# How to Protect Yourself and Tighten Security



## Cookiegal (Aug 27, 2003)

The following information has been copied (with a few minor edits) from our former Moderator dvk01's My OnLine Security blog, with his kind permission.

*How to Protect Yourself and Tighten Security

You usually get infected because your security settings are too low or you blindly click yes to everything. This article will show you how to protect yourself and tighten security.*

_If you are reading this article as part of a post-infection clean-up then please be aware that several anti-malware tools that are commonly used by helpers on online help forums reset various Windows settings to the default ones that Windows came with. These aren't always the safest options but are the default Windows options. If you follow the advice below, especially setting "Show known file types", you will be much safer and you will have taken the first steps to protect yourself and tighten security._

Here are a number of recommendations that will help to protect yourself and tighten security and which will contribute to making you a less likely victim:

*Watch what you download!:* Many freeware programs and P2P applications are amongst the most notorious, coming with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software or just plain crash your browser or even Windows itself. There is no such thing as a free lunch and many "free" programs on the net contain adware or spyware. Read the EULA carefully before installing anything and if it says "Supported by Advertising" or similar wording be very wary and expect problems and pops ups etc. Be careful what add-ons, toolbars and extensions you install in your browser. Very few of them are needed, useful or safe. All the majority of these add-ons will do is slow down browsing and cause unwanted adverts and pop ups on your computer. Be extremely careful when downloading from software sites. A high number of these sites use their own "download manager" which stealthily installs so-called "optional" programs that cause pop ups, adverts and search diverts, unless you are scrupulous about watching what it does and carefully uncheck everything it offers, apart from the program that you actually want.

*Once a file has been downloaded then scan it with your antivirus BEFORE opening it:* As a double-check I recommend scanning it at: *Kaspersky Application Advisor* which will give a recommendation based on other user input and what the file appears to do. If it is safe then it will say so. Unknown files are automatically given a caution rating and bad files are marked with a red warning.

*Set your folder options to show file extensions for known file types:* The default for Windows is to hide known file type extensions and that way, when you receive an email saying "open this picture" or "read this important document", you don't see the *.exe *at the end. Once you set known file types to show it is much less likely that you will accidentally click on a malware file and open it, thinking that it is a picture from a friend or a document that you are expecting. This shows you how to set it to Show Hidden Files on the various operating systems.

*Watch out for sites that insist you need a special codec* to watch the video or listen to music on the site as 99% of the time they are trying to install malware. If you already have Windows Media Player, Flash Player, QuickTime or Real Player installed there should never be any need to install a special player or codec from the site.

*Phishing and Identity Theft:* Be very wary of links in emails allegedly coming from your bank, building society, insurance company, PayPal, etc. Hover your mouse over the link to see whether it is the correct bank website, etc. If the address showing in the hovered link isn't the same as the address it says it is then don't click on it. Go to your bank's website via a known good link. If you do happen to accidentally click on a suspicious link, don't panic but simply close the browser window and definitely don't enter any information in the site. We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don't assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says "you have won a prize" or "sign up to this website for discounts, prizes and special offers".

*Malicious Email attachments:* Be very careful with email attachments. The basic rule is *NEVER *open any attachment to an email unless you are expecting it. Now that is very easy to say but quite hard to put into practice because we all get emails with files attached to them. Our friends and family love to send us pictures of them doing silly things or even cute pictures of the children or pets. Never just blindly click on the file in your email program. Always save the file to your downloads folder so you can check it first. Most (if not all) malicious files that are attached to emails will have a faked extension. That is the 3 letters at the end of the file name. Unfortunately, Windows hides the file extensions by default so you need to set your folder options to show file extensions for known file types as mentioned above. Then when you unzip the zip file that is supposed to contain the pictures of "Sally's dog catching a ball" or a report in Word document format that work has sent you to finish working on over the weekend, you can easily see if it is a picture or a document and not a malicious program. If you see *.exe, .com, .pif or .scr* at the end of the file name *DO NOT* click on it or try to open it, it will infect you. _While the malicious program is inside the zip file it cannot harm you or automatically run. When it is just sitting unzipped in your downloads folder it won't infect you, provided you don't click it to run it. Just delete the zip and any extracted file and everything will be OK._ You can always run a scan with your antivirus to be sure.

*Smart Screen Filter: Keeping it turned on at all times will protect you and tighten security a lot*. If you are using Vista or Windows 7 then Internet Explorer 9 (on Vista) and 11 (on W7) has an inbuilt smart filter that scans all websites that you visit and all web-based downloads. It will alert you and block access to known infected websites and unknown or malicious executable files that you are attempting to download. It won't block .zip or .rar files. Obviously, Smart Filter only works if you use Internet Explorer as your browser and not if you use Firefox, Chrome or another browser. If you are using Windows 8.1 or Windows 10 then you are much better protected because Smart Filter is inbuilt to Windows and scans, checks and blocks ( if needed) any file you download or open on your computer. This way it works on all browsers and any files received by email as well as web scanning. Other browsers have similar protection that should always be left turned on: Chrome has "Enable phishing and malware protection" Firefox has "Block reported web forgeries and block reported attack sites". See *here* for how to check that they are turned on.

*Facebook, Google+, Twitter and other Social Networking sites:* Don't get carried away with what you post on these sites and remember that a lot of what you post will be public and it is rather like walking down the local High Street and shouting out to everyone in earshot everything that happened last night, your name, address and phone number and where you hide the spare keys to your front door. Never post when you are going away or that the house will be empty overnight. A lot of thieves, fraudsters and other criminals hang around and monitor social networking sites and use the information they gain from them to do lots of nasty things to you. Also remember what you post can be read by all your friends and often your boss or even a potential employer. Don't let something you wrote when you had a few drinks or you were in a silly or bad mood come back and bite you a few weeks, months or years later.

*Keep Windows and all programs and browsers up to date:*


*Windows Update and Internet Explorer:* Go to IE > Tools > Windows Update or use Control Panel > Windows Update and install ALL Critical and Security Updates listed. It's extremely important to always keep current with the latest security fixes from Microsoft. Install *ALL* of those patches. Older versions of Internet Explorer are not supported or recommended and you are strongly advised to immediately update to IE9 for Vista and IE11 for Windows 7, Windows 8 and Windows 8.1). *As of January 12, 2016* there are no further security or functional updates for any version of Internet Explorer below IE11 (except IE9 on Vista only). *You must update your Internet Explorer browser to the latest version Immediately*. *Windows 8 RTM* also ended support on that date and you must update to *W8.1* in order to get updates and stay safe.

_It doesn't matter if you normally use an alternative browser such as Firefox, Safari or Google Chrome. Just having older versions of Internet Explorer, which are vulnerable to so many exploits, installed on your computer is enough to allow malware and exploits on to your computer with no action on your part_. Microsoft now issues security updates on the second Tuesday of every month and non-security updates on the fourth Tuesday. Make sure you do a Windows update as soon as you can after 6:00 p.m. U.K. time or 1:00 p,m. U.S. Eastern time to get the latest updates on those days.

*Oracle Java: I do not recommend that you have Java installed at all unless you absolutely need it. The amount of malware infections that occur due to Java vulnerabilities is so high nowadays. The vast majority of users get by very well without Java but IF you do need it then be sure it's kept updated to the latest version.*

*Adobe Flash Player* Adobe Flash Player has reached its end-of-life so it's no longer updated or supported and should be uninstalled immediately.

*Always use a Standard or Limited user account for day-to-day computer usage, especially for Internet use:* This applies mostly to Windows 7, Windows 8.1 and Windows 10 or Vista because many programs running on XP don't work properly unless you're using an Administrator account but try and see if you can work on a Limited user account on XP. On W7 and Vista set the UAC to the highest level and always set a password on the Administrator account. On Windows 8.1 or W10 only have the UAC set on the middle level. When a program or person tries to alter settings or add something new then you get an alert and you cannot continue until you either allow it by typing the Administrator password or refuse it by pressing NO. This *ONE* thing will stop 99.9% of malware and unwanted programs from installing. Read this link for full details about the UAC.

*Internet Options - ActiveX Controls and Plug-ins:* Go to Internet Options/Security/Internet and press "Default Level" then OK. Now press "Custom Level". Set the following options as described here: *Setting the Internet Zone for Additional Security*. Sites that you know for sure are above suspicion like online banking and other secure sites only can be moved to the Trusted Zone under Internet Options/Security.

*Never put sites like Facebook, Twitter, Myspace, MSN or any other similar type of social networking site in the Trusted Sites zone.*


> *Q*. So why is ActiveX so dangerous that you have to increase the security for it?
> 
> *A*. When your browser runs an ActiveX Control it is running an executable program. It's no different from double-clicking an exe file on your hard drive. Would you run just any random file downloaded from a web site without knowing what it is and what it does?



*EMET:* It is highly recommended that you install Microsoft's EMET Enhanced Mitigation Experience Toolkit 5.5 (released January 29, 2016) which proactively protects you against the majority of 0-Day-Exploits in Windows and other common software. Read all about EMET and how it can help to keep you safer from exploits before Microsoft or other developers can update their software. EMET 5.2 was the previous stable release (March 2015). These versions 5.2 and 5.5 have a lot of improvements in protection capabilities over the previous EMET 4.1 and EMET 5.1.

*Install a good Antivirus and firewall*: I recommend *Kaspersky* or Eset Smart Security for a paid for antivirus and for a free one: *Microsoft Security Essentials* (for Windows 7 or Vista only). Windows 8.1 and Windows 10 have inbuilt protection called Windows Defender.

Always make sure your Antivirus and Firewall are switched on and kept updated and do not allow unknown programs or processes to access the Internet or your computer, always block them and ask for advice.

*Install a good Antispyware with real-time protection*: I recommend two programs as having good real-time protection as well as good cleaning capabilities: SUPERAntiSpyware or MalwareBytes Anti-Malware.

*Backup, Backup and Backup*: In the event of you being infected or becoming a victim of a bad or failed program or Windows update, the best, easiest , safest and quickest way to recover is to have a complete current image backup. I use and recommend Acronis True Image. I use an external hard drive WD My Book 3 TB USB 3.0 Hard Drive with Backup and do a daily incremental backup using Acronis True Image and also have the non-stop file backup running, which immediately backs up all my documents and images, etc. (in fact I have it set to backup any new or changed files in MY Documents, My Photos, My Videos, My Recorded TV and My Downloads folder. That way the worst that can happen is that I lose about 1 hour of work or the last hour of emails at the most.

*Passwords*: If you have been infected then be aware that almost all modern malware/spyware is designed to steal your private information. That includes all passwords, log ins to forums and other websites and, most of all, your bank, credit card or PayPal details. It is vital that after you have been cleaned up you change all your passwords and on many occasions it is necessary to get in touch with your bank or other financial institution to inform them that your details may (probably have) been stolen.

*One of the easiest ways to protect yourself and tighten security is to Never, EVER use the same password on different sites*. Always use a different password for each site you log in to. Don't use simple passwords like your name or your husband/wife/boyfriend/girlfriend/dog or cat's name. Always use a strong password with a mixture of letters and numbers and different characters. Passwords like Jenny, Rover, 12345, 54321, password, login or similar words are absolutely useless. You need something like TsfE£%9& to prevent them from being guessed.

I strongly recommend using *ROBOFORM* to store and create safe, secure passwords.
If you have followed the advice in this article then you will have learnt how to protect yourself and tighten security and hopefully be less likely to get infected in the future.


----------

