Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

An Update to My Internet Security Book

Become a Patron of Ask Leo! and go ad-free!

Transcript

Show Transcript

29 comments on “An Update to My Internet Security Book”

  1. In the “Don’t Believe Everything You Read”, should include (if it doesn’t already) a bit on “scary messages”. Scary messages include malware or virus infection notices and even messages about software being out of date. Not all of these scary messages are from internet malware but a lot of them are. Some of them are warnings from the anti-virus, anti-malware software that one has installed and some could be from the software included with the computer manufacturer’s software.

    Experienced computer users have a good idea of the origin of the scary messages but those less experienced will probably jump to the conclusion that the messages are from the internet and some disaster that they can fix is about to happen if you don’t follow their instructions which usually lead to a disaster that wasn’t going to happen in the first place.

    I have a rule of thumb that I use. If the message came from the internet, don’t trust it at all and never click on it. Close down the internet browser and use the Task Manager to do so if necessary, check the logs of the anti-malware and anti-virus. Run scans if there is something indicated in there just to be sure. Run Ccleaner to clean out the temporary files, reboot to refresh the computer’s memory. If the messages were about out of date software, go to the manufacturer of the software and verify if your software is indeed out of date.

  2. “My preference, my priority, when it comes to software to deal with security on your machine, is of course that you are the most important piece of software that deals with your machine. ” – I couldn’t agree more. Securing a PC these days is an extremely simple 5-step process:

    1) Use an antivirus products from a reputable company – Windows Defender, BitDefender, Avast!, Sophos, etc., etc.
    2) Use the 3-2-1 approach for backing up.
    3) Use common sense.
    4) Use common sense.
    5) Use common sense.

  3. I’d like to see the 3-2-1 rule for backups discussed (I don’t see it mentioned in the Table of Contents). Many people simply back up to an external hard drive that’s sitting next to their computer and think they’re golden – but, of course, they’re not. A power surge, burglary, fire or flood could result in the loss of both their PC and their backup drive. The 3-2-1 rule is that you should:

    1. Keep three copies of data, including the copy on your PC.
    2. Back up in two different ways.
    3. Keep one backup away from your home (n the cloud, for example) or on disaster-tolerant media (such as an ioSafe hard drive).

    In the case of #3, I prefer to do both options: use the cloud and disaster-tolerant media. It’s overkill maybe but, when it comes to data, there’s no second chances.

  4. Perhaps a word about privacy on the Internet. The default settings on social media, and on W10 horrify me, and that they can be changed without notice. Yet young (I’m 71) people don’t seem to care and just accept there is no privacy these days. I may be old-fashioned in thinking that I ought not put anything anywhere online that I wouldn’t want the world to know?

  5. A few things come to mind regarding security. The first you addressed – namely scammers. This just happened to my 85 year old Dad a few days ago. And, not knowing what to do (oddly he usually calls me right away but did not this time) he called the number on the screen. After the guy walked him thru several keystrokes and brought up money, Dad did have the sense to tell him he would take it back to the local shop where he bought it and the scammer immediately hung up. He then called me and we got it back up and running (after the NeverNeverNever…..speech from me…).

    Speed would be another issue that could be addressed, namely some programs, while doing the job, bring your pc to a crawl while others don’t use as many resources.

  6. Maybe a few words about the scams where you get these phonecalls from “the microsoft computer department” warning you that you need to give them access to your computer to fix a virus.
    Or the one where they post a fake customer service call line and ask for access to your computer.

  7. Hi Leo, How to protect yourself from user contracts that automatically renew the software annually and charge your credit
    card annually. I sometimes find need for a program and only need to use program once.
    User agreements are often 5 to 6 pages in length and worded so that a lawyer is needed to read them. If I use the program
    once I don’t mind paying a one time fee; but Auto- renewal is my problem. Somebody needs to write a program that reads
    and interprets user agreements.

    • Many of those insist you cancel a certain amount of time before the renewal date. The method I use is to send a cancellation notice as soon as I’ve signed up stating that I want the contract to end after the first contract period. Many companies are sneaky and make the cancellation page hard to find. Others make it easy to sign up on line, but insist you send in a written cancellation notice. If you make it a habit of canceling as soon as you’ve signed up, you have time to do the research on how to cancel, and you won’t forget at the end of the contract period. I’ve done this with every cell phone contract I’ve ever gotten.

    • Such a program would never work – the licenses would just change the weasel words around to avoid whatever it is such a program would detect.

      Auto-renewal is easy: whenever you get an unexpected charge, contest it – first with the vendor, and then with the credit card company.

  8. To be honest, I have your book, but it is on my pile of things I need to do. I am trying to start a chain of stores. I have a couple main concerns about the computer system: 1) How do I make sure an employee does not accidentally visit an infected site or open a paperclip or in some way infect the whole IT department ? 2) When someone works on the system or does coding, how do I know the person or company will not leave a “back door” or some malicious code ? I know you have covered many of these security measures, but is there some more simplistic solution ? Thank you again !

    • There are no simple solutions to either of those, I’m afraid. If you can’t trust someone, then …. they probably shouldn’t have access to your systems. People are, by far, the weakest link in the system.

  9. Unfortunately there is no such thing as “common sense”. There definitely is no one-size-fits-all when it comes to protecting a computer.

    It’s best to tailor your approach to anti-virus/anti-malware based on the person(s) who will be using the computer. Some will require more protection, some less. Talking with them and/or knowing their capabilities and possibly past history with problems or threats will be a good guide. Some people listen and learn, others it goes in one ear and right out the other, so you have to protect them against themselves.

    Unfortunately, some people should never use a computer unassisted, but you can’t really tell them that. (sigh)

    • To a small degree, perhaps, but, with current PCs, it really isn’t possible to significantly enahnce out-of-the-box security (Windows Defender, Windows Firewall, SmartScreen, etc. combine to provide very solid security). As Leo said, it really is about self-education and common sense.

  10. I think you should warn about the dangers of clicking on links in emails and give safer alternatives. I think that the lostpass episode with lastpass indicates that phishing is becoming much more sophisticated and less obvious. I have also noticed that a lot more installation programs are smuggling in other programs, toolbars, etc. if you don’t select the custom option. Some of these are very hard to get rid of.

  11. Hi Leo,

    I don’t know how many times I have received calls from those scammers pretending to be working for Microsoft. I know for a fact that Microsoft would never call you for something wrong with your computer unless you have an open ticket for a special case and for which you had called before in the first place. My reaction generally is to get very mad at them and hangs up. What I really would like to see in your book is a chapter on how to deal with these kinds of harrowing experience in order either to report or discourage those scammers or any other one for that matter.

    As always, thanks for the good work you’re doing, helping us stay safe in this crazy digital world out there.

    • One thing that you can do, if you have the time:
      Pretend to take the bait.
      Pretend to be ssslllloooooowwwwwwwwwwwwwww as hell, or that you may have bad hearing or some other problem.
      Tell that you’ve done as instructed, but that it don’t work.
      Reboot randomly, or pretend that you are rebooting.
      Slowly repeat everything they say, but with many errors. Spell out everything.
      NEVER ever give any exact informations.

      The goal of the game it to make them loose as much time as possible, while having some fun at their expance.
      After some time, tell them they are crooks and hang up.

      You made them loose time that they could have used to effectively scamm someone else. You win, someone else win, the scammer loose.

    • There’s really not much you can do in terms of reporting, and simply disconnecting is usually the best option. In a comment to another AskLeo! post, somebody mentioned a service that may help in blocking these calls – but I can’t remember what it was called. Maybe somebody who has a better memory than I do will be able to point you to it……

    • How to deal with is easy: hang up. Reporting and discouraging, to use your terms, is pretty much a waste of time. The people that you would report to already know, and hanging up is the best discouragement of all.

      • Thanks to everyone for their reply. I really like Alain’s answer above and I am willing and ready to try it next time that happens.

  12. Two points
    1) I use NoScript (a Firefox add-on) to protect me from executing malicious scripts. The trouble is now-a-days just about every web site requires you to disable NoScript at least partially which seems to defeat the purpose of NoScript. (In my opinion Web page designers seem to use scripts even when there is no need for them.)

    2) My Avast antivirus software really slows down my computer. (I’m running W7 and on an i5 chip so it’s not a slow machine.) We sometimes joke that running Avast is worst than having a virus. I would like you to deal with the options that can be disabled in Avast without exposing oneself to too much risk. Surely, it’s all about balance.

    PS I know its Avast causing the slow down because the Avast animation shows when Avast is scanning and whenever this occurs, the system just slows down.

  13. “My Avast antivirus software really slows down my computer.” – It can be extremely difficult to work out the cause of issues such as this. In your shoes, I’d temporarily uninstall Avast! and load up Microsoft Security Essentials. If the problem persists, you’ll know Avast! isn’t the culprit (and can start looking for other causes). If the problem doesn’t persist, you can either stick with Essentials (which isn’t at all bad, by the way) or shop for another solution.

  14. What do you think about Open DNS? There have been several times where it has “saved” us from ourselves here at work. It is only one of our methods of “protection” but as you have stated and of course is absolutely critical, software or hardware cannot save you from yourself. With over 30 computers connected to the internet here at work we have had to try to do our best at saving ourselves from ourselves. I not however recall you ever speaking on Open DNS and was wondering if it might not be a bad idea to include it in your book? In the appendix? Just a thought
    Ron.

    • OpenDNS is awesome – we use it home. While it’s malware/phishing protection is, in my opinion, quite weak, the content filtering capabilities are top-notch. I’d say OpenDNS is probably the easiest and best way to stop devices on your network from intentionally or unintentionally accessing inappropriate content. And, best of all, it’s completely free for home use.

  15. Hi Leo,
    In the TOC you mentioned MalwareBytes, which I use. I also use Spybot S&D. I don’t know if you mention it, but I find it to be another great tool and I believe it helps with things that MalwareBytes and anti-virus s/w don’t address.
    Thanks!

    • I don’t think Spybot is widely recommended in the security community these days. It used to be a solid utility but independent tests in recent years have found its detection/removal capabilities to be well short of those of competing products.

  16. I was recently reading an article by Bob Rankin, someone you have recommended. He was talking about Microsoft Security Essentials not doing well in tests of anti-malware suites. You mentioned that you do not feel the need for anything over and above a basic proficiency of the software to do its job. I am using MSE and have a selection of online scanners that I run as needed. Would you please elaborate on your points as you have in the past?

    • MSE provides sufficient protection. Let’s call it 95% (I’m not saying it is 95% … the number is purely an example). So, maybe you can get 96% or 98% coverage with another tool. Is it worth it? When the other tools also include advertising, or upsells or adversely impact your system performance my take is no. That’s not to so you shouldn’t – you certainly can if you want to, it’s to say that in my mind you don’t need to. YOU are the most important piece of security “software” when it comes to staying safe.

      • I completely agree. It’s also worth noting that MSE/WD’s detection capabilities really aren’t too bad. According AV-Test, in October 2015 WD detected 99.1% of “widespread and prevalent malware” which is only 0.5% off the industry average.:

        https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2015/microsoft-windows-defender-4.8-153747/

        Combine that detection rate with features such as SmartScreen and common sense security habits and you’ve got an extremely solid level of protection.

        Also, as you say, the detection rate is only one of the aspect that should be considered; ease of use, performance impact, the level of intrusiveness and cost should also be taken into account. And, when you look at the big pictures, MSE/WD is a pretty solid choice.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Typically that's off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.