UPDATED November 15, 2024
Q: Is it safe to surf the Internet using an administrative account on Windows?
A: No. Using a non-administrative account mitigates 92% of Microsoft vulnerabilities with a critical severity rating.
Microsoft
really shot itself in the foot with Windows, as its initial
administration, where users create logins, leads users to believe that
only one login is necessary, when in fact there should be a minimum of
two: one with administrative privileges that is only used to install
software and fix system problems, and one without administrative
privilege for general use. And its Windows 10 attempt to force
users to use online Microsoft logins perpetuates the situation, as users
should be encouraged to create a local administrative login as well as a
regular login to surf the Internet (to create a local login on a new Windows 10 system, do not connect to the Internet).
Q: I don't like Windows 11 or my PC does not meet the requirements to install it.
A: In either case, extending support for Windows 10 for one year has been announced for $30. It's unknown if Windows will extend support again. Keep in mind that Windows 11 requires that users login with a Microsoft account, in other words, Windows 11 is like a smartphone. For users who switch back-and-forth between multiple Microsoft accounts, Windows 11 is a PITA.
Q: Does a safe way of doing online banking exist?
A: Bank via LiveCD/DVD or LiveUSB, running Linux instead of Windows in a temporary session, though UEFI SecureBoot will need to be temporarily disabled in BIOS. Some PCs with a CD/DVD drive boot from a CD/DVD
by default; some require pressing a specific key as soon as the first boot screen is seen; some won't allow it until BIOS options are properly set; most require BIOS options to be set to boot from a USB flash drive. Read advice here from Ubuntu and Arch. Linux distributions Linux Mint (a fork of Ubuntu; read user's manual), Manjaro (an Arch fork; read help) and Linux Lite (an Ubuntu fork designed for Windows refugees; read help) are recommended.
If
you have a PC running Windows XP, Vista, 7, or 8, a LiveCD/DVD or Live USB would
be a much safer way to surf the Internet. Even better -- and faster
-- would be to replace the HDD with an SSD, and install Linux on it.
Q: What is the best antivirus for Windows?
A: Read the findings of the top-two labs, AV-TEST and AV-Comparatives, but Bitdefender is always top-rated.
Some vendors offer a free version without all of the features contained in their paid product, as AV-Comparatives noted, with technical support and ransomware protection being some of the missing features. However, vendors typically include toolbars or other unwanted add-ons.
There are options for a free, reliable second opinion.
Norton Power Eraser is a powerful scanner. Avast offers its Malware Removal Tool. Sophos offers its Scan and Clean. F-Secure offers Online Scanner, as well as other free tools. Malwarebytes starts a free
trial of its paid product, converting to an
on-demand scanner after the trial period ends, regularly pestering you to purchase it. Microsoft offers Safety Scanner (the antivirus engine in Windows Defender), Malicious Software Removal Tool (the same one offered each month via Windows Update), and Windows Defender Offline,
which is used via CD or USB flash drive, running a temporary Windows
instead of the installed one in order to remove rootkits. No
free product should be used as the only antivirus, as they offer no
real-time protection.
Some
vendors offer removal tools for specific malware, though you've got to
know which one is infecting your PC. Bitdefender offers a removal guide, Bleeping Computer offers removal guides and Malwarebytes offers removal guides.
Antivirus products can be difficult to completely remove. Bitdefender offers uninstallation tools for its paid and trial products, as well as uninstallation links for most other vendors. ESET offers instructions and an uninstaller tool. Malwarebytes offers its Clean Uninstall Tool. To
complete the uninstallation, look in both "Program Files" and "Program
Files (x86)" and remove all directories with the name of the antivirus
vendor (expert users should also peruse C:/Windows/Prefetch, with the name often being abbreviated in the
latter, for example, for Malwarebytes, there may be entries starting with
"Malwarebytes," "MBAM," or "MB"). If an entry remains in Control Panel ->
Uninstall a program, use Revo Uninstaller.
If Malwarebytes needs to be moved, even on the same PC after Windows reinstallation, deactivate the license first and then reactivate it on the new system. Otherwise you will need to contact customer support.
It's never a good idea to install tune-up utilities or toolbars. The most screwed-up PCs are often ones with these products.
Bitdefender Blog / Labs, F-Secure online security tips and articles, ESET We Live Security, G Data Security Blog, Malwarebytes Blog, Bleeping Computer News, Threatpost, FBI Consumer Alerts, CISA, the UK's National Cyber Security Centre, NIST National Vulnerability Database, and Krebs on Security offer security news. Spamhaus is a resource for spam-related issues.
All that said, hackers have a new tool at their disposal, AvNeutralizer, which allows them to neutralize antivirus. It's used mainly in enterprise environments, but individual users are vulnerable as well. It's gotten to the point where the only safe solution is to have a separate system for email to prevent malware-infested emails from contaminating your data.
Q: I was told that some malware cannot be identified by antivirus software and therefore antivirus products are useless.
A: That malware is classified as zero-day, called that because on the day your PC sees it, your antivirus
vendor has not yet seen a sample of it so it has not been able to
include a defense for it in its product. Eventually the vendors will get
around to rectifying that, but some PCs will become infected before
then. Surfing without antivirus protection puts you at risk of
malware which has already been identified by antivirus vendors. Of the top fifteen recent vulnerabilities, the majority were first exploited as zero-days.
Q: Does it really matter if I renew my antivirus product? Am I not protected 99+% via the already-downloaded signatures?
A:
New malware is created every day. Having a lapsed subscription means
that all new malware is a zero-day from your point of view. And many
antivirus vendors have switched to a cloud scheme where some or all of
the signatures of potential malware no longer reside on your PC. As soon
as your subscription lapses, the cloud become unavailable to you.
By
the way, if your antivirus product is sold in stores, for example,
Norton, you can buy a copy on sale and use the activation code to
renew, saving money over the regular price. You can use products
intended for more users than you have.
One advantage of Windows 10 is that if an antivirus subscription is allowed to lapse, Windows Defender will be automatically enabled.
Q: How do I determine if an email is a phishing attempt?
A:
Phishing, where grifters try to convince users to click on a
questionable link, is responsible for the majority of cyber-breaches.
URLs
all follow the same scheme. They start with either http:// or https://, with everything from those two slashes to the next slash or the end of the URL being the fully qualified domain name
(FQDN). For example, a link might read, https://www.paypal.com/blah/,
which is a valid link because www.paypal.com is a FQDN. Another example
might read, http://www.paypal.paymenow.com/someconfusingtext/, which is a
phishing URL because www.paypal.paymenow.com points to paymenow.com,
not paypal.com. To further simply things, only the two right-most parts
of the FQDN are important for users, for example, www.amazon.com is
routinely shortened to amazon.com, with amazon being the domain
and .com being the top-level domain. Also note that paypal.com and
paypal.net are completely different domain names. Domain names can be
looked up via ARIN.
There
are four other address formats: dotted-decimal (for example,
192.168.0.1), dotted-octal (for example, 0300.0250.0000.0001),
hexadecimal (for example, 0xc0a80001; hexadecimal addresses always start
with 0x), and integer (for example, 3232235521). Never click on
hexadecimal or integer addresses and only click on dotted ones if you
know the origin.
Before clicking on any link on Windows and Linux
PCs, whether in email or on a web site, position the mouse cursor over
it without clicking, which will cause the text of the actual URL to be
displayed in the lower-left corner of the screen. Compare the displayed
text to what you expect, and if the text is unexpected, do not click on
it. That said, you can still be vulnerable to homoglygh attacks,
where English characters are replaced by ones in other languages that
look similar, so manually entering URLs is the safest approach.
If an email asks you to enable macros to open a Microsoft Office file, decline. Macros are disabled by default for good reasons.
Q: My Windows PC was bitten by ransomware!
A: Print screenshots -- press PrintScreen, start Paint,
press ctrl-v, and print -- of all messages or take photos of the
screens, because the ransomware may interfere with your research.
Download Bitdefender's Ransomware Recognition Tool,
which will "find which family and sub-version of ransomware has
encrypted their data and then get the appropriate decryption tool, if it
exists." Then shutdown the PC until you have decided what to do. You might need a second PC for research, doing so at Stop Ransomware, No More Ransom Project, ID Ransomware, Malwarebytes, F-Secure, and NJCCIC. Decryption tools are available for some ransomware from No More Ransom Project, Bleeping Computer. Emsisoft, Kaspersky, ID Ransomware, and Trend Micro.
If you have backups, do not connect them to the infected system, as the ransomware will encrypt them.
You can pay the ransom, but only half of those who paid a ransom were able to recover their data. Some ransomware purveyors are incompetent and
do not decrypt files after payment. Search on your particular
ransomware before paying. And then you must remove the ransomware,
because it will bite you again in the future. Malwarebytes
would be your author's first choice for removing ransomware, but then
again, wiping the drive and reinstalling Windows is the only way to
guarantee that the ransomware is gone.
It won't help you now, but
you need to start making backups so you won't be put in this situation
again. A minimum of two HDDs and a docking station, or two USB flash
drives, depending upon the amount of data, are needed. At the end of
each day, copy your data from the system drive to the backup drive. You
must not keep the backup drive running all day for three reasons. First,
you are wasting electricity. Second, you are shortening the life of the
drive. And third, ransomware will encrypt any data it sees on the PC,
so your backup drive will be of no use (some ransomware specifically targets NAS and backup storage devices). The
best tactic is to do a daily backup and a weekly one because you won't
know when ransomware actually strikes (corporations generally do daily,
weekly, and monthly backups). And you need to test your backups, because
you wouldn't be the first one to discover that backups were faulty.
Be aware that over 90% of phishing emails contain ransomware.
Q: Is there any way to stop annoying ads, especially pop-ups, from appearing?
A: Enable the setting to block pop-ups (it's usually the default). For searches, use Duckduckgo, Brave, Marginalia, or Qwant instead of Google, Bing, Amazon, Yahoo, or other data-snarfers.
For the below, a fork is either an offspring of Firefox or Chromium (Google's open source browser; Chrome, a Chromium fork, is Google's data-snarfing cash cow), resulting in a browser with different features, behavior, and/or appearance. Edge, a Chromium fork, has its own add-ons.
Alternative browsers include (for some, there is an option to install only for the installing user or all users, with the latter being the most useful):
- Firefox (Mozilla's heir to Netscape Navigator; extensions in Firefox Add-ons; offers help and forum relevant for it and forks)
- Firefox Nightly (bleeding edge release of Firefox, though rarely buggy; extensions in Firefox Add-ons)
- Firefox ESR (extended support, so Firefox features are delayed, which can be good or bad depending upon one's point of view; extensions in Firefox Add-ons)
- Vivaldi (Chromium fork; extensions in Chrome store; started by co-founder of Opera because he was dissatisfied with Opera's direction after purchase by Chinese company; very configurable; uses own ad-blocker; offers help and forum)
- Brave (Chromium fork; extensions in Chrome store; phones home least data; shields is ad-blocker and more; unique ad scheme; offers help and forum)
- Pale Moon (Firefox fork, but a divergence at v-28, with its own extensions; no telemetry, spyware, or data gathering; has trouble with some websites requiring login; use forum for help)
- LibreWolf (privacy-focused Firefox fork with Ublock Origin installed; extensions in Firefox Add-ons; download Windows installer here; offers FAQ)
- SeaMonkey (Internet suite with Firefox fork, email, newsgroups, with its own extensions; privacy fine-tuning; offers help / forum)
- Ungoogled-Chromium (Chromium without Google's data-snarfing/phoning-home; installation advice is contained on website; only supports Windows 10 64-bit)
- TOR browser (Firefox ESR fork masking IP addresses via a volunteer server network, with traffic running through three nodes, though that slows response; adding extensions or modifying settings allows for fingerprinting)
- Otter (created by Opera refugees; uses QtWebEngine wrapper around Chromium so the intrusive "auxiliary services that talk to Google platforms are stripped out"; support for Chrome store extensions not scheduled to arrive until v-2.0; Opera shortcuts are relevant; use forum for help)
- Opera (Chromium fork with its own extensions, but ones from Chrome store can be added after installing Install Chrome Extensions; its free VPN is only a proxy; cannot change Google search on Speed Dial; offers help)
VikingVPN offers a hardening guide for Firefox, with it being mostly relevant for forks.
Users should know that Google has now transitioned to Manifest V3,
which prevents ad-blockers from working as before, with ad-blockers
being the first line of defense against malware. Chrome, Chromium, and
Edge are directly affected.
The premier ad-blocker, uBlock Origin, is available for Firefox and Pale Moon / Sea Monkey. It doesn't store browsing data and is more efficient than most. Native
ad-blockers are included in Vivaldi (select Settings ->
Privacy), Brave (enable it
in Shields), Otter (enable in Tools->Content Blocking), and Opera (enable it in Settings).
Disabling
JavaScript will halt most ads, prevent scrolling interference, and
neuter malware, though it'll cripple web sites requiring login:
- Chromium, Edge, Brave, Seamonkey, Otter, Opera, and Chrome have a setting to disable JavaScript.
- uBlock Origin can block JavaScript globally via a single selection (Dashboard->Settings) or block it per site (click on the icon in the browser toolbar and click on </> at the bottom right of the popup).
- To disable JavaScript in Firefox and forks: type "about:config" in the address field, press Enter, accept the warning about being careful, type "java" in the search field, and double-click on "javascript.enabled" (you want Value=false).
- To disable JavaScript in Chromium and forks: type "chrome://settings/content/javascript" in the address field, press Enter, and click on "Allowed" to toggle the setting.
Installing an additional browser and configuring it for JavaScript-free operation is worth considering.
In its list of browser recommendations,
the FBI recommends that you not store passwords in them. Browser
settings allow users to specify if logins, passwords, and addresses
should be stored.
For Firefox, media autoplay can be prevented: type "about:config" in the address field, press Enter, accept the warning about being careful, type "media" in the search field, and double-click on "media.autoplay.default" (set
value=1), though this setting sometimes blocks video you want to see.
For Firefox ESR and Pale Moon, search for "media.autoplay.enabled" and
set Value=false.
Chromium does not offer a media autoplay
setting, though there are extensions that promise to do it. Disabling
media autoplay is essential when viewing websites such as Reuters and
Daily Mail which innundate users with popup video.
Some websites
do not work properly when an uncommon browser is used because they
simply look for a famous browser name and give up if one is not found
(many websites are only tested with Edge, Firefox, Safari, and Chrome).
Vivaldi slips on a Chrome avitar for problematic websites and Otter allows changing the name via Preferences->Advanced->Network.
Browsers
often allow for website and download validation, for example, Firefox's
"Block dangerous and deceptive content," Vivaldi's "Google phishing and
malware protection," and Opera's "Protect me from malicious sites,"
with Google Safe Browsing used to verify URLs, recording your browsing history in the process. With respect to downloads, Firefox admits
it "asks Google’s Safe Browsing service if the software is safe by
sending it some of the download’s metadata." Antivirus will perform that
check, so it can be disabled. Browser extensions which would accomplish
the same thing are offered by some antivirus vendors, for example, Bitdefender TrafficLight (for Firefox and Chrome), Emsisoft Browser Security (for Firefox, Edge, and Chrome), and Avira Browser Safety (for Firefox, Opera, and Chrome).
Your author queried vendors as to whether Google Safe Browsing was
used, but only Bitdefender, Emsisoft, and Avira responded, with their
replies being, respectively: "TrafficLight uses the Bitdefender engines
to determine if a URL is or isn't detected," "We do not use Google Safe Browsing, and "We're using our own protection mechanism to scan for malicious URLs."
Browsers
offer options to check spelling and use prediction services to more
quickly load webpages. However, Google is subcontracted to do all this,
meaning that everything you type is sent to Google to be stored forever
in order to completely monitize your actions. Google explains its
data-snarfing policies in detail in its Google Chrome Privacy Whitepaper. If you use Chrome, at least use incognito mode (other browsers call it private browing).
Only install extensions you need. Ones that use CSP injection to modify headers can interfere with other add-ons. A basic Chrome Extension can "steal passwords from an online banking website." Most sell your browsing history. Some are redundant, for example, if uBlock Origin is installed, Ghostery and Privacy Badger aren't necessary. Chrome Store extensions have a reputation for malware, with 85% having no listed privacy policy and 32% using third-party libraries containing known software vulnerabilities.
On a related note, an arbitrarily named concept called punycode could cause you to access a web site via a homograph attack. It's only an issue with Firefox
and forks, but it allows a URL to include ASCII coding to display
foreign language characters that look like the ones you want, but are
actually quite different, for example, using Russian letters instead of
English ones. To prevent this in Firefox and forks: type "about:config"
in the address field, press Enter, accept the warning about being
careful, type "network.IDN_show_punycode" in the search field, and
double-click on that entry (you want Value=true).
Q: Is it okay to leave the settings of my router on the default ones?
A: No. Disable remote administration (disable RDP, port 3389, on the router and all PCs), UPnP (Universal Plug and Play), telnet (port 23), ftp (port 21), and WPS (Wi-Fi Protected Setup). Default passwords must be changed to something reasonably difficult to guess.
Firmware should
be updated as soon as updates are available, as routers will not
auto-update or inform you that updates are available. Obtain updates
only at the vendor's web site. Another option is to install Linux-based
firmware, e.g., DD-WRT or Tomato, if your router is supported (many aren't), or buy a router which already has it installed.
And on a related note, the FBI recommends
that since the security of IoT devices (for example, baby cams and
smart appliances) is pretty much a joke, default passwords must be
changed immediately and they should be on a separate network from
everything else.
Q: How do I choose a secure password?
A: The best passwords are long sequences of ordinary words, for example, "maryhadalittlelambandsomewhitewine," because attackers guess the most likely possibilities, and, mathematically, the length of the password is exponentially more important than the complexity of the character-set used.
20 digits is currently too long to brute-force attack in a reasonable
amount of time, but given the increasing speed of computers, that number
will increase over time. Substituting a word that does not belong in
the sequence will increase security, for example,
"maryhadalittlelambandcukoowhitewine."
Q: How can I hide my IP address from web sites?
A: There are a number of ways to do that, but they usually involve a cost in money or response time.
Determine the IP of your router. For Windows PCs, use the instructions found here. Most virtual private network (VPN) provider websites can display your IP address, for example, NordVPN and ProtonVPN,
with a VPN being a network of servers designed to reroute Internet
traffic to mask IP addresses via an encrypted tunnel (read explanations
from Mullvad VPN, VikingVPN, and NordVPN).
Research the parent company of your VPN. Kape Technologies, which formally was a malware vendor, has bought Private Internet Access VPN, CyberGhost VPN, ExpressVPN, and ZenMate VPN, as well as websites that ostensibly offer objective reviews of VPNs.
Tor browser
can be used to hide IP addresses. Tor is a volunteer network of servers
that reroute your Internet traffic through a few nodes, often in
different countries. Response is slower than normal. Tor depends on exit
nodes, where the final server decrypts your data and passes it back to
the Internet. Exit nodes, which are often owned by the NSA, can be used to read traffic of unsuspecting users, so Tor browser shouldn't be used for banking.
VPNs are essential when using public Wi-Fi. Free ones are problematic because they sell your browsing data to advertisers or install malware to add your PC to a botnet (especially Chinese and Russian VPNs). Tom's Guide and PC Magazine have recommendations for Windows -- PC Magazine also has recommendations for Linux -- and AV-Test tested twelve of them. A VPN cannot keep you completely anonymous. Using a VPN with https websites, as you should, results in double encryption. VPN vendors offer different speeds, with the fastest option being best for watching video. The NSA's Selecting and Hardening Remote Access VPN Solutions is worth reading.
By
the way, Microsoft email servers are confused by VPNs and require
verification via your alternate email or phone. If you plan to use a VPN
with Microsoft email, make sure your VPN provider offers servers in
your city.
Q: There are some Windows updates available for my old PC hardware running Windows 7/8.1. Should I accept them?
A: Microsoft has released some strange updates for older hardware ever since Windows 10 was released, some of which
break things. For Windows 8.1 and previous: start Windows Update, select
the update in question but don't click on the checkbox, click on "More
information" to the right, and read the description that appears in IE.
If the description is generic and/or irrelevant, don't accept it. This
assumes you set Windows Update policy to "Check for updates but let me
choose whether to download and install them" and deselected the setting
marked "Give me recommended updates the same way I receive important
updates," as Microsoft can no longer be trusted.
To refuse future drivers in Windows 10, you need to do two things, though the second is not available with Home or S:
- Open Control Panel. Click on "System and Security." Click on "System." Click on "Advanced systems settings." Click on the "Hardware" tab. Click on "Device Installation Settings." Click on "No." Click on "OK."
- Type Win-r (Win is the Windows key),
which will display a pop-up to enter commands. Type "gpedit.msc" and
click on "OK." Double-click on "Administrative Templates" under
"Computer Configuration." Double-click on "Windows Components."
Double-click on "Windows Update." Right-click on "Do not include drivers
with Windows Update" and select "Edit." Click on the "Enabled" checkbox
and click on "OK."
Q: How do I research an error message shown on my Windows PC?
A:
Copy the error message exactly and note the time of the event. If your
PC is still running, copy and paste it into a file and save it. If your
error message is shown on a black, blue, or cyan screen -- called a Stop Error,
Blue Screen of Death (BSOD), or blue screen -- copy the error message
quickly, because it will only be displayed for a short time (for Windows
7 and previous, it will be the second or third line of text; for Windows 8/8.1/10, it will be found at the bottom-right of the text). Looking at Windows event logs (read Microsoft instructions and Bleeping Computer instructions) may give additional insight, especially if the error code flashed by too quickly to copy. Here's a Microsoft list of blue screen error messages. If you changed any hardware recently, that should be the first thing you investigate.
Search on the text of your error message at Microsoft Community to see if you can find a relevant answer. To debug BSODs, peruse Microsoft's Troubleshoot blue screen errors. Other BSOD forums are TenForums' BSOD forum and Bleeping Computer's BSOD forum.
You could do an Internet search
on the exact text of your error message, but there are many web sites
designed to attract you so they can make money on their ads or malware.
To prevent this, use a browser which allows for JavaScript to be
disabled (see the next section for details, though you may need to
install a second browser). Look at several answers and see what the
general consensus is, as most web sites contain nonsense or worse.
Q: My external drive displays errors. How do I fix it?
A:
The problem with computers is that there are many variables. The drive
could be on its way out. The external enclosure could be having
problems. The cable could be problematic. And even the USB port could be
failing, which could mean the PC's motherboard is toast.
HDDs usually fail with some notice, so making an immediate backup is the best
policy. SSDs sometimes fail with some notice, but they can fail catastrophically. If making a backup is not possible, remove the drive from the enclosure and use it in another unit to retrieve the data, assuming the drive isn't the problem, of course.
Determine
which hardware unit is defective via substitution. Use different
equipment and see if the errors continue (this is why computer shops
keep old parts). Ask your friends to see if they have a similar unit.
As for the USB port, assuming it's USB 3.0, use a USB 2.0 cable to convert 3.0 to 2.0 (StarTech USBEXTAA6IN USB 2.0 6" extension cable would be a good choice), as 3.0 is known for problems as parts age, but 2.0 is about as reliable as computer parts get.
Q: How can I make my PC faster?
A: You can upgrade memory, processor (for desktops), and/or system drive.
A minimum of 8 GB of memory is recommended for the average PC (any less and the PC might slow down due to paging). Choose the proper generation -- DDR, DDR2, DDR3, DDR4, and DDR5 -- as they are physically not interchangeable. Memory must be installed in matched sets in terms of both speed and latency.
If a mixed bag of memory is present, the system will run at the slowest
common denominator. Research both your motherboard and processor to
learn what memory speeds both support, choosing the fastest common one (it's usually okay to choose a slightly faster one for reasons of price or availability, though the system will not run at that speed).
Make sure you do not buy too much for your PC, as motherboards only
support a certain quantity.