Hey guys, I just wanted to quickly write a tutorial about some basic
computer security. First, you have Windows 7 installed
freshly with no current infections. A fresh install is best. Second,
you are a moderate user of the internet.
Basic Security Applications
You are going to want a few applications to help you out along the way. First off, you will need two (2) anti-malware programs. This is to ensure that if one misses something, you have a second one to make sure. I personally use Microsoft Security Essentials (MSE) and Malwarebytes Anti-Malware (MBAM). Update these as often as they need to be. Run both of these every single day. Once a week minimum, but daily is far more advantageous.
If you torrent, you will want PeerBlock. PeerBlock basically blocks your peers, especially RIAA, the govt, and other unsavory sorts from tracking who you are and what you're downloading. If you don't use PeerBlock, you can almost guarantee getting caught at some point.
For web browsing, you're going to want to use Mozilla Firefox. Other's will probably recommend Google Chrome, but Google has been known to extensively spy on users, and keep their data indefinitely. As for extensions, some good ones would be AdBlock Plus to block ads from displaying, FlashBlock to keep Flash objects from playing and potentially infecting you, HTTPS Everywhere to force websites to use SSL which encrypts your traffic so packet sniffers can't steal your credentials, and NoScript which blocks JavaScript and Java from automatically running which is used to infect many people without their knowledge. These addons, combined with Firefox, will help protect you.
Good Password Practices
It may come as a shock, but many online accounts are compromised simply by brute-force attacks. This is where a program simply forces many possible combination of letters, numbers, and symbols at a website until one of them is the correct password, which unlocks the account. It is relatively easy to stop this, for the most part, however. But remember, nothing is 100%. The best way to protect your online accounts is to use a password manager. I am a huge fan of LastPass because of it's convenience. It may not be the most secure, but it works for my purpose. You will want to go to every account you have online and change the password to something secure (LastPass has a tool where it will generate a random string of numbers, letters, and symbols of any length - use at least 20 characters. 40 is better.). Have LastPass save all of your login credentials and secure your LastPass account with a password you will remember, but is equally difficult to guess. I use Passphra.se for all the passwords I have to remember. Here is a great explanation for why it works so well.
I only have to remember four passwords, total. One to log in to my computer. One for the wifi. One for LastPass. And one for my school accounts (computer, grade checks online, etc.) All of these come from Passphra.se and I tack on a couple easy to remember numbers at the end and make the first letter a capital (not for security, it's just my habit).
Basic Security Applications
You are going to want a few applications to help you out along the way. First off, you will need two (2) anti-malware programs. This is to ensure that if one misses something, you have a second one to make sure. I personally use Microsoft Security Essentials (MSE) and Malwarebytes Anti-Malware (MBAM). Update these as often as they need to be. Run both of these every single day. Once a week minimum, but daily is far more advantageous.
If you torrent, you will want PeerBlock. PeerBlock basically blocks your peers, especially RIAA, the govt, and other unsavory sorts from tracking who you are and what you're downloading. If you don't use PeerBlock, you can almost guarantee getting caught at some point.
For web browsing, you're going to want to use Mozilla Firefox. Other's will probably recommend Google Chrome, but Google has been known to extensively spy on users, and keep their data indefinitely. As for extensions, some good ones would be AdBlock Plus to block ads from displaying, FlashBlock to keep Flash objects from playing and potentially infecting you, HTTPS Everywhere to force websites to use SSL which encrypts your traffic so packet sniffers can't steal your credentials, and NoScript which blocks JavaScript and Java from automatically running which is used to infect many people without their knowledge. These addons, combined with Firefox, will help protect you.
Good Password Practices
It may come as a shock, but many online accounts are compromised simply by brute-force attacks. This is where a program simply forces many possible combination of letters, numbers, and symbols at a website until one of them is the correct password, which unlocks the account. It is relatively easy to stop this, for the most part, however. But remember, nothing is 100%. The best way to protect your online accounts is to use a password manager. I am a huge fan of LastPass because of it's convenience. It may not be the most secure, but it works for my purpose. You will want to go to every account you have online and change the password to something secure (LastPass has a tool where it will generate a random string of numbers, letters, and symbols of any length - use at least 20 characters. 40 is better.). Have LastPass save all of your login credentials and secure your LastPass account with a password you will remember, but is equally difficult to guess. I use Passphra.se for all the passwords I have to remember. Here is a great explanation for why it works so well.
I only have to remember four passwords, total. One to log in to my computer. One for the wifi. One for LastPass. And one for my school accounts (computer, grade checks online, etc.) All of these come from Passphra.se and I tack on a couple easy to remember numbers at the end and make the first letter a capital (not for security, it's just my habit).
Make sure your firewall is on.
Run your anti-malware programs every day.
Never give out a password for any reason.
Most of all, use common sense. If you get an email claiming you just won a $20 million Nigerian lottery, it's probably a fake.
If there is anything you would like to add, please feel free to tweet me @Dxdevilx or drop me a line at dxdevilx@h4ck3r.in All your ideas and suggestions are appreciated
Some great tips for security here, recommend this
ReplyDelete