Computer Protection. Quote: "This ia all you need"


  1. Posts : 340
    Windows 10 Home 64 bit (with Creators OS)
       #1

    Computer Protection. Quote: "This ia all you need"


    I attended a talk given by a professional computer consultant of many years standing. He said that what you need to protect your computer (Windows 10):

    1. Antivirus:

    Rely on Windows Defender, which is updated frequently. Add a free anti-virus utility if you want but it's not necessary. Virus's nowadays are not nearly as common as people think when their computer misbehaves. No other protective software of any type is needed.

    2. Phishing:

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.

    (b) If Paypal, ebay or Amazon do really send you an email it will look genuine because it will have been sent following a transaction etc. which you had with them recently and which the communication will refer to. Open the email to check.

    (c) It is safe to merely open an email (that is, to look at its message area). However, my Canon printer allows me to look, in the Canon window, at the message of an email before printing it, which gives you an opportunity to decide whether it is genuine.

    (d) If an email (whether you open it or not) comes from a source you don't recognise, never reply to it.

    (e) NEVER visit a web address contained within the message area of an email or in it's attachment unless you are certain that it is safe. If you can't be certain, do nothing.

    3. NEVER, under any circumstances, give out your IP address or computer password, on the phone or otherwise. The same applies to your postal address or any other personal info unless you are sure it is safe.

    4. NEVER, under any circumstances, agree to let anyone access your computer remotely, even if they tell you that "Microsoft have issued a global warning about something and you must take action now which I will help you with on the phone". He will find your bank and PayPal details.
    ---------------------------------------------------

    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address.

    The expert did not mention making a regular backup of your hard drive, which was outside the subject of his talk. But do it.

    Comments please. Thanks.
      My Computer


  2. Posts : 31,471
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #2

    Stevekir said:
    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address..
    Not just Microsoft, other 'big names' do it too. I do a whois lookup on any suspicious address. Sysinternals has a great little whois command line utility I use for that purpose.
    https://docs.microsoft.com/en-us/sys...ownloads/whois
      My Computers


  3. Posts : 233
    Wndows 10
       #3

    I'm quite happy with Widows Defender. I run that program together with a VPN and have never gotten a virus of any kind. Scanning with Malewarebytes never finds anything to be concerned about.
      My Computer


  4. Posts : 175
    Windows 10 Home ver 2004
       #4

    I'm basicially following his advice with the addition of regular monthly scan with Free Malwarebytes.
      My Computer


  5. Posts : 15,441
    Windows10
       #5

    Overall, pretty sound advice.

    in fact, with a bit of polishing up, this would be worthy of a sticky post?
      My Computer


  6. Posts : 5,442
    Windows 11 Home
       #6

    He has made some good points and some discussable. But I give him plus for the effort.
    Stevekir said:
    I attended a talk given by a professional computer consultant of many years standing.
    That is the problem, he has got too comfortable, malware evolves.
    As for the quote, I would say, that it meant: "This is all, he needs."

    Virus's nowadays are not nearly as common as people think when their computer misbehaves. No other protective software of any type is needed.
    I bet millions of people, who got infected just with ransomware, would not agree.

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.
    Webpage name can be obfuscated, it is the lock that matters the most.
    But even a certificate can be faked, to it should be manually re-checked.

    (c) It is safe to merely open an email (that is, to look at its message area).
    Opening an email in HTML is as dangerous as opening an unknown webpage or an email attachment.

    NEVER, under any circumstances, give out your IP address or computer password, on the phone or otherwise.
    Your IP gets scanned thousands times a day by probes, so if you are vulnerable to an attack, giving IP away will not change the fact (mine is 62.197.243.139 and internal 10.10.10.12, keep busy).
      My Computer


  7. Posts : 7,254
    Windows 10 Pro 64-bit
       #7

    Its not just virii any more, theres a multitude of attack vectors now including, malware, malicious cookies, backdoors, trojans and attacks such as wannacry and petya.

    So you're defence has to be robust these days and you have to be comfortable that your machine can withstand them.

    Most users here use a combination of Defender and Malwarebytes which is fine if you're not doing anything nefarious. I recently moved to Bitdefender after Mum managed to get 12 PUPs which weren't caught.
      My Computers


  8. Posts : 17,661
    Windows 10 Pro
       #8

    Stevekir said:
    2. Phishing:

    (a)If you come across a web address somewhere that seems to come from someone reputable like Paypal, Adobe etc., look at the address. If "Paypal" or "Adobe" etc. does not appear immediately after "www.", treat it as fake. Fakes will often address you as "Computer user" and the English used will be rather unusual.
    ...
    ...
    On 2: unfortunately Microsoft write some of their (legitimate) web address where "microsoft" appears a word or two later in the address.
    I think the part I quoted above needs clarification.

    The subdomain must not and will not always be WWW. A good example using a valid and official Microsoft site is subdomain ACCOUNTS as in accounts.microsoft.com. In fact, sudomain is mostly not even needed. You can type tenforums.com in addressbar to access this site, without subdomain www.

    Whatever subdomain is used, be it www or downloads or news or whatnot, it's more important to check the naked domain, the last part of URL from second to last dot to the end of it. Naked domain microsoft.com, or if subdomain is used .microsoft.com (dot Microsoft dot com) is the important, revealing factor. Subdomain, whatever is before that second to last dot is irrelevant. If it ends with dot Microsoft dot com it's a valid, official Microsoft site.

    Examples. All below URLs with various subdomains would belong to business SomeBusiness and its naked domain SomeBusiness.com:
    • www.SomeBusiness.com
    • downloads.SomeBusiness.com
    • customers.SomeBusiness.com
    • press.SomeBusiness.com
    • contact.SomeBusiness.com
    • info.SomeBusiness.com

    Kari
      My Computer


  9. Posts : 31,471
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #9

    Kari said:
    If it ends with dot Microsoft dot com it's a valid, official Microsoft site.
    Problem is, some 'big names' have more than one domain and use addresses that don't end in dot ourname dot com (Microsoft have 'Office.com', for example). An example that I know has previously aroused suspicion of 'spam' is 'facebookmail.com' - but it's apparently legit.
    C:>whois facebookmail.com
    ...
    Creation Date: 2006-01-23T13:38:17-0800
    Registrar Registration Expiration Date: 2018-01-23T13:38:17-0800
    ...
    Registrant Organization: Facebook, Inc.
      My Computers


  10. Posts : 340
    Windows 10 Home 64 bit (with Creators OS)
    Thread Starter
       #10

    Kari said:
    I think the part I quoted above needs clarification.

    The subdomain must not and will not always be WWW. A good example using a valid and official Microsoft site is subdomain ACCOUNTS as in accounts.microsoft.com. In fact, sudomain is mostly not even needed. You can type tenforums.com in addressbar to access this site, without subdomain www.

    Whatever subdomain is used, be it www or downloads or news or whatnot, it's more important to check the naked domain, the last part of URL from second to last dot to the end of it. Naked domain microsoft.com, or if subdomain is used .microsoft.com (dot Microsoft dot com) is the important, revealing factor. Subdomain, whatever is before that second to last dot is irrelevant. If it ends with dot Microsoft dot com it's a valid, official Microsoft site.

    Examples. All below URLs with various subdomains would belong to business SomeBusiness and its naked domain SomeBusiness.com:
    • www.SomeBusiness.com
    • downloads.SomeBusiness.com
    • customers.SomeBusiness.com
    • press.SomeBusiness.com
    • contact.SomeBusiness.com
    • info.SomeBusiness.com

    Kari
    Very helpful.

    1. From what you say I can see that a web address having a naked domain worded "microsoft".com" or "adobe.com" or "paypal.com" etc. must be either genuine or safe. If unsafe it would be rejected by the Internet whatever the thief placed before that naked domain because it would not be recognised by the domain's site. ("microsoft" etc.) (Presumably microsoft have taken ownership of "excel", "word", "powerpoint" etc..

    2. I think I can cope with phishing emails. I would never respond to an email, even one purporting to come from paypal, adobe, microsoft etc., asking me to enter sensitive info.

    3. However, couldn't I, a thief, create a domain called "recoversoft.com", (or "desktop.com" etc. etc.) and a site "http://www.recoversoft.com" and claim in an email that by clicking on a "click here" button will allow you to get details on how to recover lost files better than other methods, etc. etc.. When a victim clicks on that address, the page would immediately search the machine and capture sensitive data?

    4. Or more dangerously, an email would not be needed, just searching in a browser the word "recover" (a reasonable thing to do) could result in recover.com appearing in the search results with some attached blurb saying "recover lost files by visiting this site". The automatic result would be a search of the victim's computer.

    5. I think it would be possible to set up this sort of trap. Therefore the old precaution comes into play: "don't visit addresses where you don't know the genuiness of the naked domain. However, that leaves many genuine sites under suspicion which must be avoided.

    EDIT: I have just looked up recover.com in Whois? and it exists! But the details don't tell me anything about its safety so the check is not helpful.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:14.
Find Us




Windows 10 Forums