Do you know how to keep your computer safe from malware and viruses?
Modern day living requires the use of computers as well as the internet and online services. However, without taking courses on computer, you are left to fend for yourself with keeping your accounts safe and your data secure. That’s where NautilusMODE comes in. This article will teach you the basics of online security so you know exactly how to keep your PC clean and your accounts safe. So lets get started with a crash course in Computer Security.
Only download files from trusted sources. This would be the software company/group or store that distributes it or your devices app store. Third part sites may also list the software, but without additional efforts to ensure it is the same as from the source it cannot be trusted.
Downloading software cracks or illegal software/media should never be done. Even if you own the software/media in it’s original form. Depending on where you live this may be different, but most likely it is still illegal to download a copy of something that you own in another form or through illegal manners. If you do not head that warning and still download these kinds of files you will want to consider that if someone was smart enough to crack the software/DRM, they are more than capable of inserting additional code which could be malware, viruses, trojans or keyloggers.
Only download software and media from known trusted sources, and only download software/media legally. Any other method is prohibited by law and could easily infect your PC or device.
Browsing Online: Know your URL and what you are doing
When browsing the internet be sure to use a pop-up blocker and know where you are and where you are going. It is almost trivial for someone to mock up a site to look like your bank or credit card provider and trick you into entering your user name and password. Always verify your URL and always look for an HTTPS in the URL before entering your ID/Password to log in. HTTPS ensures your connection is encrypted so eavesdroppers cannot see what you are doing and a verified URL ensures you know you are really on Facebook instead of a look alike.
In addition to knowing where you are, be conscious of what you are doing. One of the last computer infections I saw was obtained while a user was installing a game and browsing the web at the same time. They clicked yes to install the malware as it popped up when they were expecting prompts from their game installer. Do not browse the web while installing software as you could easily click yes to a wrong prompt that would enable viruses or malware to be installed on your PC.
Stay away from sites that seem shady. You know which ones, because you probably have to ask: “Is this legitimate?”. Nothing is truly free and if it is offering something that seems to good to be true it probably is and has malicious intent.
Read All Dialog Boxes and Installer Windows
Read everything. Many times free programs can come bundled with additional unwanted software, or software that changes your internet search provider in your web browsers. This can go as far as monitoring your browsing and even malware that will send your browsing data to third parties. Always read each screen in any window while installing or upgrading software. I know it may seem a bit of a hassle but to be extra safe, this should be done always.
Account Access: Long Passwords, Two Factor, Update Often
When creating passwords for your accounts/devices, do not use anything that is short. What is short? Modern day passwords should be at least 16 characters long to take sufficient time to be brute forced. This will change again in the future as computing power increases and cost of parts decreases. Pick passwords that are unrelated to you. With most of us having online presence it becomes easy for an online criminal to research you to get names of pets, previous residences, schools attended and names of relatives and friends. Do use long nonsensical unrelated word phrases that are easy to remember such as ‘AirplaneOceanFlagBeagle19!’ (do not use this one though as its safe to say it has now been added to a password cracking list). Do not use ‘Fluffy123’ or worse ‘Password123456’. (Worse because its the(or close to) number 1 used password found in data breaches.) It will be attempted by hackers.
Long passwords work because hackers have to go through every iteration of characters to find a match, every time you increase the length by a single character it significantly increases the difficulty to crack it. There are shortcuts to cracking passwords such as rainbow tables which are precomputed hashes of encrypted passwords. Pick something long that most likely wont be present in such a table. The baseline is important though, and I would not recommend using anything less than 12 characters.
Do not reuse passwords. Ever. If you do, an attacker can find out your password for one service and then break into all of your others. This is especially important considering emails are common userid’s. Thus once your email and password are found to work on forum, store or data breach, they can then use this to log into lets say another online store that keeps your payment info on file allowing attackers to get your bank info indirectly from the initial breach.
Lastly change your password often. Make it a point to change your passwords at least once per year.I would recommend updating them every 3-6 months for good security and more frequently for high security. The longer your password remains the same, the greater chance is that it may be being cracked by a hacker.
All these password tips hold true for phones as well. Lock your phone with at least a long pin number to ensure no one can open it and access your apps that may have logins saved.
Regarding two factor authentication, use this on any account that you need to retain control over. I have run into times where it can be a hassle so I understand wanting to skip it. However, the benefits far outweigh the annoyances. Two factor authentication allows you to use a code via email or phone to prove you are who you are while logging in. Although an extra step it would require an attacker to not only have your id and password but also the associated device or email that it sends the code to. The odds of this are very low, allowing for top notch security.
Update Your Software
Ensure all your software is up to date. This means your OS(Windows, Mac, Linux, Android, iOS) as well as your web browsers. Out of date software contains vulnerabilities that can allow new paths for attackers to get a hold of your information. Just running updates is enough to stop them dead in their tracks for certain ways into your system.
Although nice, and usually offering some kind of convenience in your web browser, extensions are software like anything else. They need to be updated regularly and come from trusted sources. Yes, that theme to color your browser window may look nice, but could contain code to compromise your system. Only install verified extensions.
Always run an antivirus/malware scanner and keep it up to date. Yes, this can include OS X as well. Linux can get viruses too, but generally OS X, Linux, Android and iOS require you to install the malware in the first place. So although it may be redundant, if you don’t have good practices of installing trusted software and staying off shady sites, you need anti-virus. If you have to question it, you need it. No device is immune to malware/viruses.
Public Hot Spots/Free WiFi Do’s and Don’ts
When using a public network or PC, always assume everything is being logged. (I wrote an article previously on using public PC’s here) Yes, this even includes if the WiFi is ‘secured’ with a password. The only way you can currently truly be protected while using public internet is to use a VPN. A VPN is a virtual private network. This is an encrypted(fully secured) tunnel to the internet and you can purchase access to one which with proper software on your device allows you to encrypt your connection from it through the access point all the way to the main internet(exit node).
With this in mind, do not log into accounts you don’t want compromised on public networks. Also, disable automatic services on your device before connecting as email and messaging services generally attempt to connect as soon as the device connects to a hot spot. This will allow account information to leak into the insecure network.
Turn off auto WiFi connect. Your device/software you use may have the option to auto join networks without passwords to not use data or enable connectivity, however this can allow all your background programs to send data through insecure channels without you knowing it. If you need to access financial information or other high profile accounts, you must use a VPN on public networks.
Consolidate Online Accounts
It is never to early or too late to revisit all the online accounts you have and see which you can close. The fewer online accounts you have the smaller footprint you have making you a smaller target for online criminals. Bonus: Fewer accounts = less items to worry about and keep track of.
Log off/sign out
Always remember to sign out of any PC or services you are using. On public PCs you never know who will come use it next and access your account. In addition if you have a user account, be sure to log off the PC. You never know who will use it next and you don’t want anyone to do anything as you.
Be Aware of Others Around You
Although not an online threat, others could watch you enter your password and memorize it. Having a longer password can help, but those savvy enough could be recording you.
Do not share your passwords with anyone. It is OK to keep a password book so long as you keep it in a secure location (i.e. not with you all the time unless its encrypted and not at your PC in plain site and is locked up so that guests or others can’t access it.) A better plan would be to use a password manager that encrypts all of your passwords if the above conditions cannot be met for a password book.
I know this is a rather long list, but hopefully you can find each point easy enough to follow and remember. Once you understand the risks and reasoning behind each step it should become easy to follow.
So, remember the above measures and keep yourself safe online. Please feel free to leave any questions or comments down below!