PC Security

PC Security Options, Fixing Slows PCs, and Internet Password Security (incl Password Managers)


Disclaimer. The following information was provided by Shed members and whilst most is generic and available from Microsoft and others, comments on any products are neither endorsed nor recommended by Melba Shed

Fix Slow PC’s Especially Windows XP and Vista as a pdf file

Internet Password Security (including Password Managers)


PC AntiVirus, Malware and Firewalls Options

Download PC AntiVirus, Malware and Firewalls Options as a pdf file

Suggested Free Security Programs for Windows Users

Microsoft’s suite of free protection programs will protect most users. These include Windows Firewall, and Microsoft Security Essentials. (The latter replaces the basic Windows Defender). However if you want more robust protection you might consider some of the better free options like Avast, AVG or paid solutions like ESET NOD.

If you just use the above you should also have in your arsenal Spybot, SuperantiSpyware and MalwareBytes, Spybot is useful in picking up common spyware and cookies problems. The last two are more successful in getting rid of some nasty Trojans like Vundo and Virtumonde and their derivatives. However you generally will not need to run these programs regularly. For day to day Windows Defender or Security Essentials will handle most things

Alternatives

The best free Antivirus programs are AVG free and Avast Free Antivirus (Phil likes AVG as do many users. Others prefer Avast as it runs easily and updates auto and it hardly slows you down. It’s also a firewall). Also, Avira and Comodo are excellent free programs

In a voting poll in Lifehacker, readers voted AVG best, with Security Essentials, second, NOD third, followed by Avast and Avira

Malware/Spyware Spybot, SuperantiSpyware and MalwareBytes. The last two are excellent for nasty things like Vundo/Virtumonde trojans. Only use when required

Free firewalls  Zone Alarm free is good and also Comodo’s firewall. Avast also has a firewall built in. Microsoft’s included fire wall is probably good enough for most users

Windows Defender. This is Microsoft’s original antivirus program. It will be uninstalled if you use MSE. In Windows 8 this has been reborn and MSE dropped.

Windows Firewall. This is Microsoft’s built in Firewall and will work well in conjunction with MSE and the MSRT

Free AntiVirus

Avast! Free Antivirus avast! Free Antivirus represents the best free antivirus protection currently available on the market. This edition is FREE OF CHARGE for non-commercial & home use

AVG Free Edition Version AVG Anti-Virus Free Edition is trusted antivirus and antispyware protection for Windows available to download for free. In addition, the new included LinkScanner® Active Surf-Shield checks web pages for threats at the only time that matters – when you’re about to click that link

Avira AntiVir Personal Avira AntiVir Personal – FREE Antivirus is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, Trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected

Paid AntiVirus

One of the best is ESET NOD32 NOD32 AntiVirus ESET NOD32 Antivirus is the most effective protection you can find to combat today’s huge volumes of Internet and email threats. It provides comprehensive antivirus and antispyware protection without affecting your computer’s performance. Using advanced Threat Sense technology, ESET NOD32 Antivirus proactively protects you from new attacks, even during the critical first hours when other vendors’ products aren’t aware the attack even exists. ESET NOD32 Antivirus detects and disables both known and unknown viruses, trojans, worms, adware, spyware, rootkits and other Internet threats. ESET NOD32 Antivirus is also one of the fastest antivirus solutions, so fast you won’t even notice it running. And it’s both incredibly easy to use yet simple to tailor for your specific needs.

Free Spyware Removers

Spybot Search & Destroy

Spybot – Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies.

Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don’t want them to see what you have been working on. And for professional users, Spybot-S&D allows you to fix some registry inconsistencies and extended reports

SuperAntiSpyware

SUPERAntiSpyware Professional features advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet

Malwarebytes Anti-Malware

Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start

Free Firewall Programs (you don’t need these if you use MSE or Avast)

ZoneAlarm Free

ZoneAlarm Free Firewall blocks hackers from infiltrating your home PC by hiding your computer from unsolicited network traffic. By detecting and preventing intrusions, ZoneAlarm Free Firewall keeps your PC free from viruses that slow down performance, and spyware that steals your personal information, passwords, and financial data

Comodo Internet Security

Comodo claim that their firewall is unique in that it passes all known leak tests to ensure the integrity of data entering and exiting your system. Comodo has put firewall through all kinds of sophisticated tests to ensure its firewall powerful enough to ward off these attacks with default settings. It also offers an antivirus option which you can optionally instal

Excellent Software and Security Sites

http://www.filehippo.com/ http://www.cnet.com.au/downloads/ Microsoft’s Security page

Super Antispyware

SUPERAntiSpyware Professional features advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet.

Malware bytes Anti-Malware

Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start.

Password Security and Password Managers

You should also read and comprehend Password Security and Password Managers below

Internet Password Security (including Password Managers)

Lifehacker rates the best password managers 2015  KeePass, LastPass, Dashlane, 1Password and RoboForm were the five.

FilterJoe’s Best Password Manager site and reviews. Also defines what you need in a password manager

A secure Life’s Review of the best password managers. They also give a good overview of the concepts

Free Password Managers Options

Keepass Password Safe is a free password manager and worth looking at. It manages the password for the Windows network logon, your e-mail account, your FTP password, online passwords (like website member accounts), etc. KeePass doesn’t come with built-in browser integration, but you can invoke a global, auto-login keyboard shortcut (Ctrl+Alt+A by default) when KeePass is running in your system tray. There are two versions of KeePass with 2.1 being the best but does require Microsoft Net Framework >2.0. This is definitely worth considering and as its free maybe should be at the top of our choices. It can be used with Dropbox to provide a nice synchronised solution for multiple machines

LastPass is definitely worth considering as its free and supposedly does all that RoboForm does. It works in Firefox, Internet Explorer, Chrome and Safari (Mac) and acts as a password manage for all your web logons. LastPass is gaining recognition as an excellent and secure system. See Lifehackers Guide to mastering password with LastPass

You can import from most major password storage vendors (such as RoboForm, 1Password, KeePass, Password Safe, MyPasswordSafe, Sxipper, TurboPasswords, Passpack, Firefox and Internet Explorer’s built-in password manager) and export too

Your sensitive data is encrypted using 256bit AES locally before upload so even LastPass cannot get access to it. Please see https://lastpass.com/technology.php for more details on our Host Proof Hosting methods that make this safer than you thought possible. Note that encrypted passwords are stored on central servers. Passwords are also encrypted and stored locally on your machine

Dashlane. This free password manager is reviewed here by TechGuide

How to Update your Insecure Passwords and make them Easy to use. Another Lifehacker guide

Paid Password Managers Options

Kaspersky Password Manager provides similar function to Roboform, reviewed below.

Agile Bits 1Password

Newsletter Article by Phil (easy logon with password to PC, and RoboForm Password Manager)

(Ed Note: some parts and $ updated since the Newsletter)

See also Phils’ presentation in the Computer SIG on Password Managers.

As promised here are a few ideas that will help you avoid internet attacks or loss of identity when using your Windows based PC or laptop whilst connected to the Internet. I hope you find the article which only covers passwords interesting and thought provoking.

There are three main password essentials:

• Have strong passwords for all users of your PC or laptop

• Change these passwords regularly

• Don’t use the same password for different sites.

Let’s start at the beginning and that is by ensuring that you log in to your computer. Too often, when a user’s access is established, no password is entered and the computer is simply allowed to start up without requiring the user to log in. Often this is done to save time but it exposes the Internet connected computer to potentially dangerous hacker activity as a hacker who gains access to your computer does not need to know any password detail before accessing your personal data. This access can involve all your data and the ability to load software onto your PC with a view to trapping keystrokes to access your personal details which can include your banking details, logins and passwords.

You can set up your Windows based computer to automatically start using a predefined user and a predefined password of your choosing each time it is booted. In Windows 7, do the following (if you are using Windows XP or Windows Vista the commands are similar):

Go into Control Panel ->User Accounts and make sure you have allocated a strong password against your User login. Make a note of the User account name and the password. Exit from the Control Panel.

Select ‘Run’ from the Start Menu after left clicking the ‘Start’ button. [If there is no ‘Run’ option, close down the Start Menu, then right click on the ‘Start’ button and click on ‘Properties’. Then under the ‘Start Menu’ tab click ‘Customise’ and then click on ‘Run Command’. Exit these menu and go back to the Start Menu and ensure the ‘Run’ command appears.]

In the dialog box that opens after clicking ‘Run’ from the Start Menu, enter (without the quote marks) ‘control.exe userpasswords2’ and hit your ‘Enter’ key. You should be presented with a ‘User Accounts’ dialog box. Make sure the ‘Users must enter a user name and password to use this computer’ checkbox is empty. Click on ‘Apply’ and a new dialog box opens requiring you to nominate the user and password to be used for automatic log on. Fill in this information and apply the changes.

Your PC or laptop will now automatically log in to the nominated user using the nominated password whenever it is started up. When you change your password you need to repeat these procedure otherwise your PC will continue automatically attempting to log in using the original password.

The strength of your password is important. I can assure you that the use of any word that appears in a dictionary will be cracked by an experienced hacker in a very short time. Click on: https://www.comparitech.com/privacy-security-tools/password-strength-test/  to check the strength of your chosen password.

Microsoft recommends that a strong password should appear to be a random row of characters. It should be at least 14 characters long. Where possible it should include a combination of uppercase and lowercase letters, numbers, punctuation, and symbols. It should not be a well-known quote. However, you have to be able to recall your password and here you need to be a bit more clever. I use the full title of a personal document that I have which includes dates and upper and lower case. You should consider choosing something similar to this but exclude spaces between words and add a few upper case letters and numbers such as might appear in a date.

Ideally you should change your passwords on a regular basis and this means once a month or so, or more often if you suspect your password may have been compromised.

You should have a different password for every Internet site that requires a password for access as you would be crazy to assume that any site will protect your password detail. There are many recorded instances where passwords have been stolen from banks and similar supposedly ‘safe’ sites. Recently millions of Visa Cards had to be cancelled and re-issues globally due to the theft of personal detail from a US clearing house.

So – always use a different password for every different site you use that requires you to log in and change these regularly particularly where you have bought something on-line and that establishment has details of your credit card or banking details.

Now, how do we keep track of our passwords particularly when we are diligent and regularly change them? Some people open us a Word Document and record these details on their computer. Even if this file is password protected itself, it is not really secure and it is a very ‘user-unfriendly’ way to record such detail.

Here’s a suggestion – use a password control and generation program such as ‘RoboForm’. Get the details and try it at no cost.

If you buy this product it will cost you $US9.95 to $39.95 depending on which version is chosen, but it is well worthwhile as you’ll appreciate after looking at the video and other information on the above site. I have purchased the product and fully recommend it. It does much more than securely store your varied password detail – it provides a secure repository for unlimited personal information such as tax file numbers, bank account details, magazine subscriptions etc, generates unique strong passwords of any length (eg qX4@HioSmj#r$j9W81Pr), automatically logs onto your chosen site, and fills out all the detail requested by on-line sites without you having to remember anything other than one master password which is required each session when you use the facility. It remains active for a time you can specify – eg one minute or two hours. It can also work on a USB stick providing identical functionality that can be used on any PC without leaving any traces (extra cost).

I’m sure there are other similar products – I’ve tried others but none go anywhere near matching the functionality of RoboForm. Sounds like an ad, doesn’t it?

If you have any questions on this article, please call Phil

End of Phil’s Article

If you let your computer go into sleep mode as is often the case and wise, you will find that the auto log feature won’t work and you will be required to enter the PC’s password. However in some units it is possible to define what scenarios cause a PC/laptop to sleep, close down and when a log out occur