Windows 10: Computer Protection. Quote: "This ia all you need"

I attended a talk given by a professional computer consultant of many years standing. He said that what you need to protect your computer (Windows 10):

1. Antivirus:

Rely on Windows Defender, which is updated frequently. Add a free anti-virus utility if you want but it's not necessary. Virus's nowadays are not nearly as common as people think when their computer misbehaves. No other protective software of any type is needed.

2. Phishing:

(a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.

(b) If Paypal, ebay or Amazon do really send you an email it will look genuine because it will have been sent following a transaction etc. which you had with them recently and which the communication will refer to. Open the email to check.

(c) It is safe to merely open an email (that is, to look at its message area). However, my Canon printer allows me to look, in the Canon window, at the message of an email before printing it, which gives you an opportunity to decide whether it is genuine.

(d) If an email (whether you open it or not) comes from a source you don't recognise, never reply to it.

(e) NEVER visit a web address contained within the message area of an email or in it's attachment unless you are certain that it is safe. If you can't be certain, do nothing.

3. NEVER, under any circumstances, give out your IP address or computer password, on the phone or otherwise. The same applies to your postal address or any other personal info unless you are sure it is safe.

4. NEVER, under any circumstances, agree to let anyone access your computer remotely, even if they tell you that "Microsoft have issued a global warning about something and you must take action now which I will help you with on the phone". He will find your bank and PayPal details.
---------------------------------------------------

On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address.

The expert did not mention making a regular backup of your hard drive, which was outside the subject of his talk. But do it.

Comments please. Thanks.

:)

 

" Nokia Simple " theme - where it this theme?

hi,

Some days ago on page
http://ea.mobile.nokia.com/content/spin/ea/6120c/en/theme/index.xhtml or in phone (nokia 6120c) themes/general/download themes/ was very cool theme (light cream white, black fonts) " Nokia Simple ", now its dissapear from this site. Where i can get it?
or maybe somebody has it and could send to me.

thx

 

Need a "beep"

There are probably tons of places all over. Google is your friend here.



*Or* you could download Audacity (Win, Mac, Unix application). Its a free audio editor and you can generate tones with it. Install the program, and open it and go to Generate and then Tone. Then enter the frequency pitch that you want. Then export it as
a .wav or .mp3 and then put it on your phone.



EDIT: Forgot link.



Audacity

Message Edited by demache on 17-Jul-2009 11:45 AM

 

Not just Microsoft, other 'big names' do it too. I do a whois lookup on any suspicious address. Sysinternals has a great little whois command line utility I use for that purpose.
https://docs.microsoft.com/en-us/sys...ownloads/whois

 

I'm quite happy with Widows Defender. I run that program together with a VPN and have never gotten a virus of any kind. Scanning with Malewarebytes never finds anything to be concerned about.

 

I'm basicially following his advice with the addition of regular monthly scan with Free Malwarebytes.

 

Overall, pretty sound advice.

in fact, with a bit of polishing up, this would be worthy of a sticky post?

 

He has made some good points and some discussable. But I give him plus for the effort.

That is the problem, he has got too comfortable, malware evolves.
As for the quote, I would say, that it meant: "This is all, he needs."

I bet millions of people, who got infected just with ransomware, would not agree.

Webpage name can be obfuscated, it is the lock that matters the most.
But even a certificate can be faked, to it should be manually re-checked.

Opening an email in HTML is as dangerous as opening an unknown webpage or an email attachment.

Your IP gets scanned thousands times a day by probes, so if you are vulnerable to an attack, giving IP away will not change the fact (mine is 62.197.243.139 and internal 10.10.10.12, keep busy).

 

Its not just virii any more, theres a multitude of attack vectors now including, malware, malicious cookies, backdoors, trojans and attacks such as wannacry and petya.

So you're defence has to be robust these days and you have to be comfortable that your machine can withstand them.

Most users here use a combination of Defender and Malwarebytes which is fine if you're not doing anything nefarious. I recently moved to Bitdefender after Mum managed to get 12 PUPs which weren't caught.

 

I think the part I quoted above needs clarification.

The subdomain must not and will not always be WWW. A good example using a valid and official Microsoft site is subdomain ACCOUNTS as in accounts.microsoft.com. In fact, sudomain is mostly not even needed. You can type tenforums.com in addressbar to access this site, without subdomain www.

Whatever subdomain is used, be it www or downloads or news or whatnot, it's more important to check the naked domain, the last part of URL from second to last dot to the end of it. Naked domain microsoft.com, or if subdomain is used .microsoft.com (dot Microsoft dot com) is the important, revealing factor. Subdomain, whatever is before that second to last dot is irrelevant. If it ends with dot Microsoft dot com it's a valid, official Microsoft site.

Examples. All below URLs with various subdomains would belong to business SomeBusiness and its naked domain SomeBusiness.com:

• www.SomeBusiness.com
• downloads.SomeBusiness.com
• customers.SomeBusiness.com
• press.SomeBusiness.com
• contact.SomeBusiness.com
• info.SomeBusiness.com

 

Problem is, some 'big names' have more than one domain and use addresses that don't end in dot ourname dot com (Microsoft have 'Office.com', for example). An example that I know has previously aroused suspicion of 'spam' is 'facebookmail.com' - but it's apparently legit.

 

Very helpful.

1. From what you say I can see that a web address having a naked domain worded "microsoft".com" or "adobe.com" or "paypal.com" etc. must be either genuine or safe. If unsafe it would be rejected by the Internet whatever the thief placed before that naked domain because it would not be recognised by the domain's site. ("microsoft" etc.) (Presumably microsoft have taken ownership of "excel", "word", "powerpoint" etc..

2. I think I can cope with phishing emails. I would never respond to an email, even one purporting to come from paypal, adobe, microsoft etc., asking me to enter sensitive info.

3. However, couldn't I, a thief, create a domain called "recoversoft.com", (or "desktop.com" etc. etc.) and a site "http://www.recoversoft.com" and claim in an email that by clicking on a "click here" button will allow you to get details on how to recover lost files better than other methods, etc. etc.. When a victim clicks on that address, the page would immediately search the machine and capture sensitive data?

4. Or more dangerously, an email would not be needed, just searching in a browser the word "recover" (a reasonable thing to do) could result in recover.com appearing in the search results with some attached blurb saying "recover lost files by visiting this site". The automatic result would be a search of the victim's computer.

5. I think it would be possible to set up this sort of trap. Therefore the old precaution comes into play: "don't visit addresses where you don't know the genuiness of the naked domain. However, that leaves many genuine sites under suspicion which must be avoided.

EDIT: I have just looked up recover.com in Whois? and it exists! But the details don't tell me anything about its safety so the check is not helpful.