Cryptoholders, switch to Linux; Windows malwares growing exponentially

I am going to write a series of posts about security and privacy - from operating system to secure online storage to PGP encryption and more. This first one is about the right operating system. Stay in touch for future posts.

A reddit user submitted a post about getting 13 BTC stolen while transferring BTC to a friend's address. Apparently a malware got access to the user's clipboard and changed the originally copied destination address to the scammer's. If it is true, the malware managed to steal 254.00360536 BTC.

As almost all consumer PCs run Windows, hackers would normally want to target largest audience thus making Windows a vulnerable OS. Many users also use cracked (without legit license) Windows as well as other softwares. Some of the cracking utilities are just malwares/viruses. In addition, third-party software on Windows and OS X provided as standalone installs on multiple websites and over removable media. That's where the problem in some cases starts. Windows 10 itself is deemed by some to be a malware. In order to generate more ad-revenue Windows is becoming more and more privacy invasive.

Linux is open source and community driven operating system. Thus, many people get to work on the code and find out the problems and security holes with it which they can report to the developers (or patch them by themselves and distribute), which they mostly do. This makes eradicating most security loopholes easier as compared to other operating system which make Linux more secure.

Remember this, though, Linux is very secure, but not entirely secure. Nothing is impossible in computer world. For everyday crypto usage, best practices include, but not limited to:

• Use a dedicated Linux distro (in a different PC or hard drive) only for crypto
• Encrypt entire HDD (using LUKS, for example); both encryption and user login password need to be strong
• Install only wallet applications; install no other apps
• Use hashed password for all your online accounts; Choose an easy-to-remember phrase and modify slightly depending on website/account. For example, your phrase is this$is$unhackable. Now add to this a few characters depending on account type like this$is$unhackable$BTC for BTC, this$is$unhackable$STEEM for Steem, etc. Now, hash the whole phrase. On Linux, run the command echo -n this$is$unhackable$BTC | md5sum. The command returns 9e925e9341b490bfd3b4c4ca3b0c1ef2, which is going to be your BTC password. You can use sha1sum or sha256sum or many other hashing algorithms for longer password.
• Use an offline wallet to store large amount of coins (your savings account). Install a fresh operating system; don't connect to the Internet. Send your coins to that offline wallet. Nobody has access to it now.
• Consider getting a hardware wallet for everyday use.

I will soon write more about other security measures user can take. For now, also have a look at https://steemit.com/bitcoin/@mhossen/use-a-memorable-seed-and-recover-wallet-anytime-anywhere-wallet-security.