Become a Patron of Ask Leo! and go ad-free!
Transcript
Hi, everyone. I’m Leo Notenboom for askleo.com. I’ve decided that it’s time to update the Ask Leo! Guide to Staying Safe on the Internet. It’s been a little while since the book was published and I just have this feeling that there are some things that I want to change, perhaps re-prioritize, emphasize, and basically just flush out in the book.
Many of you may know or realize that I take a somewhat slightly different point of view when it comes to anti-malware software. A lot of people put a lot of emphasis, a tremendous amount of emphasis in the latest comparison and the latest test and which one does and which doesn’t work better.
My belief is that once you’re beyond a certain point of I’ll just call it “proficiency”, in other words, the software works to a basic level, the incremental improvement you get from getting these “latest and greatest” to the “award-winner” the “test winner” or whatever, the changes it seems like every month or every year not only depending on which version of the product that they’re looking but who does the testing, once you get past a certain point of just basic functionality and things work good, the time you might spend agonizing over which package to get actually ends up being kind of sort of wasted effort.
My preference, my priority, when it comes to software to deal with security on your machine, is of course that you are the most important piece of software that deals with your machine. It’s you that needs to understand what we keep talking about when we say “common sense”. It’s you that needs to understand or be familiar with the basics of internet security, internet safety and keeping your computer safe on the internet.
That’s why the book exists. That’s why I emphasize common sense so frequently and actually have a few articles talking about the topic. There are also some new things on the radar. One of the things that’s not discussed in the book that I realized today really does need to be discussed in the book is the concept of the so-called Microsoft support scam.
It’s not just Microsoft that’s being impersonated in this way. Many different companies are being taken advantage of, the reputations of many companies are being taken advantage of as scammers try and call unsuspecting victims pretending to be from Microsoft or Dell or your ISP or somebody claiming that they’ve noticed your computer is causing problems on the internet which of course is not the case at all.
What they do is they scam you out of money. That’s not discusses in the book and I think it’s become so prevalent and so common place these days that it’s something that actually deserves it’s own chapter. Now, if you’ve been paying attention, to Ask Leo! on Business, you’ll know that is a series of articles that I’ve written that are intended to all come together in a book at some point on business, on having a web presence on the internet.
What I’m going to do with this update of Internet Safety is along those same lines. Over the course of the next few weeks, I’m going to be publishing updated articles that will themselves end up folding into the book. The book will be an expansion on the articles that I publish here but I think that you’ll see over the next few weeks, a nice, broad coverage of the issues that really do come together to help make you safe on the internet as you do whate3ver it is you when you use your computer.
So, here’s where you come in. Down below this video on askleo.com is a link to the current book’s Table of Contents. If you already have the book – fantastic – you know exactly what’s inside, but if you don’t, that’s fine; down below is a PDF that has the Table of Contents and actually I think the first ten percent of the entire book.
I encourage you to take a look at that because what I’d like you to tell me is what’s missing. What needs more emphasis in this book? What is confusing? What is there that you expected to be in a book discussing internet safety and keeping yourself safe on the internet?
And even if you don’t take a look at the Table of Contents or you’ve never cracked the book, by all means, let me know just what’s your biggest concern when it comes to internet safety? What’s your biggest concern, your biggest problem, the thing you find yourself either the most worried about that prevents you from fully enjoying whatever it is you are doing with your technology or the thing that you’re actually struggling with.
If you’ve got a security related issue that actually is in your way right now. Let me now what that is. I’d like to understand what that is and see if it is something that I can fold coverage of into the next version of the Ask Leo! Guide to Staying Safe on the Internet.
So as always, please, if you’re watching this anywhere on askleo.com, come visit this link. That’s where you’ll find the PDF of the first ten percent of the existing book and that’s where I’d love to have you leave your comments about what you might want to see expanded on, explained or covered in the next edition.
Until next week, I’m Leo Notenboom for askleo.com. Thanks for watching. I’ll see you then.
In the “Don’t Believe Everything You Read”, should include (if it doesn’t already) a bit on “scary messages”. Scary messages include malware or virus infection notices and even messages about software being out of date. Not all of these scary messages are from internet malware but a lot of them are. Some of them are warnings from the anti-virus, anti-malware software that one has installed and some could be from the software included with the computer manufacturer’s software.
Experienced computer users have a good idea of the origin of the scary messages but those less experienced will probably jump to the conclusion that the messages are from the internet and some disaster that they can fix is about to happen if you don’t follow their instructions which usually lead to a disaster that wasn’t going to happen in the first place.
I have a rule of thumb that I use. If the message came from the internet, don’t trust it at all and never click on it. Close down the internet browser and use the Task Manager to do so if necessary, check the logs of the anti-malware and anti-virus. Run scans if there is something indicated in there just to be sure. Run Ccleaner to clean out the temporary files, reboot to refresh the computer’s memory. If the messages were about out of date software, go to the manufacturer of the software and verify if your software is indeed out of date.
“My preference, my priority, when it comes to software to deal with security on your machine, is of course that you are the most important piece of software that deals with your machine. ” – I couldn’t agree more. Securing a PC these days is an extremely simple 5-step process:
1) Use an antivirus products from a reputable company – Windows Defender, BitDefender, Avast!, Sophos, etc., etc.
2) Use the 3-2-1 approach for backing up.
3) Use common sense.
4) Use common sense.
5) Use common sense.
I’d like to see the 3-2-1 rule for backups discussed (I don’t see it mentioned in the Table of Contents). Many people simply back up to an external hard drive that’s sitting next to their computer and think they’re golden – but, of course, they’re not. A power surge, burglary, fire or flood could result in the loss of both their PC and their backup drive. The 3-2-1 rule is that you should:
1. Keep three copies of data, including the copy on your PC.
2. Back up in two different ways.
3. Keep one backup away from your home (n the cloud, for example) or on disaster-tolerant media (such as an ioSafe hard drive).
In the case of #3, I prefer to do both options: use the cloud and disaster-tolerant media. It’s overkill maybe but, when it comes to data, there’s no second chances.
Perhaps a word about privacy on the Internet. The default settings on social media, and on W10 horrify me, and that they can be changed without notice. Yet young (I’m 71) people don’t seem to care and just accept there is no privacy these days. I may be old-fashioned in thinking that I ought not put anything anywhere online that I wouldn’t want the world to know?
A few things come to mind regarding security. The first you addressed – namely scammers. This just happened to my 85 year old Dad a few days ago. And, not knowing what to do (oddly he usually calls me right away but did not this time) he called the number on the screen. After the guy walked him thru several keystrokes and brought up money, Dad did have the sense to tell him he would take it back to the local shop where he bought it and the scammer immediately hung up. He then called me and we got it back up and running (after the NeverNeverNever…..speech from me…).
Speed would be another issue that could be addressed, namely some programs, while doing the job, bring your pc to a crawl while others don’t use as many resources.
Maybe a few words about the scams where you get these phonecalls from “the microsoft computer department” warning you that you need to give them access to your computer to fix a virus.
Or the one where they post a fake customer service call line and ask for access to your computer.
Leo wrote a couple of articles about the first point.
https://askleo.com/i_got_a_call_from_microsoft_and_allowed_them_access_to_my_computer_what_do_i_do_now/
https://askleo.com/is_my_isp_calling_me_to_clear_up_my_problems_with_windows/
On your second point, I’ve heard of a lot of people burned by that scam. People Google for the solution a problem and get directed to a fake support site when they think tey are going to the company in question.
Hi Leo, How to protect yourself from user contracts that automatically renew the software annually and charge your credit
card annually. I sometimes find need for a program and only need to use program once.
User agreements are often 5 to 6 pages in length and worded so that a lawyer is needed to read them. If I use the program
once I don’t mind paying a one time fee; but Auto- renewal is my problem. Somebody needs to write a program that reads
and interprets user agreements.
Many of those insist you cancel a certain amount of time before the renewal date. The method I use is to send a cancellation notice as soon as I’ve signed up stating that I want the contract to end after the first contract period. Many companies are sneaky and make the cancellation page hard to find. Others make it easy to sign up on line, but insist you send in a written cancellation notice. If you make it a habit of canceling as soon as you’ve signed up, you have time to do the research on how to cancel, and you won’t forget at the end of the contract period. I’ve done this with every cell phone contract I’ve ever gotten.
Such a program would never work – the licenses would just change the weasel words around to avoid whatever it is such a program would detect.
Auto-renewal is easy: whenever you get an unexpected charge, contest it – first with the vendor, and then with the credit card company.
To be honest, I have your book, but it is on my pile of things I need to do. I am trying to start a chain of stores. I have a couple main concerns about the computer system: 1) How do I make sure an employee does not accidentally visit an infected site or open a paperclip or in some way infect the whole IT department ? 2) When someone works on the system or does coding, how do I know the person or company will not leave a “back door” or some malicious code ? I know you have covered many of these security measures, but is there some more simplistic solution ? Thank you again !
There are no simple solutions to either of those, I’m afraid. If you can’t trust someone, then …. they probably shouldn’t have access to your systems. People are, by far, the weakest link in the system.
Unfortunately there is no such thing as “common sense”. There definitely is no one-size-fits-all when it comes to protecting a computer.
It’s best to tailor your approach to anti-virus/anti-malware based on the person(s) who will be using the computer. Some will require more protection, some less. Talking with them and/or knowing their capabilities and possibly past history with problems or threats will be a good guide. Some people listen and learn, others it goes in one ear and right out the other, so you have to protect them against themselves.
Unfortunately, some people should never use a computer unassisted, but you can’t really tell them that. (sigh)
To a small degree, perhaps, but, with current PCs, it really isn’t possible to significantly enahnce out-of-the-box security (Windows Defender, Windows Firewall, SmartScreen, etc. combine to provide very solid security). As Leo said, it really is about self-education and common sense.
I think you should warn about the dangers of clicking on links in emails and give safer alternatives. I think that the lostpass episode with lastpass indicates that phishing is becoming much more sophisticated and less obvious. I have also noticed that a lot more installation programs are smuggling in other programs, toolbars, etc. if you don’t select the custom option. Some of these are very hard to get rid of.
Hi Leo,
I don’t know how many times I have received calls from those scammers pretending to be working for Microsoft. I know for a fact that Microsoft would never call you for something wrong with your computer unless you have an open ticket for a special case and for which you had called before in the first place. My reaction generally is to get very mad at them and hangs up. What I really would like to see in your book is a chapter on how to deal with these kinds of harrowing experience in order either to report or discourage those scammers or any other one for that matter.
As always, thanks for the good work you’re doing, helping us stay safe in this crazy digital world out there.
One thing that you can do, if you have the time:
Pretend to take the bait.
Pretend to be ssslllloooooowwwwwwwwwwwwwww as hell, or that you may have bad hearing or some other problem.
Tell that you’ve done as instructed, but that it don’t work.
Reboot randomly, or pretend that you are rebooting.
Slowly repeat everything they say, but with many errors. Spell out everything.
NEVER ever give any exact informations.
The goal of the game it to make them loose as much time as possible, while having some fun at their expance.
After some time, tell them they are crooks and hang up.
You made them loose time that they could have used to effectively scamm someone else. You win, someone else win, the scammer loose.
There’s really not much you can do in terms of reporting, and simply disconnecting is usually the best option. In a comment to another AskLeo! post, somebody mentioned a service that may help in blocking these calls – but I can’t remember what it was called. Maybe somebody who has a better memory than I do will be able to point you to it……
How to deal with is easy: hang up. Reporting and discouraging, to use your terms, is pretty much a waste of time. The people that you would report to already know, and hanging up is the best discouragement of all.
Thanks to everyone for their reply. I really like Alain’s answer above and I am willing and ready to try it next time that happens.
Two points
1) I use NoScript (a Firefox add-on) to protect me from executing malicious scripts. The trouble is now-a-days just about every web site requires you to disable NoScript at least partially which seems to defeat the purpose of NoScript. (In my opinion Web page designers seem to use scripts even when there is no need for them.)
2) My Avast antivirus software really slows down my computer. (I’m running W7 and on an i5 chip so it’s not a slow machine.) We sometimes joke that running Avast is worst than having a virus. I would like you to deal with the options that can be disabled in Avast without exposing oneself to too much risk. Surely, it’s all about balance.
PS I know its Avast causing the slow down because the Avast animation shows when Avast is scanning and whenever this occurs, the system just slows down.
“My Avast antivirus software really slows down my computer.” – It can be extremely difficult to work out the cause of issues such as this. In your shoes, I’d temporarily uninstall Avast! and load up Microsoft Security Essentials. If the problem persists, you’ll know Avast! isn’t the culprit (and can start looking for other causes). If the problem doesn’t persist, you can either stick with Essentials (which isn’t at all bad, by the way) or shop for another solution.
What do you think about Open DNS? There have been several times where it has “saved” us from ourselves here at work. It is only one of our methods of “protection” but as you have stated and of course is absolutely critical, software or hardware cannot save you from yourself. With over 30 computers connected to the internet here at work we have had to try to do our best at saving ourselves from ourselves. I not however recall you ever speaking on Open DNS and was wondering if it might not be a bad idea to include it in your book? In the appendix? Just a thought
Ron.
OpenDNS is awesome – we use it home. While it’s malware/phishing protection is, in my opinion, quite weak, the content filtering capabilities are top-notch. I’d say OpenDNS is probably the easiest and best way to stop devices on your network from intentionally or unintentionally accessing inappropriate content. And, best of all, it’s completely free for home use.
Hi Leo,
In the TOC you mentioned MalwareBytes, which I use. I also use Spybot S&D. I don’t know if you mention it, but I find it to be another great tool and I believe it helps with things that MalwareBytes and anti-virus s/w don’t address.
Thanks!
I don’t think Spybot is widely recommended in the security community these days. It used to be a solid utility but independent tests in recent years have found its detection/removal capabilities to be well short of those of competing products.
I was recently reading an article by Bob Rankin, someone you have recommended. He was talking about Microsoft Security Essentials not doing well in tests of anti-malware suites. You mentioned that you do not feel the need for anything over and above a basic proficiency of the software to do its job. I am using MSE and have a selection of online scanners that I run as needed. Would you please elaborate on your points as you have in the past?
MSE provides sufficient protection. Let’s call it 95% (I’m not saying it is 95% … the number is purely an example). So, maybe you can get 96% or 98% coverage with another tool. Is it worth it? When the other tools also include advertising, or upsells or adversely impact your system performance my take is no. That’s not to so you shouldn’t – you certainly can if you want to, it’s to say that in my mind you don’t need to. YOU are the most important piece of security “software” when it comes to staying safe.
I completely agree. It’s also worth noting that MSE/WD’s detection capabilities really aren’t too bad. According AV-Test, in October 2015 WD detected 99.1% of “widespread and prevalent malware” which is only 0.5% off the industry average.:
https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2015/microsoft-windows-defender-4.8-153747/
Combine that detection rate with features such as SmartScreen and common sense security habits and you’ve got an extremely solid level of protection.
Also, as you say, the detection rate is only one of the aspect that should be considered; ease of use, performance impact, the level of intrusiveness and cost should also be taken into account. And, when you look at the big pictures, MSE/WD is a pretty solid choice.