The dozen ways of PC security — The guide

security-thingies

So you’ve finally had enough of getting viruses on your PC every six months and then having to format it. You’ve begun to think that your PCs could perhaps be able to have a bit more longevity to them. Well, here is a step-by-step guide of the things you can do to attempt to make things a bit better.

This guide covers:
1) Download a trustable anti-virus. Not the ones you’re used to
2) And an anti-malware program too, I presume?
3) Anti-exploit for the web browsers
4) AdBlock Plus on all of your browsers
5) Switch Adobe Flash Player to “Ask to activate” on your browsers
6) Switch your router over to protection-focused DNS addresses
7) Activate Protected Mode on Internet Explorer
8) Set Internet Explorer pop-up block settings to High, but only if you feel like it
9) Keep a strong uninstallment program ready
10) Prevent autorun exploits on your USB sticks and SD cards
11) Be careful on which websites you use
12) Keep your programs up to date
13) Prevent installation tools from secretly installing garbage tools as well
14) Please do not use the default password for your router!
15) Convert your browser bookmarks from HTTP to HTTPS

X1) Known incompatibilites between different sections

1) Download a trustable anti-virus. Not the ones you’re used to

Many anti-virus programs have been held high on a royal pedestal in peoples’ eyes, but all of them have then succumbed to offer spam, fake problems, toolbars, homepage replacements and crapware. It is well known that Norton and McAfee have very bad reputations now, but I would also specifically point out AVG as something that has become complete garbage. On one occasion where I was to help a relative with their internet connection, it turned out that AVG had replaced the homepage and the computer’s DNS, only for AVG Premium’s firewall connection to then block their own homepage, which apparently prevented the person from getting an online connection at all!

I strongly and lucidly recommend Bitdefender Free Antivirus (link for non-Windows 10 users), since its interface is small, there are few settings to mess up, it does not auto-delete offending programs, and it doesn’t spam you with offers and crapware all the time (so far). Inexperienced PC users can become annoyed by its system tray messages, but they can in most cases be turned off.

On Windows 10, you can also go to Settings → Updates and security → Windows Defender → Periodically limited scanning [Turn on]. This will attempt to let Windows Defender scan your computer every now and then, on top of having another real-time antivirus program on your PC as well. If you do this, you may also want to activate a secret setting that allows Windows Defender to quarantine any potentially unwanted programs, which you do by running this registry value tool from How-To Geek.

2) And an anti-malware program too, I presume?

Now this one is a bit tricky to do well, since free anti-malware programs do not have auto-scans, and they do not update their knowledge bases automatically either. This means that the scans have to be started manually. Bitdefender proclaims that their anti-virus program also works as anti-malware, but there isn’t a lot of obvious information about how that is working out.

Malwarebytes Anti-Malware typically works and run very well alongside antivirus programs from other companies, although those who use the free version have to initiate all their Malwarebytes scans manually.

3) Anti-exploit for the web browsers

One Malwarebytes program that does normally run automatically, is Malwarebytes Anti-Exploit Free. It wraps up your browsers in several layers of security, making them pretty difficult to hack. Turn “System tray notifications” off, and maybe turn “Log events” on if you’re unsure if the program works or not, and then you’ve sharply increased your browsers’ ability to survive through a virus attack, even if the rest of your PC is otherwise dying.

There is also Microsoft’s Enhanced Mitigation Experience Toolkit, which is a central base for Microsoft’s more substantial protection tools, including Data Execution Prevention (confines your programs into their designated RAM areas), and various other exploit filters.

4) AdBlock Plus on all of your browsers

We keep hearing about website owners who are being angry about how people are using AdBlock and stripping them of money. The very same website owners oftentimes also knowingly use faulty ad providers that can display viruses, initiate virus download attempts, and which attempts to hijack your computer. Therefore, an adblock is another piece of protection that will save you.

From AdBlock Plus’ website, there are editions of it for some fifteen browsers out there. On top of the default settings, turn on EasyList+[country of your choice] (and turn off the EasyList-only filter), and turn off “acceptable ads”, since I’m feeling personally convinced that acceptable online ads have ceased to exist.

5) Switch Adobe Flash Player to “Ask to activate” on your browsers

Another big, big caveat with online advertising, is that some ads will use Flash Player to display more advertising, like different placement and video players. Quite a few of the ads can also attempt to run code to work well… or to run code that will destroy or hijack your computer.

On Firefox and Chrome, you simply go to Extensions and switch Shockwave Flash over to “Ask to activate”. This is also possible on Internet Explorer 10/11 through a different procedure, with Tools → Administrate extensions → Shockwave Flash → [right-click] → More information, and then click “Remove all sites”. This will wipe out the asterisk that signals to Internet Explorer that it can activate Flash on all websites.

6) Switch your router over to protection-focused DNS addresses

To be serious here, I am not sure how much this solution has an effect on anything, especially considering that its virus-site blacklist seems a bit minimalistic, but Norton runs a free no-downloading-required service called Norton ConnectSafe. You set it up by going to the service’s website, thanking “Yes” to that you know how it works, and then you’ll see the service’s DNS numbers in an “xxx.xx.xxx.xx” number format. You will want to use the numbers for tier “A – Security (malware, phishing sites and scam sites)”. These are then to be pasted into your router’s WAN settings, or alternately into the network settings of your machines of choice. According to principle, this will route your network traffic through the ConnectSafe servers instead of through your network provider’s normal servers, allowing the ConnectSafe servers to filter out some of the unpleasant viruses that are trying to reach you.

7) Activate Protected Mode on Internet Explorer

For those of us who still use Internet Explorer, there are some extra settings here for people who really fear viruses and exploits. The first one is Protected Mode. You go to Tools → Online alternatives → Advanced → Security, and then activate Protected Mode. If you run a 64-bit Windows, you must then also activate “Activate 64-bit processes for Protected Mode”. The most immediate effect you’ll see after a restart, is a message that some of the extensions have been turned off due to Protected Mode. Normally, these extensions weren’t make-or-break anyway. Highly varying from from PC to PC, some websites (most visibly Google Search) can also suddenly display different designs meant for older computers, which in fact can be a negative distraction for you.

8) Set Internet Explorer pop-up block settings to High, but only if you feel like it

Now this one is a serious “Is it really worth it?” dilemma. Internet Explorer’s pop-up settings are normally set to Medium, which blocks “most” pop-ups. But that still leaves an opportunity window for some pop-up makers. By going to Tools → Pop-up blocking → Settings for pop-up blocking, and then set it to High, you can block pretty much every pop-up window in the world, even some of the more positive ones.

But setting it to high can have seriously adverse effects. Many websites rely on de facto pop-ups to get further in a purchase process, to display an image, or similar things; and trying to temporarily activate pop-ups will reload the website, very often causing you to lose some of your progress. Google Images will crash upon trying to load most website links. Things like that. I will therefore not recommend this solution for anyone but the most dedicated/skilled Internet Explorer users out there.

9) Keep a strong uninstallment program ready

Should you find yourself with a weird program on your PC, there are a few of them where the normal uninstallment procedure could get a little bit weird, and in the worst cases, can subject you to even more crapware. Programs like Geek Uninstaller have a “Forced uninstall” option that can bypass the normal procedure; but be aware that there are also many of these programs that will try to drag normal, functional programs along with it to the death, so you should never just press “Uninstall” in Geek.exe without taking a look through the list of folders that it says it will try to uninstall.

10) Prevent autorun exploits on your USB sticks and SD cards

Impractically hidden through a series of clicks on Bitdefender’s website, is the download link for Bitdefender USB Immunizer. This can either be run as a temporary one-off program, or can be saved on your computer for future use. When you’re running it, you can insert USB sticks, SD cards, CompactFlash cards and similar things into your PC, and then press “Immunize”. How it works, is that it replaces your sticks/cards’ autorun file with a different file, that allegedly cannot harm your system through such autorun exploits when you plug the stick/card into any computers. Logically, this could prevent programs on your stick/card from autorunning on insertion, although if you only use the stick/card for file storage, which pretty much all such portable storage units are only ever used for, then you won’t lose anything on trying it out.

USB Immunizer may not work if you have an internal memory card reader in your desktop PC, since it will register the reader’s filepaths (for example H:, G:, or K:), see that they are in use by the reader, and attempt to immunize the reader itself.

USB Immunizer can optionally be set to auto-immunize all USB sticks that are plugged into your PC, which requires less concious thought about this protection effort.

11) Be careful on which websites you use

Piracy hosts, sports-streaming sites, and many porn sites, are vermin hotbeds for the worst kinds of ads on the internet, and finding legal (for the first two) or “artistic” (for that last one) alternatives for them can save you from getting some pretty weird programs on your PC that continuously mess things up. Additionally, I would like to specifically single out tech advice sites and franchise wikis as being in the “faulty ad provider” category, and should accordingly only be used with AdBlock as well as several more of the protections that I list in this guide.

12) Keep your programs up to date

You’ve probably been told that keeping your programs up to date, is very important to avoid exploits. You may have been thinking, “It’s not the exploits that kills you, it’s the viruses!” But instead, think about it like this: It is the exploits that allow the viruses to reach your computer in the first place.

For this, I recommend Secunia Personal Software Inspector. It keeps tab of almost every single .exe on your PC, and compares its version number, to that of what it deems to be the newest stable version. It can also auto-update the programs, and has a database of supported programs that measure in the thousands (compared to Ninite’s 96 supported programs).

Additionally, more and more Windows programs are making 64-bit versions of their programs, almost all of which can import settings from the 32-bit versions. My life guide article on program download sources, attempts to make sure that the links to any available 64-bit versions are more visible than the 32-bit links.

64-bit programs support more complicated security algorithms, which can provide a certain amount of beneficience to the system security.

Keeping your Windows system updates up to date is also very helpful when it comes to closing system exploits. If the quasi-automatic reboots after the updates are bothering you, however, you can use this registry value set from How-To Geek which will make Windows no longer force you to reboot if you’re still logged on.

13) Prevent installation tools from secretly installing garbage tools as well

Over the past few years, there has been something of an epidemic, in which installation wizards will also offer you extra programs that you really don’t need, nor that you want. While there has been a recent cleanup on third-party download sites, that has made sure that the sites won’t offer you extra garbage on top of the wizards’ garbage, this is still a problem with many programs on the internet.

Introducing Unchecky. It works as a background function that will try its darned best to uncheck all of the installation offers you are given when you’re installing programs, and then gives you a notification in the system tray that tells you that it did so.

This will give you some relief, so that you don’t have to be on your tippety-toes all the time to make sure that the offers wouldn’t be accepted.

14) Please do not use the default password for your router!

Something that is not widely known, is that it is possible for your router to contract viruses, and for every single PC or mobile on your network to then show you virus sites. It’s very creepy to experience.

In addition, because many routers have a set of standard credentials, it is very possible for virus makers to scan around on the internet for routers, and to try to enter it using the router model’s standard credentials. The biggest thing you can do, is to NOT use the standard credentials. If your router login involves the words “admin” and/or “password” change them immediately!

15) Convert your browser bookmarks from HTTP to HTTPS

You have likely seen the letters “HTTP” or “HTTPS” in your web browsers’ address bar. You may also have seen a lock logo in the address bar that is either locked or open.

HTTPS is a method that was invented to make sure that the logins and transactions of important websites, would not be intercepted by thieves that could be somewhere on the connection between you and the website. Its intended protection abilities has been thoroughly broken to pieces by various pieces of malware, adware, and includeware; but on a malware-free PC, it’s still very important to use a website’s HTTPS version to give your connection to the website a certain amount of extra security.

On the vast majority of websites that have applied for and been granted HTTPS licences, you (as the user) are redirected to the HTTPS version automatically. However, this is not the case on all websites. Some websites may even maintain both an HTTP and an HTTPS address.

It has also become very common for people to use bookmarks, or at least favorites/stars that you can search for in the address bar, to get around on the internet. You’ll see a lot of entries there that start with http://

Click the bookmark link, and see that the browser loads the very familiar webpage that you love sufficiently enough that you bookmarked it. Now, add an S to the web address that has been loaded, so that it begins with https://     (For example, by turning http://landesfes.deviantart.com/ into https://landesfes.deviantart.com/)

There are four things that can happen, depending on the website you do this with:

  1. It loads perfectly, shows up on your screen just as well as it did before, and there’s now a green locked doorlock in your address bar (or a grey circle if the site is mixing HTTPS features with HTTP). This means that the website really does have an HTTPS mode. In this case, edit the bookmark’s info and add the S there too! 🙂
  2. Your web browser will show you a warning about that the site’s HTTPS (which it doesn’t have) is broken, and will warn you about how data thieves tend to use broken HTTPS systems to steal things. In this case, do not panic at all! Just click the Back button, and it’ll load the HTTP version again as if absolutely nothing ever happened.
  3. The website will load forever. In this case, click the Back button too (or the Reload button this time, if you’re more comfortable with that).
  4. It may load a genuine HTTPS site, but some of the site’s web elements are broken. If that happens, I will let you decide whether the broken site is worth bookmarking or not. It’s however usually not worthy, except for special cases like getting around small newssites’ pay walls.

 

X1) Known incompatibilites between different sections:

• Setting Data Execution Protection to Always On in the Enhanced Mitigation Experience Toolkit, prevents Malwarebytes Anti-Exploit from starting up.
• Secunia Personal Software Inspector will not auto-update the beta channel of Bitdefender, or for that matter any beta program at all. 


These have been a dozen different methods to prevent viruses and crapware from souring your mood. Which of these will be a good fit for you?

Advertisements
The dozen ways of PC security — The guide

Write a reply...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s