Android and ChromiumOS are likely the most trustable computing platforms out there; doubly so for Android running on Pixels. If you don't prefer the ROM Google ships with, you can flash GrapheneOS or CalyxOS and relock the bootloader.
Pixels have several protections in place:
- Hardware root of trust: This is the anchor on which the entire TCB (trusted computing base) is built.
- Cryptographic verification (verified boot) of all the bootloaders (IPL, SPL), the kernels (Linux and LittleKernel), and the device tree.
- Integrity verification (dm-verity) of the contents of the ROM (/system partition which contains privileged OEM software).
- File-based Encryption (fscrypt) of user data (/data partition where installed apps and data go) and adopted external storage (/sdcard); decrypted only with user credentials.
- Running blobs traditionally run in higher exception levels (like ARM EL2) in a restricted, mutually untrusted VM.
- Continued modularization of core ROM components so that they could be updated just like any other Android app, ie without having to update the entire OS.
- Heavily sandboxed userspace, where each app has very limited view of the rest of the system, typically gated by Android-enforced permissions, seccomp filters, selinux policies, posix ACLs, and linux capabilities.
- Private Compute Core for PII (personally identifiable information) workloads. And Trusty Execution Environment for high-trust workloads.
This is not to say Android is without exploits, but it seems it is most further ahead of the mainstream OSes. This is not a particularly high bar because of closed-source firmware and baseband, but this ties in generally with the need to trust the hardware vendors themselves (see point #1).
FWIW, I try to segregate my machines for different categories of behaviour - this laptop is for work, this one is for photos and personal documents, this one is for porn, this one is if I want to try something. But even still my trust in e. G. software vlan on my router and access controls on my NAS etc are limited in this day and age.
I feel today it's not about striving for zero risk (for 99.99 of people) , but picking the ratio of overhead and risk you're ok with. And backups. (bonus question - how to make backups safe in age of encrypting ransom ware).
My even shorter (and incomplete) summary of the document would be: configure your router and firewall; remove default passwords and crapware from your devices; use a lock screen; don't run as root; use a password manager and decent passwords; enable 2FA everywhere you can; enable anti-malware if your OS has it built it; don't run software from untrusted sources; patch regularly.
There are also other controls that you can choose to impose on yourself. For example, I require full-disk encryption, and I will only use mobile devices which get regular updates. Would be interested in hearing other things that HN'ers do to limit risk.
For the rest, I run a pretty esoteric setup (compiled-from-source custom configured linux kernel with no binary blobs; all software compiled from source, with no exceptions; aggressive, burdonsome-to-me privilege separation; chroots and VMs for various degrees of potential threat; etc). I have no illusions that it is perfectly safe. What I am comfortable with is that, in order to compromise me, you would have to know a lot about what I run and how I run it. I believe that I would have to be nearly individually targeted to extract any useful data from my machine, and that I am not nearly a valuable enough target for anyone to do so. I think you would have to be a state-level actor or someone with similar capabilities to compromise me, and none of them would care enough.
My security paranoia stems from extremely sensitive work I did as a lawyer long ago, but I am now so used to it that I carry on as a scientist, even though my current work is not nearly so sensitive (if at all). I give up a lot of convenience and some functionality to operate this way, so it is not for everyone. I am not an adversary to anyone, so outside state actors surely don't care about me. And my own government can just get a warrant and knock on my door, so they don't care about me either.
Embedded device firmware besides the bios is probably my main vulnerability, but if you're successfully getting at me through my hard drives or mouse, then I was surely an incidental rather than actual target.
For adversaries below the level of the US intelligence agencies, I run everything virtualized and compartmentalized with Qubes, the installation image for which I verified the dev-provided cryptographic signature matches. I try to rigorously avoid any software operated by Google, Amazon, Microsoft, Apple, Facebook, disable all JS by default in my LibreWolf browser, refuse to connect directly websites protected by cloudflare, audit source code for almost everything I run in userland, etc etc etc.
This is all for my personal machine. For work devices, I assume they're pwned even worse and I do nothing but actual work on them.
On the mobile side, GrapheneOS on a Pixel for my first phone, and a linux phone with hardware killswitches for bt/wifi, cam/mic, and baseband for my second phone.
All of this in addition to solid fundamentals like network traffic monitoring, very restrictive firewall, offline encrypted hardware password manager with no password reuse, etc.
If you’re worried about the impact to your broader organization (which is what most of the sophisticated threats tend to target), you should think about risk mitigation through the Swiss Cheese defense model. Each system is inevitably going to have holes, but layering them on top of one another will incrementally improve your coverage.
For instance:
- Your team should be trained about phishing attacks. But inevitably some will get through, so…
- You should implement 2FA in case a password is compromised. But a threat actor may be able to capture a 2FA-passed SSO session token, so…
- Production access should be limited to a small number of individuals. But even they might get compromised, so…
- You should programmatically rotate credentials to make old leaked credentials useless. But a newer one might be captured, so…
- Data should be sufficiently encrypted at rest and in transit, and…
- Your team should have an incident management system and culture in place to quickly respond to customer reported incidents and escalate it to the right level and…
- Audit logs should be tracked to understand the blast radius in case of compromise - and so forth
When you look at incidents like CircleCI and LastPass, a good security organization will understand that there was more than just one point of failure and should talk in detail about how they are shoring up each level.
At some point you just have to admit there's limits to privacy and work with them. You paper journal could be stolen and read / rewritten too, yaknow? It's not a new problem, its just in a new context.
I try to limit attack surface in the following ways:
- I only use M1 Macs as desktops. This reduces attack service in various ways. M1 Macs do not have anything like UEFI firmware, it all starts from the iBoot ROM and the whole chain is verified with signatures. The OS is on a sealed system Volume that is read-only and signed. Altogether, this limit firmware/OS attacks.
- I use a U2F key and/or the Secure Enclave of the Mac for credentials (SSH keys, 2FA). They are set up to require user confirmation.
- When possible, I will install applications from the Mac App Store, since they are sandboxed by default.
- I use separate work and private Macs.
- I clean and factory restore my Macs every few months.
- I use some tools like Knock Knock to see if there is anything suspicious.
Compromise is obviously possible, but I try to push it into 'mostly state actor' territory, because I am not interesting to most state actors.
https://www.qubes-os.org/intro/
For details on how I use Qubes specifically see: https://github.com/hashbang/book/blob/master/content/docs/se...
* Software: Canonical, Google, Microsoft, Valve, Oracle, Dropbox. I install software from their official repos and keep it up to date. Anything 3rd-party/unofficial/experimental/GitHub goes in a VM.
* Hardware: I built my main PC from mainstream commodity components. I have no way of knowing if there are secret backdoors but I consider it unlikely.
I use a password manager, I enable 2FA, I turn off things I don't use, and generally have a low-risk hygienic approach to computing.
I’m also privileged enough to not be a “person of interest” so don’t feel the need to take any extraordinary precautions.
Yes, I’m aware of VM escapes. Yes, I’ve read Reflections on Trusting Trust. I choose to trust regardless because life’s too short for paranoia. As Frank Drebin said:
“You take a chance getting up in the morning, crossing the street, or sticking your face in a fan.”
Fun story but my laptop was actually hacked remotely once, without me knowing.
It was almost 20 years ago, some would call me a script kiddie. Just trying to be bad ass, trying to live the movie Hackers. Had a stolen laptop running FreeBSD, with a wicked bootsplash just like the kids in the movie.
So you can imagine I was moving with the wrong crowds online, having little defacing wars with other groups and shit like that. Caught the wrong kind of attention.
I say that infosec comes naturally to me now but pobody's nerfect and back then I had re-used a password in a weakly encrypted service database, someone hacked this service, found my password, found my ssh logins to the servers, and traced backwards to my laptop.
I don't remember the details but somehow working back from one server, perhaps to another jumpserver, they were able to get the IP for my laptop and actually login to it.
Fortunately for me they didn't do anything but gather data, they posted this on a wall of shame saying "another hacker down". I say fortunately for me because I had thousands of customer's data on that laptop, including CC#'s for the business I was running at the time. They missed all this, and the very next day I reinstalled my laptop and reset all passwords on pure coincidence. I had no idea I had been hacked, I just felt like reinstalling for some other reason.
Found their wall of shame posting later and felt very much ashamed.
This thread has inspired me to setup a tripwire for my workstation. It's something I used to use many years ago but I think it's a good setup to have some sort of alerting if files start changing.
From there, take appropriate actions. For the vast, vast majority of us, that means using good passwords, updating software, and not running weird things from the internet.
If you’re worried about 0 click RCE in Chrome/Windows/iOS, you either should be getting better advice from folks outside of HN, or are being unrealistic about who is coming after you.
This is my computer, let me tell it what to do. I hate how much of my time is wasted by all this security stuff. Infinitely more so than had been wasted by actual malware over the last decade or so.
I don't want to have to spend 10hrs figuring out how to hide root from Android pay every time something upgrades. Please just let me have root on devices I own.
Ever since I started doing a lot of work in C where all the foot guns are intentionally left in I've had my eyes opened to how beautiful and fun computers can be when they aren't your fucking adversary.
"Security" that can't be disabled by the device owner is tyranny.
If you are a standard person and not doing any illegal, the information that you need to protect are mostly related to financial and personal standpoint. So you need to protect you bank/credit card/cryptowallet with encryption and/or MFA. For financial information, use the same criteria, according also to level of continentality that you want to achieve: it's stupid to encrypt your cat pictures, it may be worth to encrypt cipher your son pictures, it's mandatory to protect your health related files also with MFA. This is just to have an idea, you should make this exercise frequently (let's say every 6 months) and verify if the security controls are in place and have to be updated.
For my own devices, I am using this approach:
* Infrastructure: I am using a password manager with MFA for all my accounts and where is possible I have enabled MFA. I have Cloudflare ZT on my home network, so I am a bit protected against web threat. Moreover, I have a script that everyday download phishing and malicious feeds and update my router's ACLs. I am not exposing anything on public, all the services inside my house are accessible through VPN. My Chinese camera are heavy firewalled in a different VLAN and reachable only from specific host. Every device is upgraded to last version and no default passwords.
* Main laptop: is running Linux, so I am feeling a bit more safer during the web surfing. Anyway, I have an encrypted backup for important data over cloud, just to be ensure disaster recovery.
* Secondary laptop: is running Windows, I am keeping it regularly updated with scheduled MS Defender scans. My wife is mainly using it, but she is not installing anything without my approval (I am the admin of the laptop).
* Phone: Storage encrypted, access protected by strong PIN and no biometric. Applications are installed only from official stores and using a DNS blacklist. My phone has a native feature to reduce and auditing app permissions on a schedule and I am doing it by myself as well sometimes. In case I have to connect to an unencrypted public network, I am using a Wireguard VPN client.
Just my 2 cents, I hope to did not forget anything and be helpful.
All: patch, encrypt, backup, track power, isolate workflow by device/VM
Network: router with OSS firmware, workflow segmentation, reduce wireless
iOS: (>A12 SoC) Lockdown mode, Brave w/o JS, daily reboot
iOS: periodic reinstall from DFU mode, Apple Configurator / MDM policy
macOS: hardening script based on workflow, outbound firewall
Windows: Secured Core device + SystemGuard + App Guard VM isolation
Windows: HP device + SureStart (f/w check) + SureClick (browser VMs)
Linux: vPro device + QubesOS with Anti-Evil-Maid
Linux: generic device + non-persistent LiveCD OS imageI don't believe there is a way to be 100% certain, but if I had to go to a store and pick a new device with the lowest likelihood of being compromised, it would be a desktop, a laptop, or a tablet running ChromeOS[1].
[1] https://www.chromium.org/chromium-os/chromiumos-design-docs/...
Of course if you have large quantities of BTC or something then the answer is to get it off of your personal machine and setup a cold wallet that cannot be hacked, and stop installing clever looking crypto shit on your machine.
You can get one for not less than $5,500. https://www.raptorcs.com/content/TLSDS3/intro.html
The pivotal word in this question is "you". If you allow a third party, e.g., Google, Apple, Microsoft, a "Certificate Authority", etc., to decide "trust" on your behalf, then it is the third party that controls "trust", not "you".
A third party can tell "you" that "your personal machine" has or has not been "compromised". The third party can decide who to trust.
However, this is quite different than you deciding who to trust.
Under the trust models promoted by "tech" companies like the ones mentioned above, ultimately "you" are not supposed to be the one deciding trust. They want to do this for you.
Unfortunately, "tech" companies are themselves third parties and they may have commercial interests counter to yours.
- clean reinstall every month, just pick a new flavor of Linux to try out. (also helps ensure I have proper backups and scripts for setting up environment)
- Dev work I usually do in docker containers, easy to set up/nuke environments.
- Open source router with open source bios (apu2), firewall on it, usually reinstall once in a while.
- Spin up VMs via scripts for anything else. (games - windows VM with passthrough GPU for example)
- automatic updates everywhere.
[1] PDF: https://www.andrew.cmu.edu/user/bparno/papers/bootstrapping-...
I think its completely impossible to make sure your machine is not compromised. You can just take the best effort to keep it clean.
Try to use 2FA as much as possible. And try to shield the 2nd factor as good as possible from any connection to your other devices.
I was looking into things like GitHub Codespaces, I believe they're isolated per repository and integrated into VS Code, but I'd like something I could run on my machine or a server of mine.
All I can do is to start with a machine I believe to be "clean", and take measures to keep it that way (others have suggested suitable measures). But even a brand-new machine might have a compromised BIOS, or compromised firmware in some peripheral processor like the Wifi adaptor.
I don't know how to guarantee that a machine is "clean" to begin with, and I doubt anyone else does.
Like with driving, make an effort to lower the probability to wherever makes you comfortable, then just accept that there's a non-zero chance it wasn't good enough.
I understand that my "personal machine" - my body - is always compromised. I also have faith that no heinous actors are likely to try to compromise my body. But that is only because I am a nobody and have the good fortune to live in a safe place.
As for computers, I think the same logic applies. I have faith that no nefarious actors are striving to compromise my own machine specifically. But for many high-value targets, this would be a bad assumption. Witness the crypto thefts that have occurred by hacking individual's computers.
I am no expert in counter ciber espionage, but my understanding is that it boils down to a) reducing attach surface, b) using trusted hardware, and c) using ephemeral "machines".
The only option we are left with is to operate under the assumption that, indeed, our machines are permanently compromised.
I #BuildInPublic as much as possible on GitHub and GitLab and dedicate everything to public domain (http://pledge.pub/).
I have a number of computers and can be up and running on a new Macbook in under an hour.
I run multiple mirrored web sites.
I distribute crypto keys across ledgers and safety deposit boxes in multiple states.
Most importantly: I don't pay for insurance (except for mandated auto and homeowners). Instead, everyday I go out there and try to deliver as much good to as many people as possible, knowing that the best insurance when bad luck strikes isn't some check from some corporation, but the helping hands from your fellow neighbors.
For the rest, the thing is so complicated nowadays I can't really say anymore.
I spent my youth on 8 bit machines. At that time I was 100% certain there was no compromise. But nowadays,...
Android, on the other hand... I have installed apps I didn't know much about, and that store is full of malware, so I have no idea.
It is most likely compromised and I behave accordingly.
So I feel fairly confident about the machine firmware & OS. Less so about my keyboard for example. Also because i opt out of a lot of the securities (e.g. i download from homebrew rather than using app store apps), I can’t be sure i’m not being compromised.
Only half kidding, unfortunately.
So either my personal machine is not compromised, or they think the amount of crypto in the wallets is too low.
Jokes on them though, cause I am moving my crypto to a hardware wallet eventually
I think this guy had gotten my phone number from my HN profile and he thought I might be able to help him. He thought his android phone was infected by malware and he knew who did it. I told him the people who repair cell phones at the mall could do a system reset on his phone…. Unless he was dealing with state-level actors in which case it might be an advanced persistent threat and it might be permanent.
And since the video card is old and internet is spotty, brother Bitcoin miner and ransomware delivery man won't have much to win either.
The rest of automated attacks have to go through basic PC os protection (firewall, antivirus, hardware locks for unwanted code execution, etc).
It's the digital equivalent of "in god we trust"
And I don’t just have to be vigilant about what I do, but also about what my team has done. It terrifies me, and it’s a sad reality that my personal risk is reduced by the fact that if I fall victim, countless other teams will as well.
Second, unless you're in a situation where you've pissed off/threatened some rather large actors, you should be fine assuming you follow best practices for backup, software, update and password management and you avoid using things like cheap IoT devices to connect to your cloud services.
Third, when disaster strikes, keep calm, rely on backups, change affected passwords and notify others who might get affected.
I consider internet browsers to be a be a major backdoor risk and thus have none installed on my host OS. I only browse interwebs from VMs.
I don't trust my home network the same as I wouldn't trust an open public WiFi.
I don't assume everything is as secure as it could be and am taking redundant steps to ensure certain stuff.
Eben Moglen: The alternate net we need, and how we can build it ourselves:
I do trust iOS and iPadOS in Lockdown Mode, and I avoid installing apps, usually preferring web apps.
I have a Chromebook and I also trust that.
In all cases, I don’t wait to install available system updates - that might not be the best strategy, but that is how I do it.
* Using Yubikey PAM always as a 2FA for ssh,sudo (also on every Linux in my home network).
* Always require authentication on each sudo command (prevents escalating once and then reusing privileges).
* Only running Docker with sudo as recommended (requires 2FA now).
* Closing all traffic other than services I need with nftables.
Regularly look at the journalctl for suspicious activity.
When I first got my laptop, I installed a fresh copy of Windows 10, installed all my commonly used applications, configured all my settings, and then enabled UWF. On every reboot, it goes back to this clean snapshot, no matter what I do - And reboots are quick too (~10 seconds).
I'm never worried about making changes to my laptop to try them out (installing a new program, configuring obscure settings, etc). If I don't like it, I can get back to my clean state with a simple reboot.
Still vulnerable to BIOS-level malware though, I suppose.
(Note: I repeated most of this from a previous hackernews comment of mine)
Once Advanced Data Protection switches on globally "in early 2023" I'll have another compartment. But I assume that someone can access basically everything. You can have fun with it.
I also think what's happening on my devices is some of the least interesting parts of life, so, yeah, there's that, too. :)
I'm much more wary of systemic malware at lower levels that I don't have an opportunity to detect. There's not so much I can do about that other than try to use devices from vendors I trust (or distrust less) that have the least preinstalled software. Lobbying for open firmware or hardware is the long-term strategy.
I also use multiple machines: work, personal, gaming, and utility (Surface Go). E.g. I use the mouse configuration software on the Surface Go and only the mouse hardware with its configured profile on the other machines.
Ultimately I can't know I'm not compromised but don't lose sleep over something I don't have more control over.
As far as I know I did everything right, and someone called my bank with info we both believe they got from stealing from my paper mail and got access because they convinced some human at a bank's call center they were me.
Don't make it easy for people (rng passwords + password manager, 2fa, don't run as su, whole disk encryption, don't leave you computer unlocked, don't log into your bank on rando computers you don't control, don't use untrusted wifi). However, assume you already are compromised and will have to deal with it some day.
Once you think that way, you don't need to stress that much about getting the perfect hardware solution or being super paranoid - buy a device you like, and enjoy you digital life. Stuff happens sometimes and if it does you can deal with it ¯\_(ツ)_/¯.
I distro hop chronically on most of my machines. Sometimes multiple OS reinstalls across machines per week. Some installs have lasted a few months but it's rare.
I try to stick to official repos when I do reinstall, so I'm outsourcing that trust to the distro maintainers.
If it's on the disk, it's gone except for a few important files I keep in a self-hosted Nextcloud sync folder.
I use LUKS encryption to ensure leaving the laptop on the bus is a non-event. If it was ever in somebody's possession for very long (border, police, lost and found) I'd just put it in the garage and never touch it again.
Firmware malware is pretty uncommon, still, so I'm just hoping for the best there.
check that it's still there from time to time; any automated malware will slurp it up
Going from that assumption, I take care to keep encrypted backups of all of my important files both locally on another machine and remotely.
I also use two-factor authentication wherever possible, because I find it unlikely that the same attacker would gain access to both my PC and phone.
Additionally, I have a second phone with no SIM card that I use for some TOTP 2 factor accounts that I wish to remain especially secure.
Operating at the assumption that you have already been compromised allows you to prepare for the worst should you truly be.
So I trust that regular caution and OS security reduces the risk to an acceptable level but mostly I don’t fear anyone reading or destroying my data because I have backups and it’s not sensitive. Sure it would be scary from an integrity perspective, but not in any other sense. Even constant access to my machine and everything I do wouldn’t be a big risk.
So if I’m affected by a ransom Trojan (most likely scenario), I’m happy to just wipe my machine.
This is also why using an open source OS is so important. At least you can investigate why something is happening in the OS. Without the source you can only guess at what is happening.
[1]: https://wiki.archlinux.org/title/security
[2]: https://wiki.archlinux.org/title/List_of_applications/Securi...
In short: 1) secure bootup by locking up BIOS and encrypting your drive 2) set User Access Controls to the highest level 3) install up to date browser with appropriate addons (ublock)
I assume a freshly installed OS is compromised [1] and the hardware it is on is also compromised in the BIOS and firmware at very least by state actors but then I also assume those state actors have poorly vetted contractors that may also be compromised by other nations i.e. who pays the most gets access. I would not be surprised for a moment if they have competing backdoors that try to block one another. Since I can not control any of this I just imagine the national actors of the world are watching my screen and yawning. More likely the latest iteration of ECHELON AI is yawning. I instead focus on securing important externalities making bank accounts read-only from the web, not all banks will do this. I also diversify where my assets are stored and make a best effort to require physical access.
Beyond that layer I do all the usual hardening practices but that only goes so far as every browser likely also has intentional weaknesses in them. Even FireJail and SELinux/AppArmor will likely just happily relay malicious instructions. Addons may raise the bar keeping some script-kiddies off my machine but I never for a moment assume that it stops government contractors from relaying instructions to the backdoors in the hardware and/or OS and ultimately to the hidden CPU instructions that likely take multiple layers of obfuscated instructions to tickle meaning SandSifter will never find them.
The above is for PC's. For cell phones I assume FAANG are interactively on my phone and since most of them were initially funded by the government. I do not use it for anything sensitive. I also assume that all cell phones have backdoors added by their manufacturer. Each one does seem to dial home to different places and make unique DNS requests. Putting phones into developer/debug mode does seem to quiet them down which is the opposite than I would have expected so maybe they know someone may be watching. i.e. malware knows it's in a sandbox
Wi-Fi Access Points are a story in and of themselves.
Why should I care about state actors? That one's easy. The best contractors will have leaks in their OpsSec and for-profit companies will acquire the weaknesses and use them to do illegal and unethical things to citizens for a price and political, economic and a myriad of other motivations. I would not be surprised if some government actors sell off access and end up working for said companies.
[1] - https://news.ycombinator.com/item?id=34388990 [and hundreds of other threads]
The question is: is there some reason to trust, and the answer is: no.
In my opinion, any and all general computing devices sold to the mass consumer market are already compromised in some shape or form as they roll out from the factories -- otherwise such things would simply not be sold in large quantities.
You don't. They are all likely "compromised" to some extent. The vast majority likely have asymptomatic/latent state-sponsored vulnerabilities, if not on the machine itself, then in the network infrastructure it uses. For the most part, people might not consider them "malicious third parties".
Generally, it’s a bad idea to believe things without evidence, so I guess you can trust your computer isn’t compromised the same way you can trust no unicorns exist; there’s not any credible evidence to suggest it.
But random malicious code in user space? Well, I really just hope for the best :)
OS/app level: occasional AV scans, though I don't trust clamav as much as I trust Windows antivirus.
I should really properly set up secure boot on my desktop to make rootkits harder to install, but Linux and secure boot are just too much of a kludge.
"how can you confirm that your machine is not compromised" => "how can you check if your machine is already compromised?"
For the former, I don’t assume anything especially since I’m not an American citizen. I still believe with some certainty that my iPhone is safe from the government but not 100%
Until the day we get sandboxing, well-defined interfacing with user data and stuff in desktop computing...
Imagine the desktop's security model, if you can call it that, on mobile. It would be madness.
Thats also why 2fa is the first thing i configure after setting up a kubernetes cluster too.
If I see any anomalies, then that's a hint.
Note, you should not fully rely on this but rather as a starting point.
That is... I don't trust my machine.
I take reasonable precautions, but at a certain point you have to just live your life and deal with people who violate your boundaries in meatspace.
"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it."
Generally I don't install random software outside the official repos or AUR, but I do blindly trust those repos to not be compromised.
That being said, I don't think I could 100% trust a modern computing device to not be compromised, but since that isn't possible I also don't see it as actionable information.
"There is no way to really know if a computer is compromised" - Joanna Rutkowska
Any ways in which AI can already help?
Dont install weird exe or MSIs
Thats kinda it.
why do you even care? most of your files are either on apple's computers or google's computers
Best advice I have, for what it's worth is to wipe and reformat from a known clean image regularly. If you haven't been hacked yet, stands to reason you wont be hacked going forward.
That said, I often install packages I don't fully vet, and grant permissions I probably shouldn't, either in the name of curiosity (how else do we learn and experiment), or necessity.
I use Linux with lots of distributed sync and backups with e.g. Syncthing (plus copies of stuff NOT on sync thing)
Now, I'm aware many reading this are going to nerd out hard (like how the top comment now is "Android/Chromium" which I'm skeptical of but haven't done much homework on? Maybe?)
But because you said "personal machine"-- I'm thinking about my own threat model and my years of experience.
Thus, not going to much worry about, say, some obscure Linux-Stuxnet-thing, which not only is overwhelmingly unlikely, but also something I can't much do anything about beyond the solutions I mentioned above.
More likely, I can avoid stupid Windows and stupid Mac,and often stupid Web mess by what I'm doing now.