PC Security

Tips on how best to remain secure online

You should provide as little personal information as possible on the web, especially on social networking websites such as Facebook, because that information can help give identity thieves and computer hackers what they need to hijack your identity, your computer or your bank accounts, etc.

Banks have developed sophisticated almost foolproof methods of logging onto their websites, but a website such as PayPal only requires an email address and a password, so it is essential to use a strong password, because if your PayPal account is linked to your bank account and/or credit card, getting into your PayPal account gives a hacker access to those accounts, which would allow him to transfer money into your PayPal account and then send it to himself in Russia, China or somewhere else.

Never use a password you use for a financial site (bank, PayPal, etc.), web email account (hotmail, yahoo, gmail, etc.) on any other site such as an online newspaper, forum, Facebook, etc., because if hackers gain access to sites with low security, which is much easier than a banking site, they might be able to obtain your password for that site, you may have provided an email address, they will try that password to gain access to your email account. If it works, they can try using the “Forgot your password?” option on a financial site, such as PayPal, to have a new password sent to your email address. They will then be able to access your PayPal account, which can be linked to your bank account. Therefore, it is essential that you only ever use throw-away passwords for sites such as forums, Facebook, online newspapers, etc., so that if the hackers try one of them on your email account or any other account that requires a strong password, they won’t be able to gain access to it.

If a hacker can obtain enough information about you, he can make good guesses at the kind of passwords you would use and if you keep a record of passwords you use on your computer, if it gets stolen, you must change those passwords immediately by using another computer, even if you have to use a friend’s web access to do so. That is why you should disguise password information kept on a computer, or, better still, don’t keep a record of passwords on your computer(s).

Keep a written record and hide it somewhere safe. You can use a master password and change it for every account in a specific way that is easy to remember. That way, you just have to remember what it is and how I change it. It is best not to use a public library’s web access to access your bank accounts or even social-networking websites, because the library’s computer security could have been compromised.

Create stronger passwords and protect them –

http://blogs.microsoft.com/microsoftsecure/2014/08/25/create-stronger-passwords-and-protect-them/

NEVER RESPOND TO PHISHING EMAILS

The most important warning with regard to Internet security is NEVER respond to phishing emails from a bank, financial organisation (PayPal, eBay, etc.) or online store that requires you to click on a link in it and then log into the faked webpage that will present itself in your web browser (Internet Explore, Mozilla Firefox, etc.) that looks exactly like the real thing. Rral banks, organisations and online stores NEVER send emails to their customers to do anything to their accounts, such as update it or check an overdrawn account, read a new message, etc.

Phishing – https://en.wikipedia.org/wiki/Phishing

Malware can infect a computer and make it log on to fake sites instead of the real sites

Note well that malware can infect a computer and make it log on to fake sites instead of the real sites. If a website URL, such as http://www.paypal.com – is entered in the Windows Hosts file, a web browser uses it instead of using the DNS system provided by servers on the web. Therefore, if malware can insert a fake phishing site instead of the real PayPal site in the Hosts file, the browser will go to it instead of the real site.

How to Lock, Manage, Edit Hosts File in Windows 10

Therefore, when accessing banking or store sites always look them up in a search engine first. For example, to access PayPal enter the name in a search engine or in a web browser’s address bar. The website address bar of most web browsers can also find websites just by entering their names, such as Amazon and PayPal.

No government department ever sends you emails asking you to fill in a form or enter any credit card details

I have received numerous convincing emails supposedly from the UK’s HM Revenue & Customs, which deals with taxation and VAT. The immediate giveaway is that they never use my name, but if you have just sent in your tax return and you get an email like it and you are not very web-savvy, you might fill in the credit card details it wants. Remember that no government department ever sends you emails asking you to fill in a form or enter any credit card details in order to claim a refund.

If you are self-employed, your tax form provides an option that must be filled in providing a bank account in which to pay a refund. But PAYE employees and taxpayers don’t fill in a tax return and might be tempted to send in the form with the information it asks for. The taxman sends any refunds by cheque directly to the taxpayer’s registered address.

Never respond to anonymous computer support telephone calls

You should also never respond to telephone calls such as the one reported by a computer forum poster:

“Today someone phoned me claiming to be from Microsoft support informing me that Microsoft Security Essentials anti-malware software was reporting my PC had many errors caused by a virus and that is the reason I had a slow connection recently. Microsoft never does this but he was convincing. I had also heard about similar stories. He requested that I should check my error log by right-clicking My Computer => Manage => Computer Management => System Tools => Event Viewer => System and I would see them.”

“This is how to view the Event Viewer in Windows XP, which is still the most widely used version. (In Windows Vista, the quickest route is just enter the words Event Viewer in the Start => Search… box to be presented with a link to it, but there are other methods.)

“Note that this report always shows some errors and warnings even on perfectly normal PC systems. These people know this but most users do not so they can be convinced that they are genuine callers from Microsoft. He said that he would fix them by sending me to a known website, which was genuine, and fix this by utilising TEAM VIEWER which was available there. I am aware of what this program can do, but was suspicious as he had an Asian accent and even gave me a phone number to try to convince me, but when I tried 1471 his phone number was unavailable. He then tried various tactics such as speaking to his technical manager who would confirm his identity. Finally, he gave up, was very agitated, and said he had many more people to call to fix problems like mine. If anyone followed his instructions no doubt he would load spyware on to that person’s PC that would allow him access to the computer to steal passwords, etc.”

Other confidence tricksters telephone you and ask you to set your computer up so that they have remote access to it. They tell you how to do that and then, if you do as they say, install phony antivirus software and run it from a remote location. The scan says that all kinds of infections exist on the computer. They then ask for payment to remove them. That is why you must never allow anyone to access your computer in any way unless you know exactly who is involved.

Most malware infections are caused by downloading and running rogue software

Always bear this in mind with regard to PC security. Security-research company Trend Micro that provides the free online malware scan HouseCall has reported that of the top 100 computer infections in the U.S. in 2008, a huge 63% were caused by downloading and running programs. E-mail infections accounted for only 3% and the exploitation of security flaws in software products was responsible for a negligible 1.7% of the PC systems that were compromised.

Free games, utilities, toolbars and almost any other software can entice a user into downloading malware from a malicious website. Pirated software and pornography offered on the web are particularly dangerous in this regard. The hackers know that many people look for pornographic sites using certain keywords, so they fill their malicious sites with those keywords. The dangerous downloads are usually disguised as pornographic videos, or the website might ask the visitor to install software in order to view pornographic videos.

You should therefore only download software from reputable sources, such as well-known downloads sites (Filehippo.com, Download.com, Softpedia.com, MajorGeeks.com), or the websites of reputable software developers and hardware manufacturers (Microsoft, Adobe, Google, Intel, HP, and Dell), or open-source (free) software provided from Sourceforge.net, Mozilla.org, Ubuntu Linux, OpenOffice.org, etc.

You should use strong (secure) passwords for websites such an online stores and banks and never use the same one for every website, because hackers know that many people use common passwords well-known to hackers, or use the same password and user name, so they use websites to gather user names and passwords and then try using them on retail and banking sites, eBay, etc. More information on passwords is provided further down in this article.

You should also not use keywords such as free spyware programs, etc., in search engines or adverts on reputable websites to find security software, because the major search engines and the advertisers such as Google and Yahoo! allow malware products to be listed in search results and/or advertised. You should only obtain security software directly from websites that have received good reviews for their products from other reputable websites. For example, all of the links provided on the pages of this website are valid products. For more information, read this story on this subject:

Downloads called “torrents” from websites that provide them can be particularly dangerous. The downloads use a web protocol called BitTorrent, hence the name torrents. If you only use torrents to download legitimate software, the torrent file should be made available from the program’s own website – for example, the torrents page for Slackware Linux.

Another great danger are phishing websites, which are copies of real websites, such as paypal.com, that are linked to from within emails. The domain name is not paypal.com, but another name. The link’s text shows http://www.paypal.com, but it is linked to another domain, which is usually temporary; it will be abandoned as soon as the security software exposes it for what it is.

If you place the mouse pointer over a link to a phishing website, you will see its real domain name in the bottom left corner of web browsers such as Internet Explorer and Firefox. A message in phishing emails tries to entice the reader of the email into visiting the website by saying, for instance, that their PayPal account has been illegally accessed and that they should log on to it immediately by clicking the link that brings up the phishing website, not PayPal’s website. Every bank or financial organisation capable of transferring money has phishing emails sent out in its name.

Your name is never provided because it is a general message sent to many thousands of email addresses. It will only be addressed to you if the sender knows your name. That is why you should not use your name in an email address that you are going to use on websites. For example, use an email address like earthsventriloquist@gmail.com instead of yourname@gmail.com.

A simple rule of thumb is this: no reputable bank or financial service will ever ask you to provide login details to your account via an email. If you receive such an email informing you of a problem with your account or proposing to offer some kind of prize incentive or similar, just remember the old saying, “If it looks to good to be true then it no doubt is.”

If you want to install software from a developer that you don’t recognise, you can perform a web search on it and the developer in order to find out if it is from a reputable source. You should be able to gauge from the links provided with regard to a particular software developer or website if it is reputable.

The Internet Explorer web browser and most of the other web browsers have a feature that can check a website. In the Firefox browser (March 2017), find it by clicking Help => Report deceptive site… The deceptive site is reported to Google.

Of course, you should never use a free ‘cracked’ copy of a piece of software that doesn’t require product activation, etc., because it is likely to be doctored software.

Ransomware

Ransomware is malware that either tries to fool users into believing that their computers are inextricably infected with malware or it actually makes the infected computers inaccessible by encrypting their computers’ file system or files.  In both cases, a payment has to be made to the people responsible for the con to release infected computers from the malware.

The easiest way to recover the system from encrypted file system or files is to restore a recent clean backup or system image. Computer users should know by now how essential it is to create regular backups/system images in order to recover from insoluble problems of this kind.

Visit Backup methods: Backups, system images and cloud storage services on this site for more information on that topic.

Note that if you restore an old backup/system image, all of the files created after the date on which the backup was made will be lost – if copies were not made.

The ransomware exploits that don’t involve locking the system with encryption can be removed by running an updated  malware scanner or, if that fails, by using the system recovery methods, such as are detailed on the following page: How to choose the best ways to recover Windows 10.

Malware that disguises itself as legitimate antivirus software

Note well that dangerous malware that infects PCs by disguising itself as a legitimate antivirus program is being used by criminals to gain access to computers. It goes by several different names, such as AntiVirus XP 2008, Antivirus XP 2010 and Antivirus 2011, etc.and succeeds by looking like a legitimate Windows program. The programs are delivered through spam messages that link to an automatic download of a malware installer, or can even be delivered by clicking on the adverts of valid websites that have been compromised by hackers – or even just visiting a website. For example, the criminals (parasites) can register a website that has an address that is a misspelling of a popular website, infect it with code that loads malware onto your computer if you tried to reach the popular website but misspelled the name and used the name of their infected website.

Here is an example of what happens:

Thousands of home computers infiltrated after hackers infect high-profile websites with booby-trapped ads – “The London Stock Exchange, Autotrader and Vue [websites] were among those affected” –

http://www.dailymail.co.uk/sciencetech/article-1362205/…

Here are images of the kind of fake virus-infection alert messages that come up:

Antivirus fake virus infection alert message
Fake virus-infection-alert message
False virus infection warning presented by a rogue or infected webpage
False virus infection warning

Under no circumstances should you ever click anything on a security alert message that comes from outside the Windows Notification Area. The message in the second image is not literate, suggesting that it was written by someone with a poor command of English. Don’t click an OK or a Cancel button. By clicking on the Click here to switch to Full Mode button shown in the top image and the OK button in the bottom image, you are giving permission to install the malware or run a phony virus scan.

In Windows XP Home Edition, malware will install immediately, but in Windows XP Professional Windows Vista and Windows 7/8.1/10, User Access Control (UAC), which is enabled by default, will bring up a genuine window that requires the user to grant Windows permission to install the malware software. Which is why you should never disable UAC.

Page 4. – What to do If you allow malware to install itself