1.    01 Oct 2017 #1
    Join Date : Jun 2016
    UK
    Posts : 282
    Windows 10 Home 64 bit (with Creators OS)

    Computer Protection. Quote: "This ia all you need"


    I attended a talk given by a professional computer consultant of many years standing. He said that what you need to protect your computer (Windows 10):

    1. Antivirus:

    Rely on Windows Defender, which is updated frequently. Add a free anti-virus utility if you want but it's not necessary. Virus's nowadays are not nearly as common as people think when their computer misbehaves. No other protective software of any type is needed.

    2. Phishing:

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.

    (b) If Paypal, ebay or Amazon do really send you an email it will look genuine because it will have been sent following a transaction etc. which you had with them recently and which the communication will refer to. Open the email to check.

    (c) It is safe to merely open an email (that is, to look at its message area). However, my Canon printer allows me to look, in the Canon window, at the message of an email before printing it, which gives you an opportunity to decide whether it is genuine.

    (d) If an email (whether you open it or not) comes from a source you don't recognise, never reply to it.

    (e) NEVER visit a web address contained within the message area of an email or in it's attachment unless you are certain that it is safe. If you can't be certain, do nothing.

    3. NEVER, under any circumstances, give out your IP address or computer password, on the phone or otherwise. The same applies to your postal address or any other personal info unless you are sure it is safe.

    4. NEVER, under any circumstances, agree to let anyone access your computer remotely, even if they tell you that "Microsoft have issued a global warning about something and you must take action now which I will help you with on the phone". He will find your bank and PayPal details.
    ---------------------------------------------------

    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address.

    The expert did not mention making a regular backup of your hard drive, which was outside the subject of his talk. But do it.

    Comments please. Thanks.
      My ComputerSystem Spec
  2.    01 Oct 2017 #2
    Join Date : Aug 2016
    S/E England
    Posts : 4,490
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Quote Originally Posted by Stevekir View Post
    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address..
    Not just Microsoft, other 'big names' do it too. I do a whois lookup on any suspicious address. Sysinternals has a great little whois command line utility I use for that purpose.
    https://docs.microsoft.com/en-us/sys...ownloads/whois
      My ComputersSystem Spec
  3.    01 Oct 2017 #3
    Join Date : Nov 2016
    Tucson, AZ
    Posts : 123
    Wndows 10

    I'm quite happy with Widows Defender. I run that program together with a VPN and have never gotten a virus of any kind. Scanning with Malewarebytes never finds anything to be concerned about.
      My ComputerSystem Spec
  4.    01 Oct 2017 #4
    Join Date : Aug 2016
    Posts : 87
    windows 10 Home ver 1703

    I'm basicially following his advice with the addition of regular monthly scan with Free Malwarebytes.
      My ComputerSystem Spec
  5.    01 Oct 2017 #5
    Join Date : Dec 2015
    Posts : 5,893
    Windows10

    Overall, pretty sound advice.

    in fact, with a bit of polishing up, this would be worthy of a sticky post?
      My ComputerSystem Spec
  6.    02 Oct 2017 #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,862
    Windows 10.4 Home 1709 x64

    He has made some good points and some discussable. But I give him plus for the effort.
    Quote Originally Posted by Stevekir View Post
    I attended a talk given by a professional computer consultant of many years standing.
    That is the problem, he has got too comfortable, malware evolves.
    As for the quote, I would say, that it meant: "This is all, he needs."

    Virus's nowadays are not nearly as common as people think when their computer misbehaves. No other protective software of any type is needed.
    I bet millions of people, who got infected just with ransomware, would not agree.

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.
    Webpage name can be obfuscated, it is the lock that matters the most.
    But even a certificate can be faked, to it should be manually re-checked.

    (c) It is safe to merely open an email (that is, to look at its message area).
    Opening an email in HTML is as dangerous as opening an unknown webpage or an email attachment.

    NEVER, under any circumstances, give out your IP address or computer password, on the phone or otherwise.
    Your IP gets scanned thousands times a day by probes, so if you are vulnerable to an attack, giving IP away will not change the fact (mine is 62.197.243.139 and internal 10.10.10.12, keep busy).
      My ComputerSystem Spec
  7.    02 Oct 2017 #7

    Its not just virii any more, theres a multitude of attack vectors now including, malware, malicious cookies, backdoors, trojans and attacks such as wannacry and petya.

    So you're defence has to be robust these days and you have to be comfortable that your machine can withstand them.

    Most users here use a combination of Defender and Malwarebytes which is fine if you're not doing anything nefarious. I recently moved to Bitdefender after Mum managed to get 12 PUPs which weren't caught.
      My ComputersSystem Spec
  8.    02 Oct 2017 #8
    Join Date : Oct 2013
    A Finnish expat in Germany
    Posts : 12,953
    Windows 10 Pro

    Quote Originally Posted by Stevekir View Post
    2. Phishing:

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.
    ...
    ...
    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address.
    I think the part I quoted above needs clarification.

    The subdomain must not and will not always be WWW. A good example using a valid and official Microsoft site is subdomain ACCOUNTS as in accounts.microsoft.com. In fact, sudomain is mostly not even needed. You can type tenforums.com in addressbar to access this site, without subdomain www.

    Whatever subdomain is used, be it www or downloads or news or whatnot, it's more important to check the naked domain, the last part of URL from second to last dot to the end of it. Naked domain microsoft.com, or if subdomain is used .microsoft.com (dot Microsoft dot com) is the important, revealing factor. Subdomain, whatever is before that second to last dot is irrelevant. If it ends with dot Microsoft dot com it's a valid, official Microsoft site.

    Examples. All below URLs with various subdomains would belong to business SomeBusiness and its naked domain SomeBusiness.com:
    • www.SomeBusiness.com
    • downloads.SomeBusiness.com
    • customers.SomeBusiness.com
    • press.SomeBusiness.com
    • contact.SomeBusiness.com
    • info.SomeBusiness.com

    Kari
      My ComputerSystem Spec
  9.    02 Oct 2017 #9
    Join Date : Aug 2016
    S/E England
    Posts : 4,490
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Quote Originally Posted by Kari View Post
    If it ends with dot Microsoft dot com it's a valid, official Microsoft site.
    Problem is, some 'big names' have more than one domain and use addresses that don't end in dot ourname dot com (Microsoft have 'Office.com', for example). An example that I know has previously aroused suspicion of 'spam' is 'facebookmail.com' - but it's apparently legit.
    C:>whois facebookmail.com
    ...
    Creation Date: 2006-01-23T13:38:17-0800
    Registrar Registration Expiration Date: 2018-01-23T13:38:17-0800
    ...
    Registrant Organization: Facebook, Inc.
      My ComputersSystem Spec
  10.    02 Oct 2017 #10
    Join Date : Jun 2016
    UK
    Posts : 282
    Windows 10 Home 64 bit (with Creators OS)
    Thread Starter

    Quote Originally Posted by Kari View Post
    I think the part I quoted above needs clarification.

    The subdomain must not and will not always be WWW. A good example using a valid and official Microsoft site is subdomain ACCOUNTS as in accounts.microsoft.com. In fact, sudomain is mostly not even needed. You can type tenforums.com in addressbar to access this site, without subdomain www.

    Whatever subdomain is used, be it www or downloads or news or whatnot, it's more important to check the naked domain, the last part of URL from second to last dot to the end of it. Naked domain microsoft.com, or if subdomain is used .microsoft.com (dot Microsoft dot com) is the important, revealing factor. Subdomain, whatever is before that second to last dot is irrelevant. If it ends with dot Microsoft dot com it's a valid, official Microsoft site.

    Examples. All below URLs with various subdomains would belong to business SomeBusiness and its naked domain SomeBusiness.com:
    • www.SomeBusiness.com
    • downloads.SomeBusiness.com
    • customers.SomeBusiness.com
    • press.SomeBusiness.com
    • contact.SomeBusiness.com
    • info.SomeBusiness.com

    Kari
    Very helpful.

    1. From what you say I can see that a web address having a naked domain worded "microsoft".com" or "adobe.com" or "paypal.com" etc. must be either genuine or safe. If unsafe it would be rejected by the Internet whatever the thief placed before that naked domain because it would not be recognised by the domain's site. ("microsoft" etc.) (Presumably microsoft have taken ownership of "excel", "word", "powerpoint" etc..

    2. I think I can cope with phishing emails. I would never respond to an email, even one purporting to come from paypal, adobe, microsoft etc., asking me to enter sensitive info.

    3. However, couldn't I, a thief, create a domain called "recoversoft.com", (or "desktop.com" etc. etc.) and a site "http://www.recoversoft.com" and claim in an email that by clicking on a "click here" button will allow you to get details on how to recover lost files better than other methods, etc. etc.. When a victim clicks on that address, the page would immediately search the machine and capture sensitive data?

    4. Or more dangerously, an email would not be needed, just searching in a browser the word "recover" (a reasonable thing to do) could result in recover.com appearing in the search results with some attached blurb saying "recover lost files by visiting this site". The automatic result would be a search of the victim's computer.

    5. I think it would be possible to set up this sort of trap. Therefore the old precaution comes into play: "don't visit addresses where you don't know the genuiness of the naked domain. However, that leaves many genuine sites under suspicion which must be avoided.

    EDIT: I have just looked up recover.com in Whois? and it exists! But the details don't tell me anything about its safety so the check is not helpful.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
MBR2GPT conversion error "please remove the write protection"
so I'm doing the GPT conversion on a laptop booted into windows. I run /convert /allowfullos it creates the new partition but from there i get the message saying the disk cannot be written to because it is write protected. Please remove the write...
Drivers and Hardware
Solved Reanamed "Computer", now 2 of "Me" at login screen.
I tried to rename computer and now there's two entries in log in screen. That new one is set as default and wouldn't accept any password but original (normal) one does. Long in is set on auto but still have to chose between those 2 when...
User Accounts and Family Safety
Solved Strange "SYSTEM" drive has been appears on "My Computer". What's it's?
After last night i have re-turn on my computer about five minutes ago............ i see on "My Computer" i have a new "strange" system drive named F: (C and D it's my HD... E it's dvd burner) whit label "SYSTEM" and i have tryed to access and result...
Drivers and Hardware
Solved Hard drive not showing in "my computer" or "Disk Managment" help?
My hard drive not showing in "my computer" or "Disk Management" but is showing under device manager. I got the hard drive from a friend and his dad had put a Password encryption on it. Any Ideas?
Drivers and Hardware
Computer Occasionally "Hangs" on "Sign Out"
This is a question regarding a computer that intermittently “hangs” at “sign out”. When it hangs, the screen goes black and no commands are possible. The only recovery is to depress and hold the power button. The computer is a laptop Toshiba...
Performance & Maintenance
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:34.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums