Use: Ubuntu LTS or Fedora (good hardware support, predictable security updates).
  • High Risk: Qubes OS (security through compartmentalization) or Tails (amnesic system) for sensitive operations.

2. Full Disk Encryption (LUKS)

You must select "Encrypt drive" during the installation process. It is very difficult to enable FDE after installation.

3. Firewall (UFW/Gufw)

Linux distributions often ship with the firewall disabled.

  • Command: sudo ufw enable
  • GUI: Install gufw for a visual interface. Deny incoming traffic by default.

4. Sandboxing

  • Flatpak/Snap: Prefer installing apps via Flatpak or Snap rather than downloading .deb or .rpm files from websites. These formats offer better sandboxing (isolation) from the rest of the system.

V. Malware Prevention Strategies

In the Iranian context, malware often enters via "social engineering" (tricking the user) rather than hacking the system directly.

1. The "Fake VPN" Threat

The most common malware vector in Iran is fake censorship circumvention tools.

  • The Trap: Files named Anti-Filter-High-Speed.exe or VPN-Free.apk circulated on Telegram or WhatsApp.
  • Prevention:
    • Never download VPN installers from Telegram channels.
    • Get software only from the developer's official domain (e.g., getlantern.org, torproject.org).
    • Verify the PGP signature or SHA256 hash of the installer if available.

2. Browser Hardening

The browser is your primary window to the internet.

  • Block Malvertising: Install uBlock Origin (not just "uBlock"). It blocks ads that serve malware and scripts that track you.
  • Pop-ups: Ensure pop-up blockers are active. Never click "Update Chrome" from inside a web page.
  • HTTPS Only: Enable "HTTPS-Only Mode" in Firefox or Chrome to prevent SSL stripping attacks.

3. Document Sanitization (Dangerzone)

Attackers often send malicious PDFs or Office docs (e.g., "Court Summons.docx" or "Protest_Plan.pdf").

  • Tool: Use Dangerzone.
  • How it works: It takes a suspicious document, converts it into harmless pixels in a secure sandbox, and outputs a safe, clean PDF. This kills any embedded scripts or exploits.

4. USB Hygiene

"Sneakernet" (passing files via USB) is common when the internet is down.

  • Risk: USBs can carry automated malware.
  • Mitigation:
    • Disable "AutoPlay" or "AutoRun" in your OS settings.
    • Use a USB Data Blocker if charging your phone from a computer.
    • Format USB drives regularly.

VI. Incident Response: If You Are Compromised

If your mouse moves on its own, your webcam light turns on, or you find new "Admin" accounts:

  1. Disconnect Immediately: Pull the Ethernet cable and turn off Wi-Fi/Bluetooth.
  2. Do Not Login: Do not type passwords; a keylogger may be active.
  3. Sanitize:
    • For minor infections, boot into "Safe Mode" and run a scan with Microsoft Defender or Malwarebytes.
    • For suspected state spyware: Wipe the device. Reinstall the OS from a clean USB created on a different, safe computer.
  4. Hardware Check: If the device was out of your possession (e.g., seized and returned), assume the hardware has been tampered with. It should no longer be used for sensitive work.

Checklist for Iranian Users

  • Encryption: Is my hard drive fully encrypted (BitLocker/FileVault/LUKS)?
  • Updates: Is my OS set to auto-update? Do I have a VPN that allows these updates?
  • Antivirus: Is Microsoft Defender (Windows) or a Linux firewall active?
  • Software: Have I removed all cracked software and replaced it with FOSS?
  • Browser: Is uBlock Origin installed?
  • Physical: Do I power off my device completely before traveling through checkpoints?
Source:
Edit

Was this article helpful?

Your feedback helps us improve our wiki content.