How To Keep Your Windows PC Safe and Secure
Viruses, malware and ransomware are everywhere, especially when you browse around the internet. And it's easy to get infected if you're not careful. This is especially true if you're using a Windows PC. Why? Because Windows is still the most popular desktop operating system. That's why hackers mostly target Windows. If you're using Mac or Linux you're much safer cuz hackers spend a lot less time targeting systems with few users. Windows is the biggest target on the desktop.
I'll share a little secret. If you want to be more secure switch to an Apple Mac or Google Chromebook. Those operating systems are pretty secure. But the most important thing is that only a small number of viruses are written for them. So you're much less likely to get infected. But even on a Mac or Chromebook you still have to be careful and keep everything up to date. Once in a while a virus for them will infect users. Another great option is to switch to one of the "Linux distros" but there's definitely a learning curve if you've never used a Linux distro.
Some bad news: To be honest, I don't think someone can be really safe when browsing with Windows. The hackers are really smart and they keep finding new holes in Windows and the popular programs that run on Windows. Microsoft is trying hard to secure Windows, but the hackers are usually a step ahead. And the hackers also target many of the popular programs that run on Windows. A Windows PC expert can make their PC pretty safe if they follow all the steps and keep everything up-to-date. I'll show you what can be done. Just need to follow these steps carefully.
So why do I need to be worried about security? So far I've been fine.
First thing to do is get clear about your level of risk.
- Do you have a lot of important documents, music, pictures and videos on your PC? If you do then imagine if they suddenly disappeared.
- Do you go online to connect to your bank accounts, credit card accounts, investment accounts and retirement accounts? If you do then imagine a hacker has suddenly transferred your money out of those accounts.
- Do you use a credit card? Imagine the hassle of recovering your stolen identity if a hacker takes over your credit card account.
If all these 3 scenarios below apply to you then you don't really need to worry so much about security on your Windows PC.
- If you don't have any valuable documents, pictures, music and videos on your PC then you don't have to worry so much about data backup.
- If you don't have any significant financial or government services accounts online, and you don't do online shopping, then you don't have to worry so much about safe browsing.
- If you don't ever use a credit or debit card online, then those accounts are at less risk.
For more and more people, the 3 conditions above don't apply. Which means more and more people need to take Windows PC security seriously.
OK, you convinced me; I now understand I need to take Windows computer security seriously. What are the first steps?
If you have enough money then find a very good Windows expert who can implement all the steps listed below. Then once in a while have that person come back and make sure that everything is still OK and up-to-date.
If you don't have that kind of money but enjoy technical challenges, then try to implement the suggestions on your own. Just do lots of searches on Google and Youtube to get more details about the steps.
If you don't have the money for a good Windows expert and are not into technical challenges, then probably the best thing is to get a new or used Mac or Chromebook. They're easy to learn. And make sure you keep it up-to-date.
So how do viruses steal my passwords and bank account numbers?
Most viruses use programs called "keyloggers" and "screen scrapers". These stealthy programs record your keystrokes and take screenshots of what you're doing. They'll record when you log into your online bank account or Amazon or when you use your credit or debit card online. Then the virus secretly sends this personal info back to the bad guys. Keyloggers and screen scrapers are very quiet and hard to locate and erase. Viruses can also scan your hard drive for files that contain your passwords, bank account numbers, government ID numbers, etc. Also these viruses use a technique called "man in the middle" to lead you to fake websites that look like your bank's website or Amazon's website. When you log into the fake website the "man in the middle" collects all your login data. Viruses can also do lots of other bad things like encrypt and ransom all your important data, but if I write about all that I just get depressed. :-)
Remember to do a Google and Youtube search for any words and concepts that are not familiar.
Now here's the main steps to follow to make your Windows PC more secure.
- Back up all your important files every few days or even every day. I recommend backing up to an external hard drive and to an online backup service like iDrive, Crashplan or Carbonite. These services are great cuz your backup is not in your home. If your external backup drive gets damaged or stolen you still have all your files at your online backup service. Do a Google search for "online backup service". Don't trust just one backup. You need to backup your important files to two or more locations (one at home and one online). There's an excellent backup program called "Casper" by fssdev.com that allows you to make a "bootable image" of your hard drive. This is very nice. Do a Google search to learn more.
- Ransomware is becoming more prevalent. Ransomware encrypts all your important files and you have to pay to get them back. If you have a recent and good backup then you don't have to pay. Remember to disconnect your external drive every time after the backup is complete. That way ransomware and other viruses can't jump to it.
- Install Cryptoprevent and keep it updated. I recommend purchasing the Pro version of Cryptoprevent at foolishit.com. Cryptoprevent is very good at preventing ransomware viruses.
- Only use the Windows Standard User (aka Limited User) account. Don't use the Windows Administrator account. If you're already using the Administrator account then do a Google search for "how to create a Windows Standard User account" and "how to switch from Windows admin account to standard user account". Why do this? The Windows Admin account is much more dangerous cuz it has higher privileges. That means if you get a virus the virus will also have those high privileges and full access to your system. The Windows Standard User account has lower privileges and if you get infected the virus is more limited in what it can do. This one simple change can block about 90% of viruses!
- Keep your Windows operating system up to date every month. Make sure the Windows auto update is turned on. Every month check and make sure you're getting all important Windows updates.
- Switch to Windows 10 if you can. Windows 10 is more secure than older versions of Windows.
- Get rid of Java. You may have the Java program installed and not know it. Get rid of it if you don't need it. Chances are you don't need it. Do a Google search for "do I need Java installed on my Windows computer?".
- Switch to the Chrome browser and then get rid of Adobe Flash and Adobe Reader. The Chrome browser has good security. If you need to use any other browsers (like Firefox or Microsoft Edge) make sure they're always up to date. Stop using Internet Explorer if you can; it is not secure.
- Use Sandboxie. Remember that many people get virus infections by just browsing around the web and checking their online email. Sandboxie is a program that surrounds your browser with a secure shell. Imagine you have a sheet of clear plastic between you and some paper. When you write on the clear plastic, nothing happens to the paper. When you pull away the plastic you see that nothing is written on the paper. The paper is like your hard drive and the clear plastic is like what Sandboxie does. Sandboxie is about $15 per year. I highly recommend it. You have to learn how to use it properly or you'll get confused. Go to sandboxie.com to learn more. Also search Google and Youtube for "how does Sandboxie work?" and "how to use Sandboxie".
- Use a good anti-virus program and keep it up to date. On Windows 10 I just use the free built-in Windows Defender program and do a full scan about once a week. Windows Defender is a real-time anti-virus program which means it's always running in the background. I also use the free version of Malwarebytes. This is not an anti-virus program but just a virus scanner. That means it doesn't do real-time protection. It just does a very good scan of your computer when you tell it to. I use it once a week. Remember to have only one real-time anti-virus program running. I also use the Microsoft Malicious Software Removal Tool (MRT) once a month. Do a Google and Youtube search to learn about it and how to use it. The MRT is a super good scanner (it's not a real-time program). I don't recommend using the free or paid versions of Avast, AVG, Kaspersky, etc. Security experts are finding more and more bugs in those programs. And some of them will try to grab personal data and sell it to advertisers.
- Turn off autorun. Windows can be set to automatically run programs on USB sticks, CDs and DVDs. This is dangerous! USB sticks are often infected with viruses and if autorun is on then you'll get infected. Do a Google and Youtube search for "how to turn off autorun in Windows". Try to really avoid putting USB sticks in your computer unless you're sure they're safe. Also don't put your USB sticks in someone else's Windows computer. You must assume all other Windows computers are infected with viruses.
- Don't use Hotmail or Yahoo mail. Only use Gmail. Gmail is usually very safe. It seems that Google is one of the very few tech companies that take customer security seriously. Yahoo has made it clear they're profoundly incompetent about customer security.
- Be very extra careful about downloading and installing software from software download sites. Chances are it will be virus infected unless you know how to download safely. Most software download sites (like download dot com or SourceForge) bundle their software with the equivalent of viruses.
- Avoid using debit cards if possible. Try to use only credit cards. With credit cards you have some buyer protection. With debit cards you may not have any buyer protection. Remember that your credit card is not directly connected to your checking account while a debit card is. That means if the bad guys steal your debit card info they may be able to empty your bank account and the bank may not reimburse you. If you must use a debit card then connect it to a separate bank account that has a low balance. Every week or two look at your credit card and bank statements carefully and check for any fraudulent transactions.
- Use a good Uninterruptible Power Supply (UPS) and surge protector to protect your computer from power surges and spikes.
- Get a Microsoft "Signature Edition" laptop. Most laptops have a lot of crapware and bad software pre-installed. These are a big security risk and they'll slow down your PC. The Microsoft Signature Edition laptops don't have crapware. Another options is to just wipe out your hard drive and do a clean install of Windows. But that takes some work and technical skill. Either way I highly recommend avoiding or getting rid of all crapware. The Revo Uninstaller tool is supposed to be pretty good at removing crapware. Just make sure you're removing actual crapware and not programs you may need.
- Turn off Windows "Network Sharing" and "File and Printer Sharing". Search Google and Youtube to get the details.
- Don't use public WiFi unless you're also using a VPN. Public WiFi hotspots are not secure. You must install and use a Virtual Private Network (VPN) on your computer before using public WiFi. I use and like the VPN service provided by privateinternetaccess.com. It's about $40 per year. Search Google and Youtube about what VPNs are and how they work and how to use them. Also install a VPN on your smartphone. Some VPN services are not secure; research carefully.
- Install the LastPass password manager and learn how to use it. Many people use the same password at different sites; this is bad. They also use weak and easy to guess passwords; also bad. Use LastPass to manage all your passwords. It takes some work to learn how to use it properly. Search Google and Youtube about LastPass to get all the details.
- Learn about something called "2 Factor Authentication" (2FA) and use it if its offered by your bank or other financial institution. Many banks and financial sites offer 2FA. An example of 2FA is when the banks texts a code to your cell phone that you then use to log in. The Bank of America “SafePass” card is another example. Search Google and Youtube to learn about 2FA. It's an easy and powerful way to protect your important financial accounts. Ask your bank or financial institution or government office if they offer 2FA. If they don't then ask them to make it available.
- Create a Windows "USB Recovery Drive". Search Google and Youtube for all the details. This is kind of technical but important: Make sure you set your BIOS Boot Order so you can boot from the optical drive and/or a USB drive. That way if your hard dive or operating system crashes you can boot from some kind of recovery disc or USB. I set my BIOS boot order to optical drive, then USB, then hard drive. Search Google and Youtube for "what is BIOS" and "how to set the boot order in my BIOS". I also recommend creating a Windows System Repair Disc or USB.
- Keep your main programs up to date and fully patched. These include all your browsers (Chrome, Firefox and Opera), Microsoft Office programs (Word, Powerpoint, Excel, etc.), iTunes, OpenOffice, LibreOffice, VLC, Skype, Photoshop, other Adobe programs, your PDF program, your anti-virus program, etc. Set them to auto-update if possible.
- Never click on links in emails! Or, if you do, make very sure they're safe links.
- If possible, don't let other people use your computer. Most people don't know how to browse safely and they could easily get your computer infected. Keep it protected with a good password.
- Keep your computer off your home network. If you have a home network I recommend to keep your secure computer completely off the network. Keeping one computer secure is difficult enough. Keeping a home network truly secure is much more difficult. If you need to trade files with other computers at home you can do it thru Gmail, Dropbox, Google Drive and other similar file sharing methods.
- Encrypting files. If you have sensitive info on your computer learn how to encrypt those files. I like a little program called AxCrypt.
- Put a small Post-It Note over the little camera on your laptop. Most viruses will also take over your laptop camera so they can secretly record you. Creepy!
- What about smartphone security? If you're using an iPhone they're pretty darn secure; no worries there. If you're using an Android phone you need to be more careful. Search Google and Youtube for "how to keep my Android phone secure" to get all the details. You should understand what sensitive info you have on your smartphone. That will tell you what your potential risk is if your phone is hacked. Main thing for Android security is to only download apps from the official Google Play app store. Never download apps from anywhere else. If you do this you'll be a lot safer. Also, if you want to use Android, only use one of the Google Nexus or Pixel phones. Google is the fastest at pushing out security updates. Phones from other companies get Android updates late or never. And without regular, timely updates, your Android phone becomes very insecure.
Whoa! That's a lot of steps! I have to do all of them? If you want to stay secure, the answer is pretty much "yes". Like my dentist says, "You don't have to brush all your teeth; just the ones you want to keep."
OK, these are the main things. Let me know if you think I should add something to this list. There's lots of other small things to do to increase security on a Windows PC. Perhaps I'll add to this list when I get time.