Most people don’t think about Windows security threats until it is too late. Case in point, my lovely girlfriend. She contracted a virus on the laptop that we share. The 3 hours it took me to clear it all off I am never getting back and the opportunity cost hurts. When I spend my time in front of a computer I need to be making progress…
Windows Security Threats
This latest virus episode illustrates one very important concept. If anyone else is using your computer, set up another account for them. This is not the first time this technique has saved me. Previously my nephew was sharing my laptop and he got social engineered over the phone into installing a virus… Both that time and this latest virus were contained to their shares and did not corrupt any of my data. Make sure that you set up other users with a limited account.
Chrome Extensions Are Safe, Right?
One threat that you might overlook is installing Chrome extensions. This is how Teresa contracted a virus; she erroneously thought that extensions were created by google, so they must be safe… Google was on point removing the extension and the offenders website was also yanked down. Wrong guy, wrong laptop dude. I was extremely surprised to find out that a Google funded study found 5% of Chrome users have add-on based malware installed. During their last audit of extensions in the Chrome store Google found over 200 extensions with some sort of security issue. These issues ranged from poorly coded, insecure extensions to full on malware. Bottom line, do not trust Chrome extensions unless you trust the source of that extension.
Phishing : Hook, Line, and sinker
Speaking of social engineering, unlike nephew’s episode, a social engineered hack does not have to involve a live person. Even with all the warnings, security software, and other safe guards – users are still manipulated into giving it up in phishing scams. Phishing emails seem to be from reputable companies asking users to reveal personal information, such as passwords and credit card numbers.
Phishing is how the Democratic National Committee got hacked. Someone at the DNC clicked on a link in a random email. The next thing they knew, news outlets were publishing DNC internal emails outlining how they screwed Bernie Sanders out of the nomination. The moral of that story is to never click on links in emails from people you don’t know. Never. Don’t do it. Ever. Even sites that you use regularly, navigate to them in your browser NOT from a link in an email. Phishing.org has more info about how to stay safe from these types threats.
If you have a Windows laptop and you connect to an insecure public network you are ripe for the picking. Every keystroke you send can be intercepted by other people on the network. If you must use a public network there are a few ways can help protect yourself. First, only connect to sites that are secured by ssl – sites that have https instead of just http. Next, turn off turn off file and print sharing. Finally, use the built in Windows firewall, it is not fail-safe, but it is better than using an open network without it.
Allot of Windows security is common sense. Would you believe that there are still people out there using Windows without any type of Malware protection? It’s true, I see it on the reg… Almost as bad are people who do not keep their Windows updated. Some people even turn off automatic updates! This is foolish and there is no reason to do this. It is completely irresponsible and is only a matter of time before they are pwned.
Additionally some people don’t use the built in Windows firewall. This is foolish as well, and in my experience happens because people don’t understand firewalls. If something is being blocked by the firewall don’t just turn it off. Additionally don’t just punch a hole for it either. Make sure that is is something that needs access to the Internet, and if so, give it the appropriate privileges.
It’s impossible to be one hundred percent safe if you are connected to the Internet. However, with a little knowledge and effort you can secure your computer to a reasonable degree. At the very least if you are not an easy target most likely the bad guys will move on to someone that is an easy hack.