Jump to content
ElectroTheDevolian

Just a Lot of Questions

Recommended Posts

I couldn't think of any other good way of talking about this without flooding the forum in a bunch of different topics, so I decided the best option was to put this here.

Due to how many questions actually turned up in the end, I have decided to organize them so they're easier to answer. Feel free to use said organization. (Ex: A1 or A-1)

So obviously I've been on the forums a lot lately, and the reason why is that I've kind of been having an episode when it comes to the security of me and the family. They think I'm crazy for wanting to be so safe, but knowing what's been going on these past few years I don't really want to take any chances. It's been really hard for me to figure out what's safe and what's not when it comes to security and safety. I know there's plenty of sites involving these questions, but most of them tend to trigger Web Protection, stray off topic, or describe them in weird ways that may be unsafe. I'd really like answers to as many of these as possible, as it'll help me calm down more. Though I can understand if answering too many can be excessive. Hopefully all of these are really good questions to be asking, and maybe I ask some that have never really been thought about before.

[A] Involving Windows and PCs:

  1. Should I be disabling things that I don't need / wish I didn't have that could be invading privacy, such as the Windows Store and Cortana?
  2. Should I have a Microsoft Account enabled and synced on Windows?
  3. Is it a bad idea to have the sync on when it comes to said account?
  4. Besides antivirus, disk cleanup, uninstalling unused software, etc., what's the best way to keep the PC clean and protected?
  5. Is it bad to have old data on the PC from things like old games and software? What's the best way to remove it?
  6. Which is the safest solution to keeping a computer secure locally: PIN, Password, or Picture Password?
  7. When it comes to PCs in general, is it safer to build it or to buy it pre-built to avoid bloatware, built-in adware, etc.?
  8. Is Bluetooth safe to use on PC?
  9. Using Bluetooth with headphones / headset, is it possible for trojans / spyware to intercept what I'm listening to / who I'm talking to?

Involving Mobile Devices:

  1. Due to mobile devices being less restrictive when it comes to on-the-go apps, data, etc., what's the best way to keep the device secure from malware, spyware, etc. besides Malwarebytes?
I do not feel comfortable with the mobile device's camera. Should I cover it? A device is a few years old it feels like it's slowing down and it's missing things like SMS and calls over a certain time, also certain notifications. Should I be worried that there's a security flaw? What's a good way of cleaning a mobile device that doesn't involve a factory set, as to not lose all the data? A family member has a lot of apps downloaded on their device, and seems to have an excessive amount of tabs open on said device. Though, when I scan it with Malwarebytes (Free) and Sophos, nothing shows up. Is there still a chance that malware and such is heavily embedded into the device? Is there a way to block ads in-app like you can in a browser with something like uBlock? Knowing it being a recent issue, Is there a good way of preventing interceptions with things like SMS and calls? Besides Location (only turn on when I need to), what other settings should I keep off to keep me incognito from other apps and services? Is it better to buy mobile devices from stores or from the official site? I'm hearing notifications go off even though there isn't any when I open the screen. It is a known issue on some devices, however I've never had something like this happen with mine. Am I just going crazy? Either from store providers or mobile companies, how do you fully remove bloatware from your phone? What's the safest solution to keeping a mobile device secure on the lock screen: Knock Code, Pattern, Pin, Password, Fingerprint Scanner, or Picture Password?

[C] Involving Consoles, Smart Devices, Cable Boxes, etc.:

  1. The Xbox One is a Windows-built console, and the PS4 tends to be very social. Obviously there's a possibility they can get malware and such, but whats a good way to remove said malware if the device is infected? Malwarebytes for Xbox One / PS4 when?
Xbox in general is a well known domain when it comes to hacking and hijacking, especially when it comes to Xbox (Microsoft) accounts. What's a good way to keep away from most hacks and hijacks, and what's the best way to keep a Microsoft account secure from hijacks on Xbox? Ads are extremely excessive and invasive when it comes to the Xbox One. Is there any way to block them without doing anything shady? Is Bluetooth safe to use in public areas? Using Bluetooth with headphones / headset, is it possible for malicious passerby's to intercept what I'm listening to / who I'm talking to? Due to recent events, how can you secure Smart TV's, Home Devices (Fire Stick, Chromecast, etc.), Printers, etc. from exploits via ports / connections? Is it better to keep Smart TVs disconnected at all times? What's the safest solution when it comes to using apps and services on other devices: Consoles, Home Devices, or Smart TVs? Is there any way to block the sometimes excessive ads on Smart TVs and Hubs? Some people are prone to leaving these devices on overnight or for extended periods of time, myself included. Is this a bad thing to do security-wise?

[D] Involving Accounts and Account Protection:

  1. What's the safest solution when it comes to remembering passwords: Writing them down, a password manager, or a password encryption service (Where they make new passwords constantly, and supposedly only you have access)?
Certain sites like to opt in to use apps or services without consent and cause security risks, even if they are legitimate. How to I opt out / remove said apps or services?

[E] Involving 2FA:

  1. What's the safest solution when it comes to an authenticator: Microsoft, Google, or Authy?
Although I have an authenticator on, there's still an option for me to use SMS to login. Since SMS can be intercepted, can this be a security issue? Is it safer to have an authenticator on PC or a mobile device?

[F] Involving Web Browsing:

  1. I want to stay anonymous on the web for the most part. Is there extensions to do so besides uBlock?
I wish to avoid accidental typos in the search engine, but it doesn't seem to automatically do it anymore. What should I do to avoid this? Is it possible for a browser stealer to steal cookies and use them for malicious intent (account hijacking, spoofing, etc.)? How do I know which news is legitimate and which ones are exaggerated / hidden ads?

[G] Involving Email:

  1. Is it safer to use email on a browser or in an app?
Is it still possible to get viruses and malware just by opening an email? Can opening emails on a mobile device in-app give me a virus or malware? How do I keep excessive spam from being sent to an email? Is it better to have a clean inbox, or have dated mail in case of certain situations?

[H] Involving IP, DNS, Router security and safety, etc.:

  1. Although I have all settings on, I only see specifics in the log that may be hiding reasons why things are acting suspicious. What can I do or use to see the full traffic on the router?
What is the difference between a Proxy and a VPN? Please be descriptive. Is it a good idea to have a Proxy / VPN on 24/7? Is it a good idea to have a Proxy / VPN on the router? What's the ideal way of keeping out exploits and such as to not have hijacks happen besides updating firmware, disabling UPnP, Remote Access, and updating the password? I am seeing strange sites being allowed to certain devices in the logs that doesn't match up to the usual or secured traffic. Does this mean the router could be infected, or just a specific device(s)? The router may be infected and I wish to factory reset, but the only computer is clear across the house and moving it could risk damage. What do I do? I wish to have an Ethernet connection but I am across the house and I am unable to do any modifications to said house. What is the best option? Is an Ethernet connection always safer than a WiFi connection? Is it possible to have 2 separate connections (Not the same network, SSID, etc.) on 2 different routers and modems on the same line? Is it possible for one router to get infected from another router, even though they're on 2 different modems? Which is safer: Cable internet or Satellite internet? Is it safer to use the ISP provided DNS, or an open DNS?

Involving Financial Security and Safety:

  1. Is it a bad idea to have sites remember payment information, even if it involves subscriptions?
What's the best way to avoid skimmers and possible walk-by's with readers?

[J] Involving Data and Backup:

  1. What is the best device to use when it comes to external backup of data?
Is OneDrive a good idea when it comes to storing personal data such as images and documents? Is there any way to backup data on mobile devices that doesn't involve syncing? Is it a bad idea to have Google backup a mobile device's data, such as settings, sensitive data, etc? Is there a way to encrypt data fully when it comes to backups to where only I can decrypt it?

[K] Involving General:

  1. Is it bad to be so worried about security all the time, even if I want to keep everyone safe?
Is it bad to be so paranoid, even when nothing is wrong security-wise? Is it bad to check things like Security News and such daily if it only fuels my dilemma? Involving the above questions. If so, should I think about taking classes for things like this, that way I feel safer knowing what's wrong and being able to help? It's obvious that the family doesn't seem to care much about safety and security, and may be a reason why I'm asking all these questions in the first place. Should I have a meeting with them to talk about things like this so they fully understand, and so they stop pulling my hair out?

[L] Just Some Ideas Y/N:

  1. Buildable phones. It'd be way cheaper, and you'd know what you'd have in your phone already. Y/N?
Multiple-Factor Authentication (MFA), specifically 3 or more, being more common. That way if they manage to get through one authentication via brute force, they still need to get through more. Not only this, but if an authenticator was first and they manage to brute force it, but they can't get past the second one in a specific amount of time, it'd require them to reenter a new authentication again which they obviously don't have. It could also work great with passkeys and fingerprint scans. Granted, it'd take more time out of your day.  Y/N? Automatically changing recovery codes. Some sites automatically disable attempts after a certain amount of tries, but there's still that what-if chance of brute force. Not quite sure how you could send them to the account holder though without potentially being exposed, however... Y/N? 2FA / MFA for payment sources online. Kind of hard to explain, but imagine if every purchase from an unknown IP or location was forced to use a specific authentication before you could purchase something, and not just your average 2FA from the site itself. I feel like it'd help out a lot when it comes to possible leaks and such, as along with this it could notify you when your card or account was used in an unknown location or IP before any damage happens. That way, you can have your card our account info changed or frozen if needed. I was also going to talk about doing this physically, but it seems like banks are slowly starting to roll out the feature on ATMs (finally). Y/N

Again, sorry for having so many questions. It's just that I want to be safe and secure in the end.

Share this post


Link to post
Share on other sites
Posted (edited)

My G-d !  LOL

[A]

Should I be disabling things that I don't need / wish I didn't have that could be invading privacy, such as the Windows Store and Cortana?

Yes

Should I have a Microsoft Account enabled and synced on Windows?

No

Is it a bad idea to have the sync on when it comes to said account?

If you are worried about privacy - Yes.

Besides antivirus, disk cleanup, uninstalling unused software, etc., what's the best way to keep the PC clean and protected?

Practice Safe Hex and make sure ALL software is updated and properly maintained.

Is it bad to have old data on the PC from things like old games and software? What's the best way to remove it?

No

Which is the safest solution to keeping a computer secure locally: PIN, Password, or Picture Password?

Strong Password

When it comes to PCs in general, is it safer to build it or to buy it pre-built to avoid bloatware, built-in adware, etc.?

If you have the knowledge and ability, build it yourself.

Is Bluetooth safe to use on PC?

Yes.  Just disable its presence so it is not "discoverable".  Note the max. distance of BlueTooth is 30'.

Using Bluetooth with headphones / headset, is it possible for trojans / spyware to intercept what I'm listening to / who I'm talking to?

No

[G]

Email Client, not Webmail and use a Strong Password.

For the most part, just opening an email does not infect ones computer.  That would take Exploit code to be embedded in the email.  While possible, not too much and its possibility is greatly lessened by the use of an Email Client and keeping the PC software up-to-date.

[H]

a.  SOHO Router advice

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES  encryption
  • Disable Remote Management
  • Is the Router Firmware up-to-date ?
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139 and 445


b. 

Proxy - A system that sits on two networks.  When you use that proxy, the network data that flows through a specified TCP  Port(s) will be routed through one side of that device network and come out the other side of the Proxy's network.  Thus the traffic through that TCP Port or TCP Ports will appear to come from the secondary side of that Proxy and will appear to be from that Proxy.

VPN - Is an encrypted tunnel where all the traffic from your PC  ( or in the case of a VPN Router, the Router's traffic ) will travel though that tunnel and will Exit through a different network.

c.  Wired Ethernet will always be safer than Radio traffic which in essence, Wifi is.

[J]

Use an external Hard Disk.  Then YOU have control over YOUR data.  Do NOT store YOUR DATA online for reasons of; security, availability, access, speed of access, etc

[K]

Paranoia is just another word for heightened sense of Situational Awareness.  One should have a "healthy" level of paranoia.  You should not be "worried", per se, but you should understand what technology brings to the table as well as its benefits and detriments.  The more you understand the better you are able to protect yourself.  If you are not sure, don't use it.  Always - ask questions !


Each one of these topics should have been its own topic. 

There is so much here that one can't write a monologue on each subject matter.  Each subject matter should be expressed singularly and discussed at-length.  Then when that topic has basically run its course, start a new thread for the new subject matter and discussing it at-length until it too has run its course.  Thus compartmentalizing each subject matter and allowing for all the information to be readily soaked-in ( digested ). 

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

@David H. Lipman I understand that this may have been too much to put in one topic, and I'll try my best to seperate everything next time.

However, I am having a bit of confusion when it comes to following specific answers:

[A] When you disable or remove certain Windows apps and services, they tend to come back in the newest update. What's a good way to prevent this from happening?
What is safe hex?

[G] What is a good email client to use? Also what settings should I be using to prevent security issues?

[H] I'm getting mixed messages on this one online. When it comes to ICMP pings, what do I disable to do so? Is it only possible to do on a device, or is there also ways to do it on a router?
When blocking ports, should I filter the service for all IPs? Also, what are these ports for, and what are the disadvantages of having them blocked?

 

 

Share this post


Link to post
Share on other sites
Posted (edited)

[A] It all depends of what the Application [ app ] is.  There may be settings to Enable/Disable functionality or actual removal.

Safe Hex - Is a terminology coined many years ago that loosely defines one's actions, interactions and non-actions in relationship to one's safe use of a computer.  It is a play on words summoning up the thoughts of "safe Sex" and how the practice mitigates unwanted pregnancies and STDs.  In this case "Hex" which is a shortened form of the terminology "hexadecimal" which is a Base16 numbering system associated with computing. Its all about actions and non-actions for safe computing, for example

  • Not clicking on every link that comes in front of you.
  • Deleting spam
  • Using Critical Thought and questioning everything that is put in front of you;
  • Corroborating provided information and using authoritative sources

Some may be combined.  Inaction and acceptance leads to complacency and threat exposure.

Reference:
https://www.techsupportalert.com/safe-hex-safe-computing-practices.htm

[G] Examples are Microsoft Outlook, and Mozilla Thunderbird.  I personally use Pegasus Mail.  The Email provider will tell you what settings to use that involve specific TCP Port numbers and the enabling of SSL/TLS linked with a  Strong Password.

[H] These settings vary amongst all the models of Routers and Modem+Routers and even within a given Brand such as;  ActionTec, Motorola/ARRIS, D-Link, CISCO, etc. This is done on the Router. 

Yes, blocking TCP/IP ports on the Router is done for ALL IP addresses.  The range I provided is for SMB and NetBIOS over IP as there is  NO reason why there should be LAN exposure of these protocols to the Internet.

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

[A] Some (if not most) Windows apps seem to be hardwired into the system, such as Cortana and the Windows Store. Some used to be possible to disable, but a lot of them force you to have them on, and sometimes even revert settings in new updates (I've caught app recommendations turning back on after an update numerous times). Would it be a good idea to disable them via regedit or CMD?

Share this post


Link to post
Share on other sites
8 hours ago, ElectroTheDevolian said:

[A] Some (if not most) Windows apps seem to be hardwired into the system, such as Cortana and the Windows Store. Some used to be possible to disable, but a lot of them force you to have them on, and sometimes even revert settings in new updates (I've caught app recommendations turning back on after an update numerous times). Would it be a good idea to disable them via regedit or CMD?

Also have to bring this one up again since it's affecting me pretty hard:

[K] Sadly it's not a healthy amount of paranoia, as it has been affecting my health in pretty negative ways like restlessness. It does slightly affect my thinking when it comes to safe hex. What I do not know I want to learn, as it will help me calm down. Where should I go to learn about safety, security, and possible malware / virus research? That way, I know what I am doing.

@David H. Lipman

Share this post


Link to post
Share on other sites
Posted (edited)

[A] Not much you can do there.  Microsoft is too overbearing and their hubris causes problems for their customers that use the MS OS'.  I recently had created a REG file to negate the Windows Edge preview.  I applied it to someone's PC who doesn't like it and weeks later, it was undone by a MS Update.  It will mean I will have to create a StartUp script to load the REG file each time the user Logs into their profile.

[K] Put down the Smart Phone.  Think about replacing it with a simple Cell Phone or not use one at all.

You need to find and read articles from reputable and authoritative sources on computer Best Practices for safety.  Ask questions here ( just not super compounded multi-subject ones ).  Join Bleeping Computers and ask there as well and read informative articles.  I also suggest not using the devices you have just to use them.  Instead of using a XBox, go for a Bike Ride or go Fishing, Jogging, Skateboarding or some other outdoor activity where you commune with nature and/or physically commune with other people ( face-to-face ) .  When you use the Device, do it with purpose and need.  Not for Social Networking.  They are not real.  You want to talk to a person.  See their face.  Read the facial expressions and see their hand gesticulations and body language.  It is part of the Human Psyche which is not there in the virtual world and can not be simulated.  So when you use your PC, do it to create and manage a budget spreadsheet or write a poem or communique.  Do it with real purpose.  Performing Research is purpose.

It is now proven that technology has been deliberately created to control the user to use the technology more than needed.  The end user is no longer a customer or client, they are now a commodity.  This creates the anxiety that you are experiencing and it is for that you have to conscientiously separate from them.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites
Posted (edited)

One good resource for learning about modern threats and attack methods as well as new vulnerabilities and security risks is the Malwarebytes Blog, just remember that not everything they talk about there (and this goes for other security/news sites as well) is relevant to home PC/device users as some of the topics that come up from time to time deal with threats that only target specific companies, organizations and government entities (such as APTs and the like).  One must realize that a hacker or criminal organization orchestrating an attack would not go to the trouble and risk to infiltrate a home user's system that has nothing of great value on it.  In other words, no one is going to break out their latest 0-day exploit kit and one-off attack code to try and get your Steam account password or credit card details because the ROI isn't there.  That's why home users have to worry more about things like scams (tech support scams, fake 'prizes' where they want to get your info and things like that) and run of the mill malware and exploits hosted on the web (malvertisements, tech support scam sites, Trojanized cracks/warez).

Another good resource is WildersSecurity.com.  They have a large community and cover a lot of different subjects, including tons of different types of security software and tools as well as discussing threats etc.

Regarding what David H. Lipman says above, I have to agree.  This is why I'm still running Windows 7 on my own system and plan to never 'upgrade' to Windows 10 and plan to put 7 on any new system I might acquire in the future.  I also don't use a smart phone.  I have an old flip phone that I use to make calls and the occasional text and it never goes online/on the web.  I don't use social media unless you count these forums and the occasional comment on YouTube (no Facebook, Twitter, Instagram etc.) and I do a lot of things to protect my privacy including blocking advertising, tracking and social networking sites from connecting to my system/browsers via my HOSTS file along with Malwarebytes, the Malwarebytes browser extension beta, Adblock Plus and Ghostery.  I also disable, modify and outright break/cripple system components and capabilities that I do not use, including the webcam in my laptop (which is painted over at this point so that it is physically disabled along with being disabled in the Device Manager), any extra network protocols besides IPV4 for connecting to the internet on my network connections (no file/printer sharing, no remote access etc.; all that stuff is turned off and/or disabled), and since I don't use them, things like tablet PC services, remote desktop/remote management and other 'features' in Windows that I don't use are all turned off/disabled or removed (where possible).

My approach is a bit excessive and it's not just for the sake of privacy, it's also for performance (fewer services/processes running in the background/running at system startup etc.).  Unfortunately Microsoft has figured out that users like myself do these things, and since they want to keep that telemetry data flowing (since, as David mentioned, you are the commodity; why else would Microsoft have offered Windows 10 for free to everyone who had 7/8/8.1?; they've always charged hundreds of dollars for their operating systems, but suddenly their latest and greatest and supposedly "last version of Windows ever" is free?  I don't think so...it costs something, and it's very expensive, it's just not measured in dollar amounts), they've made using the HOSTS file, as well as keeping many of these unnecessary items disabled impossible, either through changes in the OS or, as David mentioned, through updates that reset things back to their defaults.  They also wish to follow current trends, which is why their operating systems now cater more to mobile devices/tablets and smart phones than traditional laptops and desktop PCs because they see the success of Apple/the iPhone and Google/Android devices and want a piece of that pie.  Thankfully, due in large part to the fact that the current generation of gaming consoles has gotten quite long in the tooth with no new hardware expected until at least 2020, more gamers are returning to/getting into PC gaming, so the desktop PC enthusiast scene is helping to keep traditional PCs alive, which is one of the key reasons Microsoft hasn't been able to kill off traditional desktop/laptop PCs in the past few years even though everyone, including them, was predicting that the smart phone and tablet would have replaced them almost completely by now (with the exception of some business use cases, of course).

Edited by exile360

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.