Computer and internet security tips against viruses and hackers

Computer and internet security tips against viruses and hackers

The internet is full of threats and each day new threats, such as malware (computer viruses, ransomware, spyware, adware, rootkits, trojan horse, worms, etc.) arise.

Also, hackers (phishing, identity theft, etc.) are a real threat online and all these threats can cause serious damage to your computer and even your personal life.

Fortunately, there are some things you can do to better protect your computer, home network, internet connection, and online activities against computer viruses (and other malware) and hackers.

Computer and internet security tips against viruses and hackers

Don't use a Windows administrator account for daily use, but use a standard account instead

If malware or a hacker gets access to your system, then the malware or hacker has the same rights to whatever account you're using.

So if you're using an administrator account, then the hacker or malware has complete control over your system.

Create regular backups of all your important files

Ransomware is a type of malware (malicious software) designed to block access to a computer system or encrypt (password protect) files until a sum of money is paid.

If this happens, you will lose access to all of your files (e.g., documents, photos, videos, etc.).

And paying the ransom will not guarantee that you will get access to your system or files again.

Ransomware is one of the world's fastest-growing types of malware. So having a backup of your files is very important.

Enable the “show file extensions” option in Windows and always verify file extensions before clicking on them

Cybercriminals are very good at camouflaging files to make them look harmless. The purpose is to trick you into clicking on them and launch a malware infection that will take over your system.

Change your Windows settings to show file name extensions, so you will avoid clicking on shady file extensions, like .jpg.exe (.jpg isn't dangerous, because it's an image format, but combined with .exe it is malware).

Disable Autoplay on your PC

Autoplay is a Windows feature that allows you to quickly open digital media from USB flash drives, External hard drives, CDs and DVDs with designated software.

Malware can use this feature to start running automatically and gain access to your computer.

Disable macros and ActiveX in the Microsoft Office suite (Word, Excel, PowerPoint, etc.)

These are bits of software that cybercriminals often use to spread malware and infect computers. (ref/src)

Disable Windows PowerShell if you don't use it

Windows PowerShell is a tool that's much more powerful than the Command Prompt and most home users don't need it.

There are many types of malware (like ransomware), who abuse PowerShell to plant and execute malware deep in the victim's system.

Disable SMB1 in Windows

Even Microsoft recommends that you disable SMB1 for security reasons – especially for WannaCrypt, Petya (also known as Petwrap) and other ransomware because they also use this to attack the Windows operating system. (ref/src) (ref/src)

Disable or better yet, uninstall Java if you don't need it

Java has a lot of security vulnerabilities which are constantly being exploited in cyber attacks. Java vulnerabilities are one of the biggest security holes on your computer. It needs constant patching (security updates).

Disable or better yet, uninstall Adobe Flash Player if you don't need it (disable also in your web browser)

Like Java, also Adobe Flash Player has a lot of security flaws which are being exploited in cyber attacks.

You should also disable it in your web browser because browser plugins are a favorite target for malware and cybercriminals because they are generally full of unpatched or undocumented security holes that cybercriminals can use to take complete control over vulnerable systems. (ref/src)

Cover up your laptop's webcam

Hackers can access webcams through malware. If your computer gets infected with malware, then that malware could contain executable code that can turn on your webcam and watch or record you. (ref/src)

If you want to be absolutely sure nobody is watching and recording you via the webcam, then cover your webcam with tape, a peel-off sticker, or something else that can obscure the lens but can be removed easily when you actually want to use your webcam. (ref/src)

Use antivirus software – no matter how careful you are

No matter how smart you think you are, you can still benefit from antivirus software on your Windows PC.

You can see antivirus software as your final layer of protection. (ref/src)

Even one of your favorite websites can one day be infected with malware and antivirus software might protect you against it.

The free antivirus programs I recommend are:

If you need more functions (e.g., multi-layer ransomware protection) and settings, then you can try a paid antivirus program.

Most antivirus companies offer the option to download and try their paid antivirus programs for free for 30 days.

The paid antivirus programs I recommend are:

Always keep your software updated

Updates may include important patches to fix security vulnerabilities and this prevents attackers from exploiting security holes.

Don't install pirated (cracked) software

Pirated (cracked) software could infect your PC with malware.

The crack (a piece of software used to crack the software to make it look genuine) might actually be disguised malware. (ref/src)

Use caution when using browser extensions

Any form of browser integration can create security holes. (ref/src)

There are also malicious browser extensions that can capture your passwords, track your Internet browsing activity, insert advertisements into web pages you visit, and infect your computer with malware (computer viruses, spyware, trojan horse, etc.).

Even a very popular and widely recommended extension can one day be hacked or sold and turned into a malicious extension.

Don't post a photo of your airline boarding pass on social media (and don't just throw it away either)

The barcode of a boarding pass contains information about you, such as your name, future travel plans and frequent flyer account. (ref/src)

Someone can take a screenshot of your boarding pass, go to a website that can read and decode the data stored in the barcode of your boarding pass and view your information.

With this information, someone can get access to your frequent flyer account and reset the PIN number that you use to secure your frequent flyer account, change seats and even cancel any future flights.

When the flight is over and you're home or at your accommodation, then burn the boarding pass or toss it in a paper shredder.

Always download software from a trusted source (e.g., official website of software developer)

Nowadays when you download software you have to be very careful before you click on any download button or link because you never know what you may end up with.

You might be downloading and installing crapware, adware or even worse, a nasty piece of malware.

Pay attention while installing software

Never click to fast on Next, Install or OK while installing software, because you might install extra unwanted third-party software (like toolbars, adware, etc.).

If you see extra offers, then uncheck all their checkboxes.

Check free software before installing it on your computer

The software could just be Malware disguised as software, so always Google the software first and look for reviews or forums that talk about this software.

Never download codecs or players to watch videos online

If a website asks you to install video codecs or a media player then don't allow it.

It's not worth the risk. Most likely you can find the video on YouTube or another video website anyway.

Don't trust pop-up windows that ask you to install unknown software

Never click on OK, Yes or Run when a pop-up window appears to ask you to download and install unknown software.

Malware can try to trick you into installing even more malware.

For example, a pop-up window appears with a warning message like “Your Windows computer could be at risk! Install the repair tool to clean and protect your system” and then when you click on Secure now, OK, Yes or Run, your system gets infected.

Don't open email attachments from a suspicious email

Many computer viruses are spread through email attachments.

Attachments that contain viruses are either executable programs (file extensions: .com, .exe, .vbs, .zip, .scr, .dll, .pif, and .js) or macro viruses (file extensions: .doc, .dot, .xls, and .xlt). (ref/src)

If you don't trust a file or link, then you can also check it online using VirusTotal.com.

Note: VirusTotal is not a 100% accurate solution. Even though it scans files and links with over 70 antivirus scanners and URL/domain blacklisting services, it's still possible that it misses something.

Never ignore security warnings from your antivirus software or web browser

If your antivirus software or your web browser shows a security warning then do not ignore it but investigate it.

Never click on links you don't trust

There are various ways in which a simple click on a wrong link can cause problems.

A link can be a direct download link of a piece of malware, a link can redirect you to an infected malicious website, and a link can redirect you to a fake login page and when you provide your login information to this page, a hacker will have your login information.

So, when you get an email that contains a link, don't just click on the link. Same counts for links on websites, links in messages on social media (e.g., Facebook), and links in documents (e.g., Word, PDF, etc.).

If you don't trust a link, then you can also check it online using VirusTotal.com.

Note: VirusTotal is not a 100% accurate solution. Even though it scans files and links with over 70 antivirus scanners and URL/domain blacklisting services, it's still possible that it misses something.

Always scan USB flash drives from other people

Never trust USB flash drives from other people - even if it's from your friend or family member.

USB plug-and-play devices are an easy way to infect a PC.

Always scan USB drives with your antivirus software and maybe also one or two malware scanners (e.g., Malwarebytes, Zemana, etc.) before opening or copying anything.

And don't get mad at your friend, family member or acquaintance if your antivirus or malware scanner detects any malware because they probably don't know that their USB device contains malware.

Don't keep wifi and bluetooth on – unless you're actively using it

Hackers can use both of these connections to attack and compromise your devices.

Never leave your computer, tablet or phone unattended in public

If your device gets stolen, then someone has not only your device but maybe also your personal information (e.g., usernames, passwords, etc.).

All it takes is someone with more than basic computer knowledge to get your personal data.

Use a VPN when using a public WiFi network

A good VPN (short for Virtual Private Network) might protect you from “an Evil Twin attack”, “Malware injection”, “Man-in-the-Middle attack”, and “WiFi sniffing”. (ref/src)

But:

Even if you use a VPN, it's still not a good idea to do things that require your bank account information, credit card information or other personal, important and sensitive information, like internet banking or online shopping when you're connected to a public WiFi network because not all VPNs are as private and secure as you might think they are.

Don't do internet banking when using a public WiFi network

A VPN might protect you from “Man-in-the-Middle attacks”, “WiFi sniffing” and other attacks.

But:

Not all VPNs are as private and secure as you might think they are.

Turn off “network discovery” and “file and printer sharing” in Windows when using a public WiFi network

The Windows “file and printer sharing” feature allows you to share files and your printer with other PCs on the same network.

But if this feature is enabled, then some of your folders may be accessible to anyone connected to the same public network.

The Windows “network discovery” feature allows you to make your PC visible or hidden on a local or public network.

Secure your home network by changing your router's default IP address

Most routers have a default IP address and if a hacker knows this IP address then the hacker can access the login page of the settings of your router.

Secure your home network by changing your router's default administrator password and username

Most routers come with a default username and administrator password which allows a hacker to easily log into your router to change settings (e.g., turning off the firewall).

Secure your home network by turning off “Remote Administration”

“Remote Administration” allows you to access your router's settings page from outside the network. No further explanation needed, right?

Secure your home network by encrypting your WiFi network with WPA2 or WPA encryption

This means that if someone wants to connect to your WiFi network, they will have to enter a password to connect to it. WPA2 is stronger than WPA. Just don't use WEP encryption because it is weak.

Secure your home network by turning off UPnP (Universal Plug and Play) in your router

UPnP is a set of networking protocols that permits networked devices, such as computers, printers, smartphones, and other devices to easily discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

Malware that has infected a computer on your network can use UPnP to bypass the firewall. For example, a Trojan horse could install a remote control program on your computer and open a hole for it in your router's firewall, allowing 24/7 access to your computer from the Internet. (ref/src)

Secure your home network by keeping your router's firmware updated

Updates may include important patches to fix security vulnerabilities and this prevents attackers from exploiting security holes in your router.

Secure your home network by turning off WPS in your router

WPS allows someone to connect a new device to your network by pressing a button and entering a PIN.

This feature is insecure because it allows someone to easily and quickly connect to your network without your permission.

Never trust emails asking for confidential information – especially financial information

A legitimate organization, like a bank, will never ask for sensitive information like your password, bank account, or credit card by email.

When you have any doubts, visit the main website of the organization in question, get their phone number and give them a call or visit their office.

Use strong passwords for your online accounts

Passwords protect your online accounts, so it's important to use strong passwords.

A strong password is a combination of numbers, uppercase letters, lowercase letters and other characters.

I recommend using a password manager, like Bitwarden, KeePass, or LastPass.

Never use the same password for multiple accounts

If you use the same password for multiple online accounts and someone obtains your password in one way or another, then he or she will have access to all of your online accounts that use the same password.

Your password can get compromised by a phishing attack or in a data breach.

Data breaches happen more often than you might think – even with big sites, such as LinkedIn, Twitter, Yahoo, MySpace, and Tumblr.

If you want to check if one of your accounts has been compromised in a data breach, then you can check it online using HaveIBeenPwned.com.

I recommend using a password manager, like Bitwarden, KeePass, or LastPass.

Use two-step verification for your online accounts

Two-step verification is an extra layer of security for your online accounts (e.g., Gmail, Facebook, Twitter, etc.).

With two-step verification enabled, you need your username, password and a code sent to your device to log into your online account.

You can receive this code on your phone via an SMS text message, or you can receive the code from a two-step verification app, like Microsoft Authenticator, Google Authenticator, or Authy.

Bonus tip: Harden Windows settings with SysHardener (free tool)

SysHardener is a free tool that allows you to harden Windows settings to mitigate cybersecurity threats.

With this tool you can restrict functionalities of Windows and secure vulnerable applications.

You can unassociate VBS, VBE, JS, JSE, WSH file type associations, disable JavaScript on Adobe Reader, disable Macros, OLE and ActiveX on MS Office, disable unused Windows Services, block outbound connections of specific programs via Windows Firewall, and much more.

It's very easy to use. Just download the portable version, open it, check the settings if you want, and then click on the Apply Selected button at the bottom of the tool.

Note: If you've disabled Windows Powershell, then you will have to enable it, run this tool, and then disable it again.


Maybe you're also interested in:

Windows 10 security tips and is Windows Defender good enough?

Computer virus: types, symptoms, protection, and removal

Malware: types, protection, prevention, detection, and removal


References:

HowToGeek: You need an antivirus on Windows, no matter how careful you are

Bitdefender: Dangers of using pirated software

MakeUseOf: 3 top ways people get infected by an email virus

KrebsOnSecurity: A month without Adobe Flash Player

HeimdalSecurity: The anti-ransomware protection plan you need to follow today

HowToGeek: Don't use your antivirus' browser extensions: they can actually make you less safe

Microsoft: SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

TheWindowsClub: Why and how to disable SMB1 on Windows 10/8/7

Mashable: Why it's a good idea to cover up your webcam

PCWorld: Why you should cover up your laptop's webcam

KrebsOnSecurity: Why it's still a bad idea to post or trash your airline boarding pass

NordVPN: How does a VPN protect you on public Wi-Fi?

HowToGeek: Is UPnP a Security Risk?