Friday, September 30, 2016

Keep your PC Safe - 09/30/2016

Sept 30, 2016

We're losing the security war.  More of our PC's than ever contain viruses and malware.  The main rule you should abide by when using your computer is this:  If you didn't go looking for it, don't open it, don't allow it, or reply to it.  This rule applies to everything you see on the web, in your email, in a pop-up, or even from an unsolicited phone call.

Aside from modifying your behavior, here are a few key things everyone can do to avoid most problems.  An old article from PC World http://shar.es/mSJv5 gives you some of them especially on the second page of the article (ignore the scripting advice, as noscript isn't practical).

1.  Change your DNS settings to use OpenDNS
This may be the most important thing you can do and for some people it will actually speed up your internet access.  OpenDNS gives you a way to control what is allowed on your home network,  including your mobile devices that use Wi-Fi, with the ability to block entire categories of web sites.  In addition, OpenDNS prevents you from going to fraudulent web sites by maintaining a block list.  It's a "set it and forget it" solution too.  Be aware that savvy teens can figure out how to get around OpenDNS by manually changing their DNS settings on the computer or phone.  If you want to prevent this, it is possible to configure your router.... but too much for this article.
2.  Install either Firefox or Google Chrome and use it instead of Internet Explorer.
In fact you might get rid of all of your obvious Internet Explorer icons so you're not tempted to use it.  Currently, Chrome is my favorite.  It's the fastest browser and it keeps itself up-to-date automatically without bothering you about it (Firefox is following suit).
  • Download Firefox here: http://www.mozilla.com/en-US/firefox/upgrade.html
    Download Chrome here:  http://www.google.com/chrome
  • Install and Run Firefox or Chrome and make it your default web browser when it asks.
  • Install an add-on called uBlock Origin by Raymond Gorhill.  In Firefox, I like to unhide the menu.  Click the little orange tab in the upper left corner and scroll down to Options, then put a check next to "Menu bar".  ** Install add-ons by clicking "Tools" and "Ad-ons". In the "Get Add-ons" tab search for uBlock Origin.  Click the "Add to Firefox" button and follow the prompts.  In Chrome click the little 3-dot icon in the upper right, then click "More tools" then :Extensions".  Click the "Get more extensions" link in the middle of the page and search for uBlock Origin, click the "Add" button and follow the prompts.  Of course in either browser, if you see add-ons that you don't use or recognize, turn them off or uninstall them.
  • Install another add-on called WOT or Web of Trust.  Web of Trust gives you ratings beside your search results that tell you if the web site is reputable or not.  Also, if you try to go to a web site that has questionable ratings, it will warn you and give you a chance to back out.  It is community supported.
3. Ditch your antivirus software
  • If you're using Windows 8 or 10, Microsoft has included Windows Defender which is their Defender and Security Essentials products combined.  Simply uninstall any and all antivirus software that you have installed, and Windows will do the rest by re-enabling Windows Defender.
  • If you have a good antivirus and you're sure it's up-to-date you could skip this step but I haven't seen many in this condition.  Many people are paying for solutions that bog down their PC or are only marginally better than Microsoft's free solution.  Also, many people have multiple solutions installed and are unnecessarily bogging down their computer.  If you are unsure or you are using a pay service, you should uninstall ALL security software on your pc and proceed with this step or reinstall the Antivirus software you are comfortable with and make sure it has the latest updates.  
  • If you have Windows 7, I like Bitdefender Free because it does a decent job and stays out of your way.  http://www.bitdefender.com/solutions/free.html
  • Antivirus is like "suspenders".  Your belt, your first and only real line of defense, is your behavior.  i.e. Don't click on links in email or in other questionable web pages or ads.  And question everything.
4.  Make sure your software is up-to-date
The following is a list of common software that should be kept up-to-date if installed on your system (instructions not complete)
  • If using Windows 7: Adobe Flash Player http://get.adobe.com/flashplayer/  Note: Do NOT check the option to install McAfee Security Scan.  We don't need to bog down our machines with multiple security solutions.
  • In Windows 7 you should use the Windows Update link found by clicking on the Start button, then All Programs, then scroll up near the top to find Windows Update.  You can also find it in the Control Panel.
  • Java http://www.java.com/en/download/index.jsp but uninstall Java if you don't have programs that need it.
  • Adobe Shockwave  - This software is typically used in certain web games that run in your browser.  You can and probably should uninstall it.  When you or more likely your kids encounter a need for it, your browser will prompt you to install it and you will get the latest version.
  • Many of you will have Microsoft Office - on Windows 7  Microsoft Update has probably already taken care of this for you, but if not read here: https://www.msoutlook.info/question/363.  In Windows 10, there is an "Advanced options" option on the "Update and Security" screen where you will find the checkbox "Give me updates for other Microsoft products when I update Windows".  Make sure this is turned on.
5.  Uninstall Adobe Reader and install Foxit Reader instead.
That's right - get rid of Adobe Reader.  This is the software that your computer uses to display PDF files.  It has had a continuing history of vulnerabilities (like all software) but to the level that it's just time to move to something that is less of a target.  Even if your copy of Reader is totally up-to-date there are often unpatched problems that are being exploited by the bad guys.  Further, the download to update it is so huge that some people avoid it.
  • To uninstall it, click the Start button, select "Settings" then "Control Panel". In control panel select "Programs and Features" (You might first have to select "View by: small icons" in the upper right).  Find Adobe Reader (older versions may have been called Acrobat Reader) and click on it, then select the "Remove" button. While you're in Add/Remove Programs you might want to look at the list and remove any other programs that you know you no longer have need for.
  • To install Foxit Reader, browse here: www.foxitsoftware.com/downloads/index.php and you will find it in the right hand column. Once downloaded, run it to get it installed.  Note: Uncheck the option to install Connected PDF and Phantom PDF and the option to make Ask.com your home page.  Other than that, you can accept all of the default settings and acknowledge the Windows messages authorizing changes to your system.
6.  Make your Windows login a "standard" user  instead of an administrator.  If you should get tricked into clicking on something, this will stop a decent percentage of malware with this one step.
  • You will first want to create a new user account that will be an administrator.  Perhaps you would call it Admin.  Give this user account a decent password.  Then log in to that new user account and from there you should be able to change your originals user account to a "standard" account.  
  • From now on, when some program wants to make a change on your PC, it will ask you for the Admin password, which is a little higher of a bar to clear as hopefully you will think before you provide the password.
  • Here is an article that describes the process in Windows 10: http://www.windowscentral.com/how-change-user-account-type-windows-10

No comments: