Hacker Defense: Your SEVEN Point Tuneup

Category: Security

If it seems the online world gets more dangerous every day, you’re not wrong. The AV-TEST Institute reports over 450,000 new malware samples are discovered DAILY. (That's up from 350K two years ago.) Thousands of social media accounts are hacked every day; and untold millions of consumer records compromised in data breaches are used by hackers in increasingly clever attacks. Your defense systems must be kept in tip-top shape. Here are seven ways to harden your system against hackers…

Beef Up Your Security Defenses

You take your car for preventive maintenance on a regular basis. Engine oil, spark plugs, filters, wipers, and tires are important things that need attention in order to stay safe on the road. But most people don't give a second thought to staying safe online. Here are seven things you should keep in mind to "tune up" your computer against malware, hackers and data thieves. Failure to do so is like rolling the dice, and hoping to beat a set of odds that are stacked against you.

1: Update all of your software, from end-user applications to the operating system. Automatic software updates are the easiest, most consistent way to go. Make sure automatic updates in Windows Update are turned on, and in every application software package you have that offers automatic updates. Then install a “universal” software updater, such as Patch My PC. It catalogs all software on your system, and finds your stuff in its database of several thousand develper sites that it monitors for new updates. When a new update that you need appears, it downloads and installs it automatically. See my article Here's Why You Must Keep Your Software Updated (and how to do it for free) for links to Patch My PC and other related tools that will help you safely install and update your software.

2: Activate two-factor authentication (2FA) everywhere you can, on your devices and on all sites that offer 2FA. It may seem to add another layer of complexity that slows you down, but the opposite is true. My article [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts describes how to use 2FA.

Security Checkup

Here is a riddle whose answer will seem heretical: When is it safe to use “password” as a password? No, I have not lost my mind or been paid a bribe by the hacker community. The answer is, when you have two-factor authentication (2FA) enabled! Even if a hacker guesses your password on the first try, they can’t get into your account without the second authentication factor - a code sent only to your phone, or a USB key in your pocket, or your fingerprint, or a scan of your retina, or whatever. Google and Facebook call 2FA “login approval,” while Twitter and Microsoft call it “login verification.” Your bank may call it something else. Inquire about 2FA and use it wherever you can.

You might wonder if it's safe to use the same, simple password on all sites where you have 2FA enabled, because the second authentication factor will be unavailable to a hacker. I'd advise against doing that; consider what might happen if you lost your phone.

3: Use Strong Passwords

For other things that need passwords but don’t offer 2FA, use a password generator/manager such as RoboForm, LastPass, or Dashlane. A password manager not only generates strong passwords for you, it stores them in an encrypted database, and enters them automatically for you on website login pages. All you need to remember is your master password. Dashlane can even update passwords regularly.

Password managers can help avoid weak, easily guessed passwords, and take the pain out of creating and remembering unique passwords for every online service you use.

Shutting Down Other Attack Vectors

4: Encrypt your storage devices so that even if your laptop or phone is stolen, its data cannot be read without the encryption key. Windows 7, 8.1, 10 and 11 include Bitlocker encryption. VeraCrypt is the free, open-source successor to the popular but now defunct TrueCrypt. Android and iOS have encryption enabled by default.

Just remember that if you don't have a screen-lock pin or password, all the encryption in the world won't help you when your computer or mobile device is lost or stolen.

5: Reduce the “surface area” that exposes you to potential attacks on your privacy and security. Start by uninstalling of programs and apps that you really don’t need or use. Most software has at least one vulnerability; why leave openings for hackers lying around? Windows 10 and 22 offer finer control of app permissions. Type “privacy” in the Search box and open Privacy Settings from the results. The General tab lets you toggle broad categories of app permissions. On mobile, be careful to check the permissions that apps want (or already have). If you have the Android operating system, you can open Settings > Apps, tap an app’s name, then tap App permissions. From there, you can toggle individual permissions on or off. Does that fun word game really need access to your contacts, photos and messages? No.

Don’t neglect all the apps that you have given permission to access your Facebook, Google, Twitter, or other “identity” accounts. Go through the “app permissions” sections on each of your social media accounts and disallow apps you no longer use. Make use of the privacy and security checkup tools provided by Microsoft and Google, which I described in Tweak Your Microsoft and Google Privacy Settings.

6: Defend against ransomware.

Millions of ransomware infections were detected last year, costing consumers and businesses billions in losses. Clicking on malicious links is still the primary vector for ransomware attacks. My best advice is to make regular backups and be very careful where you click. The old advice of "Never click links or open attachments in emails from someone you don’t know" is no longer good enough. Remember that malicious links can be unwittingly sent by family, friends, colleagues, or forged to look like it came from someone you know. Malicious emails that mimic the look of your bank, eBay, Paypal, the police, the IRS, UPS or other companies familiar to you are designed to catch you with your guard down, and trick you into clicking right into the ransomware trap.

My article Ransomware: Are You at Risk? has some additional info and links for both prevention and recovery.

7: Upgrade your security software. I ditched Avast Antivirus and started using PC Matic's SuperShield back in 2018. As I described in my PC Matic review, SuperShield uses a whitelist approach that allows only known-good programs to run on your computer. This is in contrast to other security tools that rely on blacklists of known malware. Did I mention that 450,000 new malware samples are discovered daily?? It's nearly impossible for traditional anti-malware tools that rely on blacklists to protect you from all existing and emerging threats. So far, PC Matic has caught several things that slipped past Avast.

Do you have any tips to share that are related to staying safe online and protecting your privacy? Post your comment or question below…

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Oct 2022

For Fun: Buy Bob a Snickers.

Prev Article:
Malware and Spam: Why Do They Exist?

The Top Twenty
Next Article:
Eggs and Router Security (my advice...)

Most recent comments on "Hacker Defense: Your SEVEN Point Tuneup"

Posted by:

25 Oct 2022

I had gone to PC Matic and have been having very good protection for over 1-1/2 years now..

Posted by:

25 Oct 2022

Don't forget to update your router if you are able to do that.If your router is un-updatable,it might be time to get a newer router.

Think again if you feel you need your refrigerator or light bulb connected to the internet.Some of these IoT devices cannot be updated.Security is the last thing thought about with these devices.

Posted by:

25 Oct 2022

PatchMyPC checks for and can update (or install!) some 300 free software packages - not thousands. Chocolately does do thousands of software packages but is more than a little geeky. I recommend PatchMyPC for both installing and updating popular free software.
Bitlocker is great, but only available on Pro versions of Windows. Veracrypt is great, but again geeky to encrypt system boot drives. But just used for creating a secure flash drive or folder Veracrypt can not be beat. And it's free!
Your *first* line of defense is your own behavior, not everything on the Internet is true.

Posted by:

Ernest N. Wilcox Jr.
25 Oct 2022

I completed the first six items on Bob's list some time ago. For number seven, I use Microsoft Defender with Ransomware Protection enabled on Windows 11-22.

The most important thing I do is check EVERY link before I click. I hover my mouse over EVERY link on EVERY webpage or email message I get BEFOER I click to ensure that the URL the link will take me to matches the content on its label (e.g.: a link with BestBuy on the label should contain a URL that starts with 'https://bestbuy.com/'. If not, I don't click! Instead, if the link is in an email message, I delete the message, if it's on a webpage, I get outta' there! If I get an email that purports to come from someone I know, I contact the purported sender BEFORE I open the message (zero trust - that my friend actually sent the message) to ensure (s)he sent it. If so, I open the message, but if it has a link, I still check the label against the URL (I said EVERY message, right?). Some of what I do may look like overkill, but I have never had malware on my system (I knock on wood after saying that).

An alert user is a computer's best defense against malware, now more than ever,


Posted by:

26 Oct 2022

Suppose I have PC Matic installed, and Program A is on my computer and recognized as 'good'. And eventually Program A is sold to Company B and is now no longer good because of shady business practices in Company B. Will PC Matic still recognize Program A as 'good' or will it take the sale to shady Company B into account?

Posted by:

26 Oct 2022

The danger of losing access to your accounts if you lose or damage your phone is real and something to keep in mind. However, I've found that many sites (including my bank) give you a choice of where to send the code. Typically, you will get a choice to send the code to your phone or to your email - keep that in mind when you register on the site and are asked for your email address. I have also seen a few 2FAs that will send a voice message to your landline phone.

Posted by:

David Serfass
26 Oct 2022

I remember that a while back you published an article about 'locking down' your router. Could you run it again or provide a link to it?

Posted by:

26 Oct 2022

I think Number 1 should be to have a data backup plan in place and running automatically. Everything else is great for prevention but keep a backup if the line of defense fails.

Posted by:

26 Oct 2022

Sorry Bob but our experience with PC Matic and their "whitlist" has not gone perfectly for us.

We got something I was not sure of on our computer so I wrote them and after some back and forth they confirmed it "was not good" to leave it on our computer and sent us to MALWAREBYTES to get rid of it.

Maybe because we have a lifetime plan they don't care so much? We were not impressed though.

Posted by:

28 Oct 2022

With all due respect to Lucy, PC-Matic did what it was supposed to - it prevented a suspicious or unrecognised item from installing, and told you. If you installed it anyway, you only have yourself to blame. Had it happened to me, the offending item would have been dumped. Period. Yes, I'd have advised PC-Matic for them to investigate, but unless it was definitely approved, or I KNEW for certain, that it was OK, it wouldn't get near my machine. THAT is the whole idea of the 'whitelist' approach - ONLY known, checked and tested items are allowed. If you by-pass it, and install unrecognised stuff, it's not their fault.

And I have no connection with PC-Matic other than as a very satisfied user.

Posted by:

05 Nov 2022

Because I don't have a cellphone (I rarely go out so what's the point), one of my banks sends a message to my landline when I want to connect. This certainly works but is very awkward for me. I have to get up and walk to the phone (I'm 90 and getting up is hard), answer the phone (I have a hearing problem), hold the phone in my right hand (my better ear is on the right) and write down the number (I'm right-handed). As it is, I usually wait to connect until my daughter can answer the phone. I wish there was a better way.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Hacker Defense: Your SEVEN Point Tuneup (Posted: 25 Oct 2022)
Source: https://askbobrankin.com/hacker_defense_your_seven_point_tuneup.html
Copyright © 2005 - Bob Rankin - All Rights Reserved