I would recommend that you buy and install real-time security software, to protect continuously from viruses, malware, spyware and other online threats, etc. I would recommend Norton Security, as it utilizes one of the largest global civilian intelligence networks to spot threats faster and it is the number 1 ranked consumer security software for overall protection and performance. You can purchase protection for up to 10 devices, it has anti-virus, anti-malware and anti-spyware, multiple layers of protection, an intelligent smart firewall, auto protect and intrusion prevention. Also, it has SONAR protection which protects you against malicious code, even before virus definitions are available through LiveUpdate, so that means it proactively detects unknown security risks on your computer. Additionally, it has SafeWeb which shields you from bad websites which includes malware, phishing & scam websites, etc. Finally, it has Safe Surfing, Norton Tamper Protection, browser protection, download intelligence, Norton Power Eraser and it blocks ransomware, etc.

It is also available on mobile devices which can be used with your Norton Security product license key. The app is called Norton Mobile Security and Antivirus and it is the most advanced mobile security for Android in the world. It has anti-virus, anti-malware, which now includes protection against trojans and ransomware and Norton Safe Search. Also, it has App Advisor powered by Norton Mobile Insight, which automatically checks apps on the Google Play Store before you download them for potential privacy risks, unusual/intrusive behaviour, high battery and data usage, etc. Finally, it has Norton SafeWeb filtering protection to shield you from fraudulent websites that are designed to steal your personal information and money, the ability to block unwanted calls and text messages, contacts backup, privacy report and Link Guard, the LinkGuard feature and its name has now been removed from the user interface, but you will now get the same link protection benefit from the Web Protection feature, etc. LinkGuard well now the Web Protection feature scans any link you go on via emails and text messages to make sure it is safe, if it's not safe then it will be automatically blocked. Surveilance app protection has been added to the anti-malware feature to help protect your pricacy and security by letting you know if an app is sharing your device's location, contacts, photos or messages without your authorisation. Here is a page on Norton's website to download the Norton Mobile Security and Antivirus app, if the Norton Mobile Security and Antivirus app is missing from the Google Play Store.

I would recommend that you install free, non real-time security software, to perform extra scans, to block bad websites and even more with things like immunisation, prevention and protection, which can protect your computers and browser programs against things like spyware, malware, adware, browser hijackers and dialers, etc. You can't have two real-time security programs running at the same time as they will interfere with each other. So I would recommend Malwarebytes free it does come with a free pro trial included, but don't say yes to that because if you do it will become a real-time security program. I would also recommend Spybot - Search & Destroy, SpywareBlaster and Norton Power Eraser. NPE (Norton Power Eraser) is included with Norton Security, but you can download it as a standalone program as well. This means you can install all these non real-time security programs for free and they will not interfere with each other, as you will only have one real-time security program running.

The one exception being NoVirusThanks OSArmour, it's a real-time security program, but it doesn't interfere with your other real-time security program, because it just adds an additional layer of defense. This is wording from the manufacturer's website "Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. This tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via vssadmin.exe, it blocks processes with double file extensions (i.e invoice.pdf.exe), it blocks USB-spreading malware, and much more. It is lightweight, zero-configuration and runs in the background protecting your system.", and so is this "This smart security application focuses on preventing a malware infection by applying smart and intelligent rules that block bad processes behaviors. This tool can block threats not detected by your installed security solution. Add to your system an additional layer of defense to prevent infections by malware and ransomware! You don't have to configure anything, just install it and forget about it. We have already added more than 60 smart policies to improve your system security with this security application.". It blocks processes from running that are not meant to be run, it blocks remote scripts from running, it monitors and protects a wide range of programs and apps including MS Office apps, it blocks USB malaware from running, it blocks processes that have command line strings commonly related to malware, it blocks execution of processes with .COM or .PIF, which are obsolete file extensions, it protect shadow copies of files from being deleted, it's very lightweight only using a few MBs of memory, etc.

Norton Power Eraser uses aggressive methods to detect threats, and there's a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files. Also, you should carefully review any security program's scan results page before removing files, as there can be false positives, as for an example a legitimate program can use rootkit methods to hide its data from the user or a legitimate program / app can not have its admin username that is listed as the owner of a file or folder in the access control list (ACL), etc.

I would also recommend that you install Norton Halt exploit defender app on Android for free, as it is a first responder app designed to warn you about and scan for the latest security vulnerabilities and exploits that threaten your device and personal information. This includes the Krack, Bluebourne, Spectre and Magellan security vulnerabilities, etc. As these security vulnerabilities and exploits allow attackers to bypass system permissions, inject malicious code and install unauthorized apps, etc.

I would recommend that you set your DNS to CleanBrowsing DNS for free, as it will protect your computers and devices from bad websites, including malware, phishing & scam websites, etc. As it checks every website before you go on it to make sure it is safe and if it is not safe then it will be automatically blocked. They do not log any of your data, they are fast and they score very high on tests. Also, they can block adult sites, explicit, other unsafe content and mixed adult content, etc. Additionally, they can enforce Safe Mode on Google, Bing and YouTube and they can block proxy and VPN domains that are used to bypass the filters, etc. Finally, all these additional filter options you can choose whether to use them or not, but all the filter options include protection for malware, phishing and scam websites, etc. This it to keep you safe with this first layer of protection for your network.

I would also recommend that you install AdGuard for free on Android, as it creates a local VPN (virtual private network) connection to itself and Adguard's servers can not see your data, AdGuard blocks ads, tracking, annoyances and spyware websites, etc. Also, it can connect you to your DNS encrypted via HTTPS and via DNSSEC which validates that the DNS server is who they say they are as well, if your DNS supports it, which prevents spoofing attacks (an attacker redirecting you to a different website without your knowledge, instead of sending you to the website that you requested, by pretending to be the DNS server(s) that you use), man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested and pretending to be the DNS server(s) that you use) and encrypted DNS makes it harder for your ISP to know what websites you have been visiting.

When visiting HTTPS websites your ISP can only see what website you are on not what page you are on, but with an encrypted DNS your ISP can only see what IP address you have been sent to, and as multiple websites can be hosted by a single IP address that's why it makes it much harder for your ISP to know what websites you have been visiting. If you are not visiting HTTPS websites, then your ISP can see what page you are on as well as all the data being transmitted to and from the websites even with your DNS encrypted, and with SNI (Server Name Injection) your ISP can still tell what websites you have been visiting, but encryption for that is now possible due to TLS 1.3, so SNI will soon be encrypted as well. Sometimes blocking solutions can block legitamate useful things like for an example cookie banners, that inform you of what cookies are, that inform you of what cookies are used by a website, that let you choose what cookies are used and so things that use those cookies are allowed to run if you choose to allow those cookies. For Android, other operating systems and other computers and devices, there are other free blocking solutions for ads, tracking, annoyances, malware and spyware websites, etc. Finally, for Android, other operating systems and other computers and devices, there are other free solutions for encrypted DNS and for encrypted VPN.

Once the security programs are installed and set-up remember to keep them up-to-date. Also, remember to keep your browsers and other programs up-to-date as well. Because doing all this will mean your security in those programs is up-to-date.

If not done automatically I would recommend that you always check for and install important Windows updates. Also, it is a good idea if supported to check and choose which optional windows updates to install, this is so you can get the latest Windows security patches and updates. Like for an example the Windows security patch to block WannaCry ransomware and the Windows security patch to protect against the Meltdown CPU flaw. Additionally, to resolve general Windows issues and bugs, and to access new Windows and software features if supported.

Always remember before doing any update that it's best to check the reviews and / or comments for the update in question.

I would also recommend that you upgrade to the latest version of Windows 10, as Windows 7 SP1 in 2020 will soon be unsupported. As mainstream support has already ended and only extended support is now active until 2020. That means it will only receive Windows security patches & security updates until 2020. So there will be no new features added to Windows 7 SP1. Also, because Windows 10 is faster, as it has a faster boot time, faster USB 3.0 speeds, it is more stable, it is more secure, it has new features with more new features to come and Windows 10 will be supported for more years, etc. You can fully stop Microsoft and other companies from collecting your data by disabling telemetry and data collection, so just search Google for Windows 10 disable telemetry and data collection or search Google for (the company in question) disable telemetry and data collection. And you can enable random hardware addresses by going to settings, then to Network & Internet, then to WiFi and by enabling the option, this is to make it harder for people to track your location when you connect to different WiFi networks and and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy, this setting applies to new connections. I would also recommend that you go to settings, then to privacy and that you disable all the settings that are a privacy risk and that could be used to track you in Windows 10. Additionally, you can make Windows Update become manual again by turning on the setting in Windows 10 called metered connection for WiFi or Ethernet connections. You can prevent specific windows updates from being installed using the Microsoft "Show or hide updates" troubleshooter package, which can be downloaded direct from Microsoft. All this can be done even in Windows 10 Home Edition and you can perminently disable the Windows update service in services.msc to disable all Windows updates, if disabled I would recommend that you enable the Windows update service again when the bad Windows updates have been corrected by new Windows updates. Finally, you can now defer major feature Windows updates for up to 365 days and you can now defer quality Windows updates for up to 30 days.

Always remember to scan archive files before you open and / or extract them, e.g. RAR and ZIP files, etc. This is because they could contain viruses, malware or spyware, etc. Also, only download from websites that you trust, especially when you are directly downloading EXE (executable files), as they could contain viruses, malware or spyware, etc. Finally, if you are downloading and installing apps remember to scan them, to check what permissions they require, to check if they are sharing your personal data anywhere and to check for any unusual/intrusive behaviour, etc. You can do all these things even before you download an app with the App Advisor for Google Play Store feature in Norton Security and Antivirus, or if you are downloading apps (APK) files directly you can view the apps permissions before you install, you can scan the apps before you install and if you are using Norton Security and Antivirus it can scan the apps after you install them as well.

Always remember when installing programs to select a custom install vs selecting an automated install, this is so you can de-select any optional extras that you don't want and / or need to be installed, as these could be Adware and / or just things that you don't want and / or need to be installed, etc.

The bad news is there are CPU security flaws that have been identified on virtually everyone's CPU's that have been manufactured in the last 20 years, they are called Meltdown and Spectre which have many different variants. This is for Intel, AMD and ARM CPU's, etc. Spectre essentially gets programs and / or your systems to perform unnecessary operations - this leaks data that should stay confidential, where as Meltdown also grabs information - but essentially it simply snoops on memory used by programs and / or your systems in a way that would not normally be possible. The good news is you can protect against the Meltdown and Spectre CPU security flaws, and you can do this by updating and keeping up-to-date your browsers, GPU drivers, system monitoring/management programs, Google programs and apps, etc. All to receive security update patches. But most importantly by updating your operating system and your BIOS / CPU microcode frmware, to receive security update patches as well.

Microsoft have already released a Meltdown security update patch for Windows operating systems, it protects Intel CPU's only, as AMD CPU's are immune to this CPU security flaw. The Microsoft security update patch will only install if your real-time security software is up-to-date, and if it has been patched to work with the Microsoft Meltdown security update patch. All the major Linux operating system distributions already have Meltdown security update patches, and they protect Intel and ARM CPU's. Nvidia have already released a Spectre security update patch for their GPU drivers. Google have already released a Meltdown/Spectre security update patch for Android and ChromeOS, it protects Intel and ARM CPU's. But for Android (which is mostly just affected by Spectre) it will be up to each manufacturer to distribute these security update patches. Apple have already released a Meltdown/Spectre security update patch for iOS, macOS, tvOS, macOS Sierra, OS X El Capitan and macOS High Sierra, it protects Intel and ARM CPU's of Apple's. Intel have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it and it can be downloaded from Intel directly for Linux as well. Also each manufacturer should distribute these security update patches as well. AMD have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it. Also each manufacturer should distribute these security update patches as well. Firefox have already released a Meltdown/Spectre security update patch for their browser. Microsoft have already released a Meltdown/Spectre security update patch for their Microsoft Edge and Internet Explorer browsers. Google have released a Meltdown/Spectre security update patch for their Chrome browser. Finally, Apple have also already released a Meltdown/Spectre security update patch for their Safari browser. And the list goes on.

Make sure your Security is up-to-date, don't click/tap on suspicious links, don't go on suspicious websites, don't download suspicious programs / apps, only download from credible sources and always scan files before extracting and / or installing them. As if you have a secure system then nothing can use the Spectre and Meltdown CPU security flaws before you have fully patched them, because they require malicious code to be running on your system for these CPU security flaws to be acted upon. Also, if your programs are up-to-date and if they have security update patches they will protect against these CPU security flaws even more, as there will be even less of a chance they can be acted upon by malicious code before you have fully patched them. But always remember to apply security update patches as soon as they are released.

Always check before entering personal information into a website that it is HTTPS secured, which means between you and the website's servers communication is encrypted and it is only readable by you and the website's servers. Also it means you are protected against man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested), etc.

On Android starting from Android 8 onwards you can enable randomised MAC addresses by going to settings, then to connections, then to Wi-Fi and by enabling this option when you connect to a new WiFi network or by enabling this option in the settings of an already connected WiFi network. You can enable a setting in the developer options to cause this setting to be the default choice when connecting to new WiFi networks even using Android 9. Even better news is that starting from Android 10 this option has been made the default choice when connecting to new WiFi networks. This setting is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy.

You can test your browsers to see if they checking for revoked HTTPS certificates on websites using GRC's HTTPS Certificate Revocation Awareness Test. If they are, that means if a website revokes it's HTTPS certificate you will not be able to access a website that uses that HTTPS certificate. This is so a website can not trick you into thinking that it's the website listed on the HTTPS certificate, but If your browsers don't check for revoked HTTPS certificates on websites, that means if a website revokes it's HTTPS certificate you will be able to access a website that uses that HTTPS certificate, so a website could trick you into thinking that it's the website listed on the HTTPS certificate when it's not. A website could have been made to look like the website listed on the HTTPS certificate. They would have had to have compromised the HTTPS certificate itself to gain access to it, that's why the website listed on the HTTPS certificate would have revoked it to prevent it from being used by anyone else.

You can obtain Perfect Passwords using GRC's Ultra High Security Password Generator, they are 63-64 characters long and each one is completely random with a GRC guarantee that no similar passwords will ever be produced again. Their page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection. Also, their page is custom generated each time just for you so it will not be cached by the GRC website servers or be visible to anyone else. So the password it generates is private. The passwords use a massive 512 bits of security, so they are perfect for a wireless security password, etc. Finally, if you don't like entering the long password into each device manually, just use WPS Push Button connect or a device's WPS client randomly-generated security personal identification number (PIN) that you enter into your router, both ways can be used to connect your devices to your router and they save time if your router supports it. The other way would be to just copy and paste the long router password into your device if your device supports it.

You can use GRC's Interactive Brute Force Password Calculator to check and see how long it would take to find your password if an attacker had to try every possible combination, as if you don't use passwords with dictionary words in them an attacker has to find your password using brute force by trying every possible combination. Also, the passwords you enter are only locally temporarily stored in your browser, they never leave your browser and that means the GRC website servers do not know the passwords you enter, so your passwords are still private. Additionally, choose strong passwords that are different for each online account, especially for your email accounts, as this will limit the impact if one password gets compromised. Use a combination of numbers, symbols, and upper and lower case letters, make sure your new passwords are a minimum of 10 characters, create different passwords for every login for better security and avoid storing passwords in your browser to help avoid password leaks. Finally, by creating different strong passwords for each online account, you will help to maintain your privacy and prevent attackers from hacking your online accounts.

If you are in a data breach and you have to change your passwords, by only using one password for each online account it will definitely limit the impact if one of your passwords is leaked to the public and by using randomly generated passwords that are stored in an encrypted password manager's vault, it's so easy to just generate a new randomly generated password with an encrypted password manager. Also, you can check if you have been in a data breach by visiting Have I Been Pwned.

Enable two-factor authentication in all your accounts that support it, this will add an extra layer of security to your accounts, so when you want to sign in it will ask you to enter your password and it will also send you a temporary code each time to either your email address or to your phone number via a call or a text, which it will ask you to enter in as well. Also, this will protect your accounts if your passwords get leaked in a data breach and this will give you time to change your passwords.

You can use GRC's DNS (Domain Name Server) Spoofability Test to check the spoofability protection of the DNS server(s) you use. As when you visit a website the DNS provider you use has already worked to get you to that website. This is because they have located and identified that website by using that website's domain name to match it to its IP adress. Because it's a lot easier to remember a website's domain name instead of its IP address. Spoofability is where an attacker redirects you to a false website even when you have typed in the correct domain name of that website. So that is why spoofability protection is so important, as it prevents an attacker from being able to redirect you to a false website without your knowledge.

I would recommend that you disable your router's built-in static WPS PIN, as it is short and can easily be found by an attacker. You can do this in your router's advanced wireless settings, if your router supports it. Also, you will still be able to use WPS because your router still allows WPS Push Button Connect and it still allows the randomly-generated WPS PIN of your device to be entered into your router, if your router supports it.

I would recommend that you disable uPnP in your router / modem and devices, as uPnP basically automatically port forwards ports in your router / modems firewall, this in itself is a bad idea, as it may decide to port forward a bunch of ports leaving your network open and vulnerable to an attack. But it's even worse than that, as there is so many vulnerabilities in uPnP itself, which can allow attackers to actually tell uPnP to port forward say all of your router / modems ports leaving you network totally open and totally vulnerable to the internet and to attackers and uPnP will obey as it has no authentication, so any device inside of your network can just ask uPnP to port forward any port. The better way to port forward is to just do it manually yourself, then you know exactly what ports have been forwarded, as devices could ask for way too many ports to be opened than is actually needed.

I would also recommend that you uninstall Java if it's not needed or if you want it left installed that you choose for it to ask first to allow activation, so you only choose to activate it in your browser if you actually trust the website that is asking for your permission to activate Java, as Java has lots of security vulnerabilities in it and I do not think a lot of website's are using Java much now anyway.

I would recommend that you uninstall Adobe Flash Player / block sites from running Adobe Flash Player or until support is ceased that you choose for Adobe Flash Player to ask first to allow activation, so you only choose to activate it in your browser if you actually trust the website that is asking for your permission to activate Adobe Flash Player, as it has lots of security vulnerabilities in it. As Google Chrome will cease to be supported in Google Chrome from 2020 and Adobe Flash Player are also ceasing support for it in 2020. It already has lots of security vulnerabilities in it, but these security vulnerabilities and others found in it's final release will probably never get patched, so it's just a bad idea to keep it installed or to keep using it, seeing as many websites have now moved away from Adobe Flash Player in favour of HTML5. YouTube has moved to HTML5 with their YouTube videos ages ago and as Google Chrome will cease support in 2020 and probably other browsers will follow, there just won't be much use for it anyway and websites will have to move to HTML5 anyway in the end.

I would recommend that you enable all security features in your router / modem, like for an example Asus's AiProtection with their enterprise grade security, as it really does help to protect your local network and devices from attacks, but AiProtection at the moment can cause a RAM leak on some Asus router / modems, where the RAM usage keeps increasing until it causes the router / modem to crash / freeze / lock up. Here is a YouTube video called Safer Internet for Your Family and Devices - AiProtection | ASUS. Also, YouTube and other websites can be slow on Chrome, because of an experemental feature that routes QUIC Protocol traffic over UDP for certain websites, this is meant to be more efficient and this is meant to improve performance, YouTube being one of them for videos, etc. But this experemental feature can either not be packet inspected, logged or reported on correctly by your router / modem's firewall causing a security risk or if it is packet inspected, logged or reported on by your router / modem's firewall like with Asus's AiProtection it can actually slow the QUIC Protocol traffic flow down to a crawl. So it's best to disable this expermental feature in Chrome by entering into your browser's URL bar "chrome://flags/" and by disabling "Experimental QUIC protocol", then by doing this in whatever else it's enabled in, which may have a different process to disable this experemental feature. But dont block UDP traffic on your router / modem directly or it will stop other things from working like OpenVPN if used on UDP with port forwarding. OpenVPN can create an encrypted tunnel into your local network from wherever you are in the world, this is to make it seem like you are at where your local network is, you can access local IP addresses in your local network remotely all secured over an encrypted VPN tunnel, etc. Here is more information from Fastvue about How Google’s QUIC Protocol Impacts Network Security and Reporting.

I would recommend that you set your router's wireless security encryption to WPA2-PSK AES, as this provides the highest level of security encryption, if your router supports it.

I would recommend that you enable HTTPS encryption in your router and devices, as this will encrypt the login process and data that is transmitted between devices, if your router and devices support it.

I would also recommend that you check your router's firewall to make sure it's set to its maximum setting and if it's not then set it to its maximum setting, if your router supports it. Also, I would recommend that you set your router's firewall to enable DoS protection and / or DDoS protection, if your router supports it and I would recommend that you disable your router's remote management feature / function, as if the remote management function is enabled your router's login page is accessible by anyone on the internet, if your router supports it.

I would recommend that you encrypt any data that's personal, I would also recommend that you backup your data whether your data is encrypted or not and that you encrypt any backups, as for an example if an encrypted container gets corrupted you could lose all of the data inside of it. Creating an encrypted backup of the encrypted container's volume header is also a good idea to try and prevent you from losing all of the data inside of it, in case it gets corrupted you can try and restore its volume header from the encrypted backup. You can check for issues like system data curruption and you can check if system files have been replaced by using this command in the CMD command prompt "SFC /scannow". Another way to check for system data corruption is by using this command in the CMD command prompt "DISM /Online /Cleanup-Image /ScanHealth" and if there is any system data corruption use this command in the CMD command prompt "DISM /Online /Cleanup-Image /RestoreHealth". To check for data corruption on any drive for example a drive formatted in NTFS use this command in the CMD command prompt "chkdsk c:", replacing c: for your drive's letter, so for an example d: is another drive letter that could be used, if any issues are found run "chkdsk /f c:", the /f means fix.

When you delete files or folders using the recycle bin or using the permenant delete option it doesn't really delete them, as it just tells the OS (operating system) to mark the space that the files or folders are occupying as free space, so other files and folders can overwrite the files or folders that you have deleted using the recycle bin or using the permenant delete option. But the problem is that this can take a long time for the space of the files or folders that you have deleted using the recycle bin or uisng the permenant delete option to be actually overwritten by other files or folders. So the solution is to actually use a file and folder shredder, that actually overwrites your files and folders while it is deleting them or after it has deleted them. It's best to choose a minimum of 7 passes to overwrite your files and folders that you want to delete. I would recommend a program called Eraser, as it's opensource meaning it can't have any backdoors or coding to circumvent the overwriting process. So if you use this program with 7 or above passes to overwrite your files and folders that you delete they are gone forever, there will be no way for anyone to recover them.

I would recommend that you enable User Account Control (UAC) in Windows if it is not already and if you can put up with the prompts I would also recommend that you enable it to always notify you, this is for added security, as it helps to stop malicious programs and apps from running malicious code. It does this by Windows needing your permission before making changes that Windows deems important, suspicious or just needing a higher priviliage, etc.

I could not list every security vulnerability there has ever been or every new security vulnerability and how to deal with each one, as there is just too many too list. So I have chosen to include a few major security vulnerabilities and how to protect yourself from them and how to protect yourself in general as well.

I could not list every update there ever has been or every new update and if each one is safe to install or not. So I have chosen to provide general advice on how to protect yourself from bad updates and how to block bad updates.

This knowledge was optained from many sources over a long period of time and parts of this knowledge was copied from many sources and pasted into this page, edited by me, all to help you secure your computers and devices, but that is part of what life is about accumulating knowledge.