What are the biggest security threats to my PC?
Security threats vary greatly depending on who uses a computer and how they use it. Users without internet access who rarely install software should have little to worry about. Everyone else (the majority) must be careful to avoid being victimized by the huge tide of viruses, spyware and malware out there. Here is a quick (by no means complete) list of things to be wary of:
• The most serious threat to your PC is probably you. Viruses are often spread because people are careless or misinformed about basic PC security. Who uses your PC and what do they do? What software gets installed? What web sites are visited? Keeping track of these things is an important start.
• Exploitable and out of date software. Don’t install software you have no reason to trust and keep the software you do use updated. Most “hacks” exploit security problems which have already been fixed, but users never install. Set Windows Update to automatic and turn on “autoupdate” on all software which supports this. Regularly check vendors for updates to your most used programs.
• Spyware/Adware/Malware. For a “multimedia rich” online experience, browser plug-ins are sometimes required. Unfortunately, some plug-ins (aka “Browser Helper Objects”) can be used by web sites to install software on your machine without your knowledge. [Have someone] set your browser security settings to the most restrictive possible settings which still allow browsing functionality. Pop-ups and scripts should be blocked by default and only enabled if you explicitly allow them for specific (trusted) sites.
• Ransomware. Ransomware is malware which encrypts your files, deletes the originals and holds the encryption key (the only way to recover your files) for ransom. SRO Systems STRONGLY recommends never paying a ransom or having any contact at all with the attacker. Frequent, offline backups are your best protection against ransomware.
• IOT. In the past, we worried most about attacks from OUTSIDE our own networks. These days, your biggest threat could be your doorbell! When installing ANY new internet connected device, please do at least the following: 1) Create a unique & secure password, 2) Be sure the device is up to date, 3) If possible, don’t give it access to the rest of your network.
Best practice is to have two or more routers, the first for your “trusted” devices (PCs, etc.) and the second for “set and forget” devices (like light-bulbs and door bells). The routers should be configured so the second network cannot directly access the first, but the first can access the second. That way your cheap, mass-produced (and likely insecure) IOT devices can get to the internet, but cannot easily get to your computers or primary router if they are compromised.
How can I secure my PC?
First, understand a PC will never be completely secure on a network. The only truly secure environment is unplugged from the net and physically protected from any unauthorized access. That said, you can stay reasonably safe by keeping your software up to date and installing firewall, anti-virus and anti-spyware programs.
Firewall: A firewall ‘shields’ your computer from the internet by blocking ports and programs from unauthorized access. There are ‘hardware’ and ‘software’ firewalls. A ‘hardware’ firewall is a dedicated box between your computer and DSL/cable modem. If you have a router, it should act as a firewall, but check the documentation to be sure. A ‘software’ firewall is a program which runs on your computer and inserts itself between programs and the network, asking your permission when a new program wants to connect to the net. A software firewall has an advantage in that it can enforce what local programs can access the internet… but unlike a hardware firewall, it use system resources (ram, cpu) to run.
Anti-virus: Anti-virus software scans your computer for virus infected files by comparing the files on your system to known virus signatures collected by the antivirus software vendor. Antivirus software should be configured to run all the time and monitor files you download from the internet so it can warn you before you inadvertently run an infected file. A few good (and non-resource hog) antivirus programs are Avast, Avira and bitDefender. Microsoft also has an effective (*FREE*) antivirus called Windows Defender.
* Anti-spyware: Anti-spyware software checks your computer for spyware programs and tracking information used to report your online activities to 3rd parties for marketing purposes. It also will typically keep track of websites distributing such software and allow you to block them at the browser.
Two well known Anti-Spyware programs are Malware Bytes Anti-Malware and SuperAntiSpyware. Both have free and paid versions.
All software should be kept up to date, but anti-virus and anti-spyware programs should be updated much more frequently (daily) in order to protect you from newly released exploits.
* Ransomware protection: The best protection against ransomware is OFFLINE BACKUPS. Ransomware will attempt to encrypt any documents it finds attached to your system, so the only backup safe from ransomware is one your PC cannot access. Having multiple external backup drives and swapping them so one is always disconnected can protect both against ransomware and against failure of your backup drive. Most cloud backup services should now also protect against ransomware (keep multiple versions of your files, scan to check if they become encrypted, etc.), but be sure to check with your backup service to be sure.