I want to build it from scratch but I don’t know which brands to trust?
I don’t mind buying a pre-made PC Tower from someone like Acer or Dell, but it just seems so easy for them to install Apps that run in the background that sends telemetry about everything a user is doing even if the user is being careful and follows the great guidelines on PrivacyGuides?
I know the profit margins are very slim on these pre-made PC Towers and these pre-made PC Towers already come with LOTS of promotional Apps and spyware pre installed particularly on the cheapest PC Towers.
I just want to hear what the general consensus is for buying pc hardware? I thought about running DBAN on the HDD before I installed Windows and my other Apps on it but is this really enough?
Dell and Acer hardware has always been great and reliable for me.
This has been on my mind A LOT as I’m in desperate need for some new hardware.
If you’ve never built a PC before, be careful. It is easy to make big mistakes. You do not want to damage something your just spent hundreds of dollars on.
If your only motivation for building a PC is to have a bloat-free operating system, don’t build a PC. You can buy a pre-built PC and install Linux or reinstall Windows. By installing Windows from a Microsoft ISO, you won’t automatically have any manufacturer software installed.
The hardware for PC space is run by big companies (NVIDIA is one of the largest in the world). All of them have had major issues and missteps (usually on an annual basis). GamersNexus can be a wonderful resource in the PC hardware space. Lots of hardware reviews, gaming performance, and pre-built reviews.
I think you should take a step back first and figure out what you want your computer to do. Create a list of tasks and programs you want it to run and figure out what the computer needs for that.
This way you can budget properly. The biggest pitfall new PC builders make is overspending because they are tricked into thinking they need the newest and best stuff. This is even worse for people who don’t trust 2nd hand markets (which is pretty common in the privacy community.)
Not only is DBAN enough, it’s overkill. DBAN is for removing all trace of your files, to prevent forensics from recovering them. In other words its purpose is to keep things secret. The bloatware preinstalled on your computer is not a secret. Wiping it with DBAN will put needless wear on your hardware for no benefit.
I have no problem with building a new PC from scratch, but I wondered if buying a big brand name like Acer or Dell would offer me more security and user privacy?
Generally speaking, all recent PC hardware is the same from a privacy perspective. Privacy threats essentially exist only in software. As long as you can exercise control over what software you run on the hardware, that should be enough.
The same is mostly true as far as security is concerned. Other than newer security systems like TPM or Secure Boot, there’s not many security differences at the hardware level between different recent PC models.
Is it possible to spend extra money to buy hardware that’s inherently more secure?
Apple is a company whose hardware I consider to be more secure, generally speaking, than other PC companies but I can’t stand the way Apple does many things. E.g being forced to buy Apple hardware to maintain compatibility…
I appreciate your reply!
Is it possible for a virus or some kind of malware to be installed into a PCs motherboard? Like some kind of “malicious firmware” without being installed on the PCs HDD/SSD?
This is not true, different hardware will have support for different security features, such as PCs built to MS’ secure core spec will (hopefully) have things like memory encryption, the ability to turn off the MS 3rd party CA for secure boot, firmware rollback protection and so on. Consumer hardware often doesn’t have the higher security features – on consumer motherboards, firmware rollback is a feature rather than something to protect against!
Further to this, basically no consumer desktop hardware besides Apple’s ARM computers come close to a proper verified boot implementation. So needless to say, yes there are meaningful security differences between different hardware.
There is a UEFI feature whose name escapes me that enables vendors to automatically install software on Windows; companies like Asus use it to install their bloatware “motherboard management” shit automatically but Linux obviously can’t even install exes and doesn’t use that UEFI feature as far as I know.
In addition to legal, intentional shit, there’s also of course rootkits that can install themselves either on hard drives or even in the motherboard flash memory normally used for the UEFI – Logofail is one such example
Just do a fresh OS install and you should be fine.
The problem with building PCs yourself is hardware security. Many consumer components suck at this, provide little firmware security and barely any updates. If you get a new Dell device, it will be much better and will get quite a few years of updates. Not a fan of Acer, though.
Can you clarify this? Are there prosumer PCs you recommend? I feel like I am missing something as I see people mention brands like Dell but their pre-built options have the same (usually worse) consumer hardware, terrible customer support, and awful build quality and QC and your paying a premium for Dell to build and ship it to you.
Unless there are some enterprise options your referring to, all these brands are using off the shelf hardware, so I am confused about how buying a Dell or Acer provides any sort of security benefit.
The better hardware security usually applies to the business/enterprise-grade computers from e.g., Dell. Just a few things you get on say, a Precision or Latitude from Dell include:
Longer firmware update support (I believe at least 5 years from memory)
Transparent memory encryption (assuming vPro/Ryzen Pro; transparent in the sense that it doesn’t require OS support)
Other miscellaneous secured core spec features
Anecdotally, basically every “business” computer I’ve owned has been easy to get into and repair whereas I can’t say the same about every consumer machine I’ve owned; Dell’s Optiplex in particular has some really nice tool-less install/removal features internally that custom build PCs don’t have
If you are talking about computers using actuall enterprise level hardware then the cost is in a whole different ballpark, and would be crazy overkill for an average persons threat level.
Nothing else you mention (unless I am misunderstanding) seems to be something a consumer could not buy and build on their own. Motherboard manufactuers are going to release the same firmware updates regardless if you buy their board seperatley or from Dell or another OEM.
As for the Optiplex series, they are actually less repairable then a similar SFF computer someone would build themselves as they use propeiretary parts that that do not fit the standard form factor, specifically to make them harder to repair (such as their motherboards), or have components soldered on (typically the CPU or RAM). This means once that component dies or becomes outdated its basically e-waste as there is no way to replace it.
Oddly enough Optiplex are a bit special in that they have found new life as wonderful homeservers (I use two personally) or school computers once they are recycled by offices.
Most of these pre-builts (“business” or consumer versions) built with these types of practices just add to the ever growing pile of e-waste that electronics produce more and more of each year.
In my (limited) experience, Windows 10 & 11 only automatically install drivers (and minimal associated driver control software). I have never had manufacturer bloatware never get installed automatically. Some devices will show a popup offering to install manufacturer bloatware on 1st boot, but ignoring/closing it results in no bloatware being installed.
Yeah, when brand new, the price is pretty high. But because of the long support period it’s not the worst to buy stuff that’s a bit older on clearance or used. As for whether it’s overkill for the average person, would you say GOS on a Pixel is overkill too? If you would say it’s not, then a computer with better than average hardware security also isn’t overkill.
Dell doesn’t use consumer boards, the motherboard manufacturer in this case is Dell.
The tiny USFF ones absolutely are not repairable and sometimes have soldered parts yes, but the SFF and larger have a proprietary motherboard and PSU at worst; the PSU can easily be replaced with a consumer PSU as long as you buy the right adapter, and the motherboards are not super uncommon to find replacements for since businesses buy them too. Of course you can also just get a little creative and mod the case if you do want consumer hardware in them but if the goal is security you wouldn’t want to replace the motherboard anyway.
Is it kinda cringe that security and caring about the environment are seemingly at odds a lot of the time? Yeah absolutely. But the answer is to convince the companies already trying to do right by the environment (e.g., Framework, Fairphone) to provide proper software/firmware security and support so we can have both, because we sure as hell aren’t convincing Dell/Lenovo et al. to change to be environmentally friendly and secure. For now, for people that deserve and need secure computers? Unfortunately we’re going to have to deal with potential e-waste issues.
I would call that an apples to oranges comparison. For one, a Google Pixel is not enterprise level hardware, its just a regular consumer phone. Two, GOS is completley free to anyone who wants to use it so it being overkill is far less of a problem.
I just don’t see how Dell motherboards (especially the ones in optiplex machines) offer any sort of security improvement over a comparable motherboard from a different manufactuer.
Although I realize now, I may have crossed my conversation with you and my question to @sha123 up
If your willing to mod an optiplex to fit your needs, just building your own computer for the same budget as an optiplex is going to be better bang for your buck and be a much easier upgrade / repair path going forward.
Yeah I agree. I do wish PG would have some sort of flag about their less enviromentally friendly options, such as Monero, which is Proof of Work. Granted its impact, solely off of market share would be far less then something like Bitcoin but, it still uses the same environmentally adverse mechanism.
I’ve had a work machine that I was given the option to buy for a small amount when it was replaced for a newer one, where I had windows (10) automatically activating itself with the original work licence after I had made a clean install.
Windows update then offered to install a bunch of bloatware, probably most of the stuff that originally came preinstalled. That, along with all the nags to use onedrive and whatever else they were pushing, quickly remined me why I dislike Windows so much
My big concern is as you said “motherboard management” Apps that claim to be helping the user experience when they’re actually destroying a user’s privacy.
I know it’s recommended to keep Windows as minimal as possible in terms of what Apps are installed to minimise the risk of a “user privacy breach,” but has anyone tried Microsoft’s hardware?
Edit: I’m just trying to say that wouldn’t it make sense to buy Microsoft hardware to lower the threat level if you’re already going to be running Windows 10/11?