Become a Patron of Ask Leo! and go ad-free!
Transcript
Five tips to getting the most out of your technology. Tip number four. Stay safe.
Now, I get the questions about security all the time as you might imagine. One of the most common questions I get is, well, what security software should I use? Whatâs the best? I get it, like I said, all the time.
Now, as it turns out, thereâs of course a fair amount of disagreement on exactly what software packages or package you should be running. Should you do an all-in-one; should you use it from this vendor or that vendor? Whatâs important? Whatâs not important? Do the ratings matter? What companies do they come from? Behavior of the particular package, whatever?
You know what, itâs actually not the right thing to focus on. The other question I get, of course, is well just the general one. How do I stay safe in todayâs world online with my technology? Itâs not an obvious thing to do for most people. Now, I have lots of articles on that just like I do on security software, and in fact, my most important book here is all about staying safe online.
It has several steps and a bucket load of recommendations of things that you should do and software you should run and things you should watch out for while youâre online or while you are using your software. But really, all of that, everything in that book, everything on your computer can be summed up in one phrase.
Whatâs the most important security software you have? Right now? Itâs the software up here. Itâs the software in your brain. The most important point in my book: there is no security software on the planet that can protect you from yourself. The technology is important, but you are the one in control; you are the one who can bypass every security barrier thatâs put in place.
Itâs how a lot of malware gets on peopleâs machines right now. It will bypass firewalls; it will bypass security software; it will bypass any number of different things, because the user wants whatever it is thatâs been promised by the software or the attachment or the whatever that theyâre looking at.
Thereâs nothing that can protect from yourself. So, what does it mean then to use what we often call âcommon senseâ which of course, isnât really all that common. Itâs learned behavior; itâs stuff that basically you need to know; you need to think about.
The most important rule of staying safe on the internet is actually very simple. Exactly two words: be skeptical. If itâs too good to be true, guess what? Itâs probably not true. Heck, even if it sounds too good, it may not be. Itâs still something you need to be wary of.
Watch for wild claims. Something for nothing. Free, the word free can be used for good and for evil. Promises in spam; promises in web ads; promises in product sales. These are all things you need to watch for, and you need to be skeptical about.
Software youâve never heard of, from someone youâve never heard of? Be skeptical. An attachment youâre not expecting. You know that one where they send you some kind of delivery notification that says: this package you ordered is going to be delayed? A) You never ordered any package. B) You have no idea why theyâre sending it to you via whatever shipping company that is, and C) They want you to open an attachment.
Guess what? Itâs fake. Itâs malware. Itâs something that you donât want. You need to be skeptical. Check it out first. What does it mean to check it out? I get that a lot too. I mean how do I know if something is legitimate or not?
Google is your friend. Search engines are your friend. Look it up. Thereâs usually, especially for the really common scams, thereâs a ton of information on there on what they are, why they are, how theyâre bad, what to look for specifically with that email or that product or that whatever it is you have in front of you. Use the tools you have available.
Do some research. Use sites like Web of Trust, and I think there are some others that actually rate the trustworthiness, if you will, of lots of different websites on the internet. If youâre giving a product from company A and company A has a website, look up that website on Web of Trust, or like I said, some of the equivalent sites.
Chances are, thereâs good information about them. And if thereâs no information, maybe the product is brand new, maybe the company is brand new, maybe itâs just not listed. I hate to say it, but assume the worst. Start looking for other third parties to get information about whatever it is youâve just found.
Heck, Iâm a third party. Iâm Ask Leo!; I will often have information about tools and software and sites that people havenât heard of. Maybe I have. The converse is also very, very true. Itâs very common for me to get a question about, you know, what do you think about such-and-such package? Iâve never heard of them.
Well, you know what, if Iâve never heard of them that doesnât necessarily mean that theyâre bad; it doesnât really mean anything at all. Itâs no data; itâs lack of information. I may be able to sometimes give you a recommendation that says well, you know what? That kind of tool? You donât need that kind of tool at all.
This is what you should do instead, or Iâve never heard of them. I donât know what theyâre doing, but hereâs another tool that does the same thing that I have heard of and that I trust. These are the kinds of recommendations that youâll find on the internet from reputable sites that you can build up a level of trust with. Hopefully, like Ask Leo! but thereâs lots of other sites and other sources of information like that.
Always, always, always be cautious when you install software. When you do install software, never, and I hate to say it but I really have to say, never, ever accept the default options. There are just too many things that happen when you do.
The important thing to remember about default options is that the defaults are there for their convenience, not yours. In other words, the defaults are there to set up the software the way they want it to be set up, not necessarily the way you want it to be set up.
Always assume that you must not click on, you know, the default options. Always click on customize, if customize is the option there. Clicking on customize is essentially not accepting the defaults. You always want to customize; you always want to not accept the defaults.
A couple of great examples. What happens when you accept defaults can vary a great deal. Windows 10, the most recent example is a good example because if you accept the defaults for Windows 10, well, youâve accepted a lot of privacy exposure; youâve accepted a lot of options that potentially send information to Microsoft.
Now that information may be totally benign; thatâs a topic for another day, but the point is when you accept the defaults, you donât even know that those options are being selected for you; you might want something else. If you want something else, youâve got to choose the customize or not default options.
In the worst case with other software packages, particularly free software thatâs downloaded from the internet, when you donât choose customize, when you allow the defaults to happen, you can get foistware â software that you didnât expect, software that you donât want; you could even get malware as part of the installation that you accept by default.
So donât accept defaults. The bottom line is that companies on the internet need to make money. Itâs how they survive. Even free software and sites need to make money in order to, at a minimum, recoup their costs, because that software is not free to develop. Those sites, theyâre not free to run.
The same is very true for Ask Leo!. What I do, what you see, what I make available on the internet, costs me money. That means I need to make money somehow to recoup those expenses and maybe get a little bit more to make it, Iâll call it worth my while or get a little bit of return for the value that I hope that I provide on the internet.
That doesnât necessarily mean that all free things are bad. It does mean, though, that those things that are offered for free are somehow going to be looking at ways to get revenue to sustain their operations. In the past, weâre actually at an interesting turning point right now.
In the past, for the past, Iâll say twelve years that Iâve been doing Ask Leo!, advertising has been a very, very lucrative way of recouping the cost. Itâs made Ask Leo! possible. The problem, of course, is that with the rise of ad blockers and other things, thatâs just kind of sort of going away.
And itâs actually putting a lot of sites including Ask Leo! in a tough position, because what we had been counting on for revenue is going away. What that means is that these companies, all of the companies, myself included have to make strategic decisions about exactly how theyâre going to replace that revenue.
Many companies will do good things. I hope Iâm one of them. I hope Iâm going to end up doing aboveboard, legitimate things like selling books, and Iâve got some other options in the works as well, but these are all aboveboard, obvious, clear ways that, yep, you will exchange money for value â we hope.
Other companies â not so aboveboard. Other people are in a tough position where they are having to make hard decisions about how theyâre going to recoup their revenue. Sometimes that means they slide in software that somebody else pays them to slide in without your knowledge.
Thatâs an example of bad decisions by those companies that end up affecting you in ways you didnât expect for the free software that wasnât really free at all. Trust has to be earned. Always, always be skeptical. Do your research. The interesting thing though is that trust also has to be, Iâll just say, maintained.
The issue is that, well, things change. We know things change. Heck, it was the topic of our first tip. Companies get sold. Software changes. Priorities change. Desperate people do desperate things. If some website, for example, suddenly sees all of itâs advertising revenue go away, that could be desperate time for that site.
They may start to do some things that are less than aboveboard. Iâm not one of them. Iâll never, ever do that, but again, your trusting that what Iâm telling you is the truth, and that what Iâm telling you will always be the truth. These are things for every website, for every product, for every company that you interact with or do business with on the internet.
You need to keep in mind: things change. Iâm not saying donât trust. Like I said, I hope you trust Ask Leo!. I hope you trust other sites out there that provide information and provide value to you on an ongoing basis. There are sites that are worthy of your trust.
But always know that things can change. So always know that, yeah, weâll keep an eye out. I trust them today; Iâll trust them tomorrow but if all of a sudden something bizarre happens, maybe we need to re-evaluate that trust. Like I said, companies get bought and sold. Desperate people do desperate things. Change is one of the unfortunate realities of the dynamic environment that the internet really provides us all.
When in doubt, how do you know? What do you do? When in doubt, do nothing but ask questions. And in fact, keep asking questions until youâre satisfied with the answers. I really mean that, because a lot of people will trust a little too quickly. They wonât ask enough questions before downloading the software.
Theyâll be satisfied with assurances from the people that have a vested interest in misleading you that whatever it is is alright. The wonderful example are things like password reset mails that you might get. You know, âWeâre about to close your account. You must provide us your account information or weâre going to close your account.â
If you reply to that and say, âHey, are you legit?â of course, theyâre going to say theyâre legit because they want to keep fooling you, and they want to get your account information. Itâs a trap. Itâs a scam. Donât do it. Ask more questions of more people before you do anything whenever there is a doubt about what you are about to do.
This is how you avoid scams; this is how you avoid malware; this is how you avoid foistware, and ultimately, with everything else we might throw at it, technology or otherwise, this is how you stay safe when youâre using your computer and the internet.
Itâs way more important than anything else you can do. As always, I would love to hear your reaction to my thoughts. I would love to hear your ideas on ways to stay safe using the internet, basically avoiding many of the things that Iâve talked about.
Again, as always, hereâs a link. Thereâs the article on askleo.com where you can leave your comments. They all get read. They do get moderated so that we actually donât get the spammers out there trying to sell you stuff that is not trustworthy.
What you donât see of course is that we do see a lot of that kind of stuff â Iâll just say come through the comments stream on Ask Leo!
So, let me know what you think. How do you stay safe? How do you, what steps do you take to stay safe on the internet? And I will see you again next week with our last tip â tip number five which I think is something that will kind of surprise you in the sense that youâll say, âOk, great, well, given tips number one, number two, number three and especially number four, how do I do tip number five?â Weâll talk about that next week. Until then, Iâm Leo Notenboom for askleo.com. Thanks for watching. Take care.
The One aspect which seems to be paramount, is, KEEP ALL OF YOUR SOFTWARE UP TO DATE.
Donât use Flash, or, Java; Turn them off in the browser options; Also, (in the Browser), use only
Session Cookies, and do NOT allow 3rd party cookies.
Where possible, only use 2 Factor Authentication, especially for Banking; Maybe look to use Yubikey?
If you really feel confident, consider (Full Disk) Encryption.
But consider THIS, you ARE a commodity, so therefore, your details WILL continually prove to be of
interest; If That, was not so, Google, Facebook, M$, etc., would allow (encourage), End-to-End encryption.
Keeping only session cookies is feasable, but not practical. That way, no polylingual site can ever remember that you prefer this or that language : That Japaneese site will keep been displayed in japaneese untill you switch to english, every time you go there.
No site can remember your preferences from visit to visit.
Not allowing third party cookies is often not a viable solution : Many sites demanding you to log-in use an intermediate login and validation site, and that site need to use cookies to pass back your logged in status. Those cookies are effectively third party cookies.
Two factors authentication often demand that you have a smart phone. NOT EVERYBODY have one ! If they use a text message and your plan donât include text messages, you also just canât use two factors.
Yeah, I donât worry about cookies at all. The inconveniences and disadvantages associated with blocking them far outweigh the advantages, in my opinion.
A mobile phone is not a prerequisite for 2 factor authentication; You can use alternative methods
such as the Yubikey; 2FA was around before the mass adoption of the Mobile phone.
Iâve seen some websites offer to make a voice call which would work with a land line for 2FA, others from banks use a list of onetime challenge response passwords, others use one time challenge response password calculators. From what Iâve seen, many websites offer more than one method of 2FA.
W.r.t. cookies, it was my belief, that IF there were specific requirements, then you could White List those particular Sites.
I run, as I have outlined above, and do not experienced any problems; In fact, I do not even allow, automatic Re-directs.
Staying Safe, is really about, becoming Enlightened, and Taking Responsibility.
The Article was about Staying Safe, NOT, Lets-risk-it.
Sure, proof-of-concept cookie tossing or cookie injection attacks have been demonstrated, but theyâre not something thatâs happening in the wild and, for a number of reasons, nor are they likely to. The fact is that, from a pure security standpoint, people really donât need to worry about cookies.
NOT reading âTerms & Conditionsâ, may also, inevitably, lead to Exposure:-
http://www.techentice.com/snapchat-now-reserves-right-to-use-and-distribute-taken-in-the-app/
Thatâs good advice and theoretically true, but in practice most terms and conditions are so long and convoluted as to be virtually indecipherable. Iâve almost given up trying. But when I see one like that, it raises my skepticism level a few points, so I still consider it useful information.
Totally agree. Additionally, in the case of really unscrupulous developers, thereâs no guarantee that the EULA will even be accurate. By far the best advice is to only install apps from well-known, well-established developers that have been downloaded from a trusted source â preferably, the developerâs website.
âHow do you stay safe?â â I never complete a financial transaction on a website Iâve opened via an emailed link.
I always thought I was smart enough to be able to spot a scam from a mile away, but a couple of years ago I received an email that made me realize that maybe I wasnât. The email in question was from Costco (supposedly). There was nothing unusual about that: Iâm a Costco member and it looked exactly the same as the other emails I receive from them. Even the âFromâ field was the same as usual. The email linked to a page of special offers that looked exactly like a Costco page. Even the links on the special offers page worked properly, redirecting you to other genuine Costco pages â click the Costco logo and youâd be taken to the genuine Costco homepage, for example. But that special offers page was not genuine: it had a CoTSco.com (or something similar) URL rather than CoSTco.com.
It was by far the most convincing scam email Iâd seen and, while I spotted the fake URL, Iâm sure many other people didnât. It certainly made me realize that I probably wasnât as immune from scams as Iâd thought.
For one reason or another I know that my computer has malware, in spite of the AV companyâs attempts to reduce it, most likely due to the kind of actions Leo has been talking about in this vlog. I know because when I bought the computer last year I could surf and stream without the streaming being interrupted by loading adverts on web pages. These days, the stream is always breaking up. I have a lappy with an Intel Pentium 2.40 GHz processor and the full capacity of 8GB RAM, it really shouldnât be doing that, Iâve been told. Have used Malwarebytes in the past but never really felt it was doing enough, so I didnât load it on this PC and like I say, the AV company claim of addressing malware has left me relying on it somewhat. I would love some advice on how to remove malware myself, if you have the inclination, Leo đ
I canât help you remove your malware, but I can tell you that relying on your antivirus program to keep you safe is risky. By various reports, AV programs catch between 25% and 50% of malware, and what one catches, another might miss. And donât be too quick to dismiss Malwarebytes â itâs well tested and trusted, and provides a level of protection that AV programs donât.
The percentage is closer to the high 90s, but that still means malware can get through. Malwarebytes is great, and is mentioned in these articles, but in addition to Malwarebytes and AV programs AdwCleaner, also mentioned in the first article, has removed stuff all those others missed:
https://askleo.com/how-do-i-remove-pups-foistware-drive-bys-toolbars-and-other-annoying-things-i-never-wanted/
https://askleo.com/how_do_i_remove_malware/
Mark â Where does your 90% figure come from? Mine were averages from tests of a variety of providers, and Iâm curious who comes in at 90%.
Hey, thanks for all the input on my post! Wish me luck đ
It really depends on what numbers you choose to believe. These days, the bad guys use something called crypting services. These services take malicious code and use encryption to obfuscate the code in such a way that it will not be detected by antivirus programs. Additionally, the effectiveness of the obfuscation of the code is checked by running it against pretty much every antivirus engine on the market. And all of this can be totally automated. What this means is that, if youâre unlucky enough to be hit by newly obfuscated malware, the chances of your antivirus program detecting it may be quite slim.
This isnât to say that antivirus programs are useless. Theyâre pretty good at detecting old stuff and heuristics may even detect newly obfuscated stuff. But donât count on it. And donât rely on your antivirus software to mitigate risky behaviours.
Very good advice. Most old PC users have learned this the hard way. But, your article and articles like it are great. They help initiate the novice. Without nurturing novices to make them âprosâ the PCs days are numbered.
In addition to the recommendations of 2FA, not clicking links and running a firewall (I use AVG) and not accepting the defaults when installing, I also use a virtual machine for the stuff that I still donât really trust but still like to explore.
Works for me, when something nasty happens it is in my virtual machine and I just delete the machine and get another one.
Youâve basically said it all Leo in your video. Sometimes, it takes people to get burned first in order to understand the importance of being âskepticalâ while on line. It had happened to me in the past long ago and I can tell you that I have learned my lessons. Another important fact is that some people lack the basic knowledge on how to configure their web browsers, or even worst they just cannot resist, for whatever reason, the urge to click on a link for a website even when WOT or Virus total or Malwarebytes anti-Malware tag the link or the site as suspicious.
I just hope they will learn inchmeal after such bad experiences.
Keep up the good work Leo!
Since there are ads now that actually give you malware, I always use ad-blockers. On sites I trust, like askleo, I white list and get the ads. I also use Privacy Badger but it only blocks tracking cookies and even then allows you to allow if you want to, for example Amazon tracking cookies that keep up with your shopping cart, YouTube cookies that put the âwatchedâ on the sub page, etc. . I block all third party cookies and allow the rest ⌠provided they pass Privacy Badger. As for phishing, I never click the link, I go to the site the same way I always do and check there to see if there is a problem. Result: so far, so good.
âOn sites I trust, like askleo, I white list and get the ads.â â Whether or not you trust a particular website is actually irrelevant. Pretty much every website that displays ads uses an ad network like Googleâs DoubleClick or Zedo. And when malicious ads are pushed out using these networks, thereâs not much the site owners can do about it. The websites of the New York Times, Last.fm, the London Stock Exchange and the Huffington Post have all been used to distribute malware, as have many other extremely well-known websites.
Itâs worth noting, however, that this type of malware usually infects machines by exploiting vulnerabilities in old, unpatched versions of apps such as Flash. In other words, if your apps are update and youâre running a AV, the risk of your computer being infected in such a manner is quite small.
Privacy Badger blocks those and any others that I tell it to, even if they are green to start. That is why I use both.
Oh, worst case, âRestore from imageâ.
Just caught this, for what itâs worth:-
http://arstechnica.co.uk/security/2015/11/user-data-plundering-by-android-and-ios-apps-is-as-rampant-as-you-suspected/
The point about the mental software is the best. I was convinced to hand over control of my computer to a supposed Microsoft technician and only because I was able to disconnect the internet once I realized I was bamboozled. I still had to revert to a previous restore point, and lost a ton of data, but stillâŚvery embarrassing!
Sorry to read that, Lew. The best advice is to assume that anybody who makes unsolicited contact â whether by email, telephone, letter or a knock on the door â is a scammer and to provide no information or cooperation until youâre 100% satisfied that they are not. A legitimate caller will be understanding if you want to ask questions and will be understanding if you want to take some time to check them out. And, unless youâve asked a company for technical support, nobody ever â EVER! â needs access to your PC.
Leo, enjoy listening to your videoâs. As a novice much of it goes over my head. As I watched the videoâs a pop up kept coming up that id I subscribe to your newsletter I could get a book on why the computer is slow. Since Ialready subscribe, any way I can get this booklet?
Sure â just reply to an emailed newsletter asking for a copy and weâll get you one.