Skip to Main Content

Computers Security Knowledge Logo

  • Home
  • Computers Security Knowledge
  • Scam and Fraud Prevention
  • Maximise Your Internet Speed

Here you can learn how to secure your computers and devices, with more knowledge to come.


While using all of these programs, apps, settings and this knowledge, I have had no takeovers from viruses, malware and / or spyware, etc.
Read near the bottom of this page for more information on this subject.



I would recommend that you buy and install real-time security software, to protect continuously from viruses, malware, spyware and other online threats, etc. I would recommend Norton Security, this link lists the features of Norton Security and Norton 360, as it utilizes one of the largest global civilian intelligence networks to spot threats faster and it is the number 1 ranked consumer security software for overall protection and performance. You can purchase protection for up to 10 devices, it has anti-virus with advanced machine learning, anti-malware and anti-spyware, multiple layers of protection and artificial intelligence, an intelligent smart firewall, auto protect, intrusion prevention, proactive exploit protection which protects your computers from exploits that take advantage of vulnerabilities in software and your computer's operating system and file insight which provides reputation information on software files gathered from their global network. Also, it has SONAR protection which protects you against malicious code, even before virus definitions are available through LiveUpdate, so that means it proactively detects unknown security risks on your computer. Additionally, it has SafeWeb which shields you from bad websites which includes malware, phishing & scam websites, etc. Finally, it has Safe Surfing, Norton Tamper Protection, browser protection, download intelligence, Norton Power Eraser, it blocks ransomware and it now has Online Banking Protection, which means Norton's servers connect to the banking website for you safely encrypted and you remotely connect into Norton's servers encrypted inside of your browser to browse the banking website, etc. I would like to add that I have paraphrased some of the wording above using information from Norton's website and possibly from other sources.





Now a new Norton 360 has been released, it replaces Norton Security and it has extra features included like Norton Secure VPN and SafeCam which protects your computers webcam from being accessed without your permission. In the USA extra features are included, as Norton LifeLock is included as well. But remember to turn off auto renewal, as it's charged at a much higher price than if you were to buy it at retail price. I think that Norton Security, Norton 360 and Norton Mobile Security and Antivirus are the most protective real-time antivirus products in the world, this is backed up by actual test results that have been performed on lots of the main antivirus products and Norton came out on top with their Norton Security and Norton 360, but Bitdefender Total Security did come in at a close second. I would like to add that I have paraphrased some of the wording above using information from Norton's website and possibly from other sources.





Your Norton Security and / or Norton 360 subscription also gives you access to their app counterpart on mobile devices, which can be used with your Norton Security product license key. The app is called Norton Mobile Security and Antivirus, this link lists the features of Norton Mobile Security and Antivirus and it is the most advanced mobile security for Android in the world. It has anti-virus, anti-malware, which now includes protection against trojans and ransomware and it has Norton Safe Search. Also, it has App Advisor powered by Norton Mobile Insight, which automatically checks apps on the Google Play Store before you download them for potential privacy risks, unusual/intrusive behaviour, high battery and data usage, etc. Finally, it has Norton SafeWeb filtering protection to shield you from fraudulent websites that are designed to steal your personal information and money, the ability to block unwanted calls and text messages, contacts backup, privacy report and Link Guard, the LinkGuard feature and its name has now been removed from the user interface, but you will now get the same link protection benefit from the Web Protection feature, etc. LinkGuard, well now the Web Protection feature scans any link you go on via emails and text messages to make sure it is safe, if it's not safe then it will be automatically blocked. Surveilance app protection has been added to the anti-malware feature to help protect your privacy and security by letting you know if an app is sharing your device's location, contacts, photos or messages without your authorisation.

I would like to add that I have paraphrased some of the wording above using information from Norton's website and possibly from other sources. And I would like to add that the contacts backup feature and the Anti-Theft features have been removed "End-of-availability of Anti-Theft, Contacts Backup and LinkGuard features of Norton Mobile Security Android". The ability to block unwanted text messages has been removed and to paraphrase what it said in the Norton Mobile Security and Antivirus app it said that the ability to block calls will soon be removed, but that new features will also be added. Here is its page on the Google Play Store Norton Mobile Security and Antivirus and here is a page on Norton's website to download the Norton Mobile Security and Antivirus app, if the Norton Mobile Security and Antivirus app is missing from the Google Play Store. Now their mobile app is called Norton 360 as well.





Make sure that you do not go back to the previous page when a page is blocked, this is because if you go back it could load that page or another page and an attack could get through that line of defence before it's able to block the same page again or a new page. This is what happened when I went back to the previous page, but luckily Norton 360 blocked the attack. I am so thankful to Norton, as this is why it's so important to have multiple layers of defence security. I would like to add that this is only necessary if the page has been blocked at the software level, but it's OK to go back to the previous page if its been blocked at the network DNS level and also possibly at the hardware level, like when using a UTM (unified threat management) device, for an example the Bitdefender Box 2 that's listed further down this page. This is because if the page wasn't loaded and will not be loaded due to it being blocked at the network DNS and / or hardware level, then this isn't a necessary precaution, but feel free to do it anyway for extra security. And I would like to add that it's OK to go back to the previous page or to carry on to the blocked page if you know that it's a false alarm and if the page has been blocked at the software level and it contains a back button it should be OK to use it, but remember not to use the browser's back button if the page has been blocked at the software level. And instead you could go to a safe page by going forwards using the URL bar or you could look at the previous pages list, if your browser supports it and go back to a previous safe page that you choose, etc.

But I would like to add that this isn't just if a page has been blocked with for an example "Your connection is not private" on the Google Chrome browser, which is due to HTTPS certificate issues, because this is your browser blocking the page and warning you that there is a problem with the HTTPS certificate used on that website. This isn't your browser blocking the page and warning you that the page has been blocked because it's malicious, etc. You do still have to be careful with websites that have HTTPS certificate problems though, this is because it can make the HTTPS encryption provided by that website ineffective due to various reasons, some of which have been mentioned on my website already.





I would recommend that you regularly check Play Protect on Android's Google Play Store, because it warned with things like "Your device may be at risk", "1 privacy warning", "Privacy warning" and "The app was removed from Google Play Store because it can access personal information in call logs or text messages". Which I obviously uninstalled the app, because it said "Uninstall" or "Keep app". So this is another way to protect your devices for free.

I would recommend that you install free, non real-time security software, to perform extra scans, to block bad websites and even more with things like immunisation, prevention and protection, which can protect your computers and browser programs against things like spyware, malware, adware, browser hijackers and dialers, etc. You can't have two real-time security programs running at the same time as they will interfere with each other. So I would recommend Malwarebytes free - this is a direct download link it does come with a free pro trial included, but don't say yes to that because if you do it will become a real-time security program. I would also recommend Spybot - Search & Destroy, SpywareBlaster, Norton Power Eraser, Malwarebytes AdwCleaner and Kaspersky TDSSKiller. NPE (Norton Power Eraser) is included with Norton Security, but you can download it as a standalone program as well. This means you can install all these non real-time security programs for free and they will not interfere with each other, as you will only have one real-time security program running. Another good free scanning program is the Microsoft Windows Malicious Software Removal Tool by running its executable file at this location "C:\Windows\System32\MRT.exe". I would like to add that I have paraphrased some of the wording above using information from SpywareBlaster's website and possibly from other sources, as I have learned a lot through the years.





Norton Power Eraser uses aggressive methods to detect threats, and there's a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files. I would like to add that the above wording is nearly a direct quote from Norton's website page "Run the free Norton Power Eraser tool in Safe mode" and possibly from other sources, as it seems to be on many websites. Also, you should carefully review any security program's scan results page before removing files, as there can be false positives, as for an example a legitimate program / app can use rootkit methods to hide its data from the user or a legitimate program / app in the access control list (ACL) can not have its admin username, that it lists as the owner of a file or folder that it uses, etc. And I would like to add that I have paraphrased some of the wording above using information from Spybot - Search & Destroy's website page "Are the found items really Rootkits?" and possibly from other sources, as I have learned a lot through the years.

SpywareBlaster will cause Google Chrome to say "Managed by your organisation", but it's of no concern because it's just SpywareBlaster creating policies in Google Chrome to protect it. You can check this for yourself by putting this into your URL bar and by searching for it "chrome://policy/", it will say these two policies "CookiesBlockedForUrls" and "JavaScriptBlockedForUrls" if you have enabled both of these protection features for Google Chrome in SpywareBlaster. If you notice any polices that are managing Google Chrome that shouldn't be, then it's probably a good idea to clear and / or refresh your policies, to run "Clean up computer" in Google Chrome to find and remove any harmful software on your computer and maybe it would be a good idea then to "Reset settings to their original defaults" in Google Chrome, this is if there are any policies that are managing Google Chrome that shouldn't be.





There are at least two exceptions to running more than one real-time security program, one exception being Android can have more than one real-time security app running at one time without them interfering with each other, so for more features and for extra security use two real-time security apps on Android. Especially if you get Bitdefender Mobile Security & Antivirus included in the yearly subscription fee of the Bitdefender Box 2 listed below (Norton Mobile Security and Antivirus, Norton Security has been proven in tests to be the best at protecting your computers and devices and Bitdefender Mobile Security & Antivirus, Bitdefender Total Security came out near the top in tests as well). But the Bitdefender Mobile Security & Antivirus app can have an issue with its app lock feature with at least the latest software update on the Samsung Galaxy S10+ mobile phones, where it causes the Bitdefender Mobile Security & Antivirus app to repeatedly crash when opening its app and when using other apps, probably when using other apps that are being app lock protected, I have emailed Bitdefender about it and they have now updated their app to correct this issue. The Bitdefender Mobile Security & Antivirus app can have another issue with its app lock feature where it sometimes doesn't lock the settings area of Android properly or at all, an app update and / or an Android update fixed this in the past, but it's now started happening again I think after the latest app update, I have emailed Bitdefender about it. I would like to add that when I said "the latest app update", I meant the latest app update at around the 12th of August 2020.

And the other exception being NoVirusThanks OSArmour, it's a real-time security program, but it doesn't interfere with your other real-time security program, because it just adds an additional layer of defense. This is wording from the manufacturer's website "Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. Also, this tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via vssadmin.exe, it blocks processes with double file extensions (i.e invoice.pdf.exe), it blocks USB-spreading malware, and much more. It is lightweight, zero-configuration and runs in the background protecting your system.".





And this is a direct quote from the manufacturer's website "This smart security application focuses on preventing a malware infection by applying smart and intelligent rules that block bad processes behaviors. This tool can block threats not detected by your installed security solution. Add to your system an additional layer of defense to prevent infections by malware and ransomware! You don't have to configure anything, just install it and forget about it. We have already added more than 60 smart policies to improve your system security with this security application.". It blocks processes from running that are not meant to be run, it blocks remote scripts from running, it monitors and protects a wide range of programs and apps including MS Office apps, it blocks USB malware from running, it blocks processes that have command line strings commonly related to malware, it blocks execution of processes with .COM or .PIF, which are obsolete file extensions, it protect shadow copies of files from being deleted, it's very lightweight only using a few MBs of memory, etc. I would like to add that I have paraphrased some of the wording above using information from NoVirusThanks's website and possibly from other sources. And I would like to add that the manufacturer has since updated their product, changed their website and changed their wording, etc. So here is their features page on their website which has more up-to-date wording "Why OSArmor? Read Here".

Also, I would like to add that at the time I thought along the lines of that I had paraphrased some of the wording above, but it has come to my attention that this is not the case, because some of the wording above was from the manufacturer's website to explain what their product does, so that I could mention and basically recommend their product. But I don't think I could direct quote this part of their wording, this is because I think I had put together some of their wording, possibly taking bits out and possibly adding bits in, etc. So I don't think this part of their wording was a direct quote, so that's why I didn't put it in quotation marks, but basically it was still kind of individual quotes. I want to make sure that I had not plagiarised this wording, so that's why I am explaining this now.





But I have had one instance where I have had to temporarily disable NoVirusThanks OSArmour, which you can use in its settings. As with my custom strict settings that I have implemented in NoVirusThanks OSArmour, it was interfering with the installation process with one program that I was installing. So if you get a popup saying that NoVirusThanks OSArmour has blocked something and if the program and / or game that you are installing has issues, then uninstall the program and / or game, then temporarily disable (for a period of time that you choose) or disable using the normal disable button both in NoVirusThanks OSArmour and then reinstall the program and / or game and it should work correctly now. Then re-enable NoVirusThanks OSArmour, so that you continue to receive its protection. I would like to add that this has happened at least one more time with a different program that I was installing and I sometimes try to run the commands that were blocked to try and complete the installation process. But I think if this happens it's best to either repair the installation if possible or to uninstall the program and / or game and to reinstall it like how I have said above.





Certain security, privacy and other features are not enabled or disabled or set to the correct values by default in browsers, so for Google Chrome go to chrome://flags and for Firefox go to about:config, etc. Here are some features that you should enable in Google Chrome, some of these features are only available on certain platforms: "Smooth Scrolling", "Site Isolation For Password Sites", "Strict site isolation", "Parallel downloading", "Treat risky downloads over insecure connections as active mixed content", "Detect target embedding domains as lookalikes.", "Strict-Origin-Isolation", "Safety Check on Android", "Show Safety Tip UI when visiting low-reputation websites", "Heavy Ad Intervention", "Heavy ad privacy mitigations" and "Enforce deprecation of legacy TLS versions".

And here are some features that you should disable in Google Chrome, some of these features are only available on certain platforms: "Experimental QUIC protocol". Also, here are some features that you should enable or change the values of in Firefox, some of these features are only available on certain platforms: "security.tls.version.min", set it to 3 (which means it won't allow connection to websites that use a TLS version below 1.2), "privacy.firstparty.isolate", set it to true and "privacy.firstparty.isolate.block_post_message", set it to true.

I have changed the above to reflect new Chrome flags that have been added or new Chrome flags that I have noticed and to reflect removed Chrome flags, etc. And it's a good idea to make sure the privacy and security settings are set correctly in the browser(s) that you use like in Google Chrome and Firefox, etc. I would like to add that I will continue to change "the above to reflect new Chrome flags that have been added or new Chrome flags that I have noticed and to reflect removed Chrome flags, etc.". And I have found while I was checking the above enabled features in Google Chrome, that two of the features were not enabled on one of our devices, so I have enabled them and if I find anymore on our supported devices I will either enable or disable them, etc. But I would like to add that by the time you are reading this, the two features that I have mentioned above might not be in the above features list anymore.





I would recommend that you install these browser add-ons for security, for privacy and to block advertisements, etc. They are Norton Safe Web (which is a website grading scanner, a link scanner and which also includes banking protection. It's part of Norton Security and Norton 360.), Bitdefender Traffic Light (which is another website grading scanner, but it's free and part of what it does is it "Checks every web page you access for threats, phishing and fraud attempts.".) Adblock Plus (which is a brilliant free ad blocker), Malwarebytes Browser Guard and LastPass (which is a free encrypted password manager, that has a premium subscription option if you would like to buy it. I would highly recommend that you do, as it offers multiple benefits for your premium subscription.). Here is the premium subscription benefits of LastPass and here is my review of LastPass, this link will take you to another page on my website. I would like to add that it's not necessary to install these browser add-ons into all the browsers that you don't use, as just into the browsers that you use is enough, but I have now installed the supported browser add-ons into my other installed browsers that I sometimes use, just in case. But all these browser add-ons aren't available on every browser, as for an example Bitdefender Traffic Light isn't available on Microsoft Edge and all these browser add-ons are not available on Internet Explorer, etc. I have changed the above browser add-ons list to reflect new browser add-ons that I am recommending. And I would like to add that I found out on one of my current devices, that LastPass was not installed into one of my other installed browsers that I sometimes use, maybe it never was, so I have installed it now.

Also, do not store your passwords in browsers in an unencrypted manner, use an encrypted password manager instead. I would recommend LastPass. And if possible do not store passwords or other important files / folders in plain text, but if you have to, if possible try and make sure that they are stored on encrypted storage at least. I would like to add that even I have stored passwords and other important files / folders in plain text on unencrypted storage, but I am in the process of correcting this and I try to remember not to do that anymore, as it's unsafe.





When the Bitdefender Traffic Light free addon is installed, make sure if you have the Norton Safe Web addon installed to turn off "Search Advisor" which "Checks the search results to warn against dangerous web pages before you access them.". This is because in a browser's search results say in Google, it will take the place of Norton Safe Web's search suggestions, which gives you a website grading next to the websites in the search results before you go on a website. So if you want the Norton Safe Web suggestions instead of Bitdefender Traffic Light's search suggestions, then do the above. But if you still want the protection of Bitdefender Traffic Light, make sure to keep turned on in Bitdefender Traffic Light, "Web Protection" which "Checks every web page you access for threats, phishing and fraud attempts.".

I would recommend that you also scan files, websites, IP addresses, domains and file hashes using VirusTotal, to determine if they are safe or not. By visiting the VirusTotal website and by using their services for free.





Buying and installing a UTM (unified threat management) device is a good idea, some can either replace your router or some can either work alongside your router, etc. So if it replaces your router, but you have a combined router / modem then put your router / modem into modem only mode and the UTM device will then become your router or double NAT, double firewall and have your router / modem still in router / modem mode with its DHCP server disabled, but also have a UTM device acting as a router and DHCP server as well. But the idea is that they constantly monitor your network, computers and devices for threats even devices that can not have security software installed on them, like for an example Bitdefender Box 2 does with Brute Force Protection (where it will protect from an attacker trying to brute force passwords and trying to brute force into your network, computers and devices), with Sensitive Data Protection (where it ensures no sensitive data like credit cards, usernames and passwords, personal information and location data is sent unencrypted because it will block the information being sent in that case), with Anomaly Detection (where it monitors your network, computers and devices and it learns how they normally operate and if they deviate from how they normally operate it will warn you), with Exploit Prevention (where it prevents attackers from using exploits that are present in network, computers and devices), with Vulnerability Assessment (where if a device that has vulnerabilities connects to your network it will warn you of this) and with Safe Browsing (where it will block malicious URLs, so this will help even further to block phishing and online fraud). I would like to add that I have paraphrased some of the wording above using information from Bitdefender's website and possibly from other sources, as I have learned a lot through the years.





Also, with Advanced Parental Control (where it can filter out content that's inappropriate for children, it can warn you if attempts to access blocked websites, it can warn you of attempts to access blocked apps, it can warn you of a call or text from a blocked/unknown phone number, it can allow with the press of a button in the Bitdefender Parental Control Mobile app the sending of a arrived safe message instead of having to call or text to say / send it, it can protect your children's safety like from cyberbullying (only available until August 1, 2020) and online predators (only available until August 1, 2020), it can track where your children are, it can set zones that are restricted to give you warnings when those zones are entered and it can manage when your kids have access to the internet at home. But some of these require the Bitdefender Parental Control app or one of the Bitdefender security apps to be installed on your computers and devices). You can find out more about Bitdefender Box 2 here. I would like to add that I have paraphrased some of the wording above using information from Bitdefender's website and possibly from other sources, as I have learned a lot through the years.





Some UTM devices come with subscriptions to real time security programs, but Norton Security has been proven in tests to be the best at protecting your computers and devices and some UTM devices will slow down your internet speed if you have a fast internet connection, say over 200 Mbps. Most UTM devices require a paid subscription, but having a paid subscription will usually offer more protection and will usually be updated more often. For home users I would recommend Bitdefender Box 2, as it has got great protection features, as it doesn't slow down your internet connection, as it's fast, as it auto updates itself to keep ahead of identified vulnerabilities, as it's sold at a great price for the features offered and for the inclusion of 1 years worth of subscription in the price, as it has got a pretty good yearly renewal price for the features offered, as it has scored pretty good in reviews and as it has also got pretty good customer reviews, etc. As within the price of the yearly subscription you also get access to the Bitdefender security programs and apps, which provides lots of other benefits, including but not limited to Anti-Theft, App Lock, Malware Scanner, Web Protection, Account Privacy (which keeps a check on if your email addresses have been in a data breach) and a VPN that for each device provides 200MB per day that has no logging of your activities and that has no looking into your encrypted data, etc. I would like to add that I have paraphrased some of the wording above using information from Bitdefender's website and possibly from other sources, as I have learned a lot through the years.





It can have a few installation issues, but once it's installed it runs fine and it's well worth a bit of your time to secure your network. There can be a few false positives, but it's better to have false positives than false negatives, so in the app it gives you an option to allow what has been blocked, but make sure you check that it's really something that you want to allow and make sure that it's a false positive first before you allow. If the app does not show some of your devices, it could be because if you have a wireless bridge network device that serves clients, the Bitdefender Box 2 might just see the wireless bridge network device and not the clients behind it or it may be that you have deleted the network devices from the list either by accident or on purpose and the devices do not show back up, even after changing the devices IP address because it's MAC address probably does not change or the final thing it could be is that it makes a mistake and doesn't detect the devices MAC address even if the device's IP address is changed and it could be a combination of all of these things. And if you do not want to use its WiFi you can disable its WiFi, say if you already have a device or devices that provide WiFi that you would like to continue to use instead. But there is an issue and / or a bug in its firmware where if you disable its main WiFi then its LAN IP address range setting can get changed back to its default automatic IP address range setting instead of your custom LAN IP address range setting, if you have set a custom LAN IP address range setting. There is a way that I know of to counteract this by enabling its guest WiFi before disabling its main WiFi and if you don't want to use its guest WiFi, then you can disable its guest WiFi.

I would also recommend that you install Norton Halt exploit defender app on Android for free, as it is a first responder app designed to warn you about and scan for the latest security vulnerabilities and exploits that threaten your device and personal information. This includes the Krack, Bluebourne, Spectre and Magellan security vulnerabilities, etc. As these security vulnerabilities and exploits allow attackers to bypass system permissions, inject malicious code and install unauthorized apps, etc. This app has been discontinued and has been taken off the Google Play store on the 3rd of March 2020. I would like to add that I have paraphrased some of the wording above using information from Norton Halt exploit defender's Google Play Store website page.





I would recommend that you set your DNS to CleanBrowsing DNS for free, as it will protect your computers and devices from bad websites, including malware, phishing & scam websites, etc. As it checks every website before you go on it to make sure it is safe and if it is not safe then it will be automatically blocked. They do not log any of your data, they are fast and they score very high on tests. Also, they can block adult sites, explicit, other unsafe content and mixed adult content, etc. Additionally, they can enforce Safe Mode on Google, Bing and YouTube and they can block proxy and VPN domains that are used to bypass the filters, etc. Finally, all these additional filter options you can choose whether to use them or not, but all the filter options include protection for malware, phishing and scam websites, etc. This it to keep you safe with this first layer of protection for your network. I would like to add that I have paraphrased some of the wording above using information from CleanBrowsing's website and possibly from other sources.

I would also recommend that you install AdGuard for free on Android, as it creates a local VPN (virtual private network) connection to itself and Adguard's servers can not see your data, AdGuard blocks ads, tracking, annoyances and spyware websites, etc. Also, it can connect you to your DNS encrypted via HTTPS, via TLS 1.3 which one of the things it does is to encrypt the website that you are visiting server's security certificate, it's faster and it suppports more mordern security ciphers with perfect forward secrecy and via DNSSEC which validates that the DNS server is who they say they are as well, if your DNS supports it, which prevents spoofing attacks (an attacker redirecting you to a different website without your knowledge, instead of sending you to the website that you requested, by pretending to be the DNS server(s) that you use), man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested and pretending to be the DNS server(s) that you use) and encrypted DNS makes it harder for your ISP to know what websites you have been visiting. Here is a checker from Cloudflare and their information "Browsing Experience Security Check". I would like to add that I have paraphrased some of the wording above using information from Cloudflare's website and possibly from other sources, as I have learned a lot through the years.





When visiting HTTPS websites your ISP can only see what website you are on, not what page you are on, but with an encrypted DNS your ISP can only see what IP address you have been sent to and as multiple websites can be hosted by a single IP address that's why it makes it much harder for your ISP to know what websites you have been visiting. If you are not visiting HTTPS websites, then your ISP can see what page you are on as well as all the data being transmitted to and from the websites, even with your DNS encrypted and your SNI encrypted. This is due to the websites themselves not transmitting encrypted data. When I said "but with an encrypted DNS your ISP can only see what IP address you have been sent to", I was not including SNI, as with SNI (Server Name Indication) your ISP can still tell what websites you have been sent to because they can see the domain names of the websites. But thankfully encryption for that is now possible due to TLS 1.3, so SNI will soon be encrypted as well.

And then when I said "as multiple websites can be hosted by a single IP address that's why it makes it much harder for your ISP to know what websites you have been visiting.", this is also true for encrypted SNI. Sometimes blocking solutions can block legitamate useful things like for an example cookie banners, that inform you of what cookies are, that inform you of what cookies are used by a website, that let you choose what cookies are used and so things that use those cookies are allowed to run if you choose to allow those cookies. For Android, other operating systems and other computers and devices, there are other free blocking solutions for ads, tracking, annoyances, malware and spyware websites, etc. Like Adblock Plus which have extensions for most of the main browsers including Google Chrome and Firefox, etc. Finally, for Android, other operating systems and other computers and devices, there are other free solutions for encrypted DNS and for encrypted VPN. Like now on certain browsers you can use encrypted DNS directly in those browsers, as an encrypted DNS client is built into those browsers.





Always remember before doing any update that it's best to check the reviews and / or comments for the update in question, but really it's only worth doing every time if it's an update to an operating system for a critical machine, to a critical piece of software or to a critical app, etc. As you can usually revert back to a previous update version if there is trouble, this is fine if it's an update to nothing that's really important, but it's not fine if it's to an operating system for a critical machine, if it's to a critical piece of software or if it's to a critical app, etc. Because any downtime could either be costly, could take time to fix or could possibly be dangerous to life, etc.





If not done automatically I would recommend that you always check for new Windows updates manually and that you then choose whether to install important Windows updates. Also, it is a good idea if supported to check for new optional Windows updates manually and to choose which optional Windows updates to install if any, this is so you can get the latest Windows security patches and updates. Like for an example the Windows security patch to block WannaCry ransomware and the Windows security patch to protect against the Meltdown CPU flaw. Additionally, to resolve general Windows issues and bugs, and to access new Windows and software features if supported. But even though optional Windows updates are validated and production quality, they can contain bugs and those bugs could harm your computers, devices and files, etc. So be careful, as if in doubt just wait for the main Windows update releases and the optional Windows updates will dissapear. I would like to add that when I said "and the optional Windows updates will dissapear.", I meant all the optional Windows updates that are replaced by the main Windows update releases will disappear. And I would like to add that this part "optional Windows updates are validated and production quality" was paraphrased from I think this website, because there are also other websites with this information, but there is more information here about Windows updates. There are possibly other websites that helped me, but I think they get their information from this source and / or from this source, these two Microsoft sources probably share information.

I would recommend that you upgrade to the latest version of Windows 10, as Windows 7 SP1 in 2020 is now unsupported. As mainstream support has ended on the 13th of January 2015 and as extended support has ended on the 14th of January 2020. There will be no new features or Windows security patches & security updates added to Windows 7 SP1. Also, Windows 10 is better anyway because Windows 10 is faster, as it has a faster boot time, faster USB 3.0 speeds, it is more stable, it is more secure, it has new features with more new features to come and Windows 10 will be supported for more years, etc. You can fully stop Microsoft and other companies from collecting your data by disabling telemetry and data collection, so just search Google for Windows 10 disable telemetry and data collection or search Google for (the company in question) disable telemetry and data collection.





And you can enable random hardware addresses by going to settings, then to Network & Internet, then to WiFi and by enabling the option, this is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy, this setting applies to new connections. I would like to add that these parts "this is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy" were paraphrased from I think these websites "Privacy: MAC Randomization", "How to enable a randomized MAC address in Android 10" and "How to use random hardware addresses". There are possibly other websites that helped me, but I think they get their information from these sources anyway.





I would also recommend that you go to settings, then to privacy and that you disable all the settings that are a privacy risk, that could be used to track you in Windows 10 and to set all of the security settings correctly. I would recommend that you go to services.msc and that you disable all of the services that are not needed or that are a security risk, you can find out which those are by searching them online, as each person might have different requirements I would not like to provide exact services and settings to disable or enable, etc. When updating Windows 10 certain settings and services can change. so it's a good idea to re-check your security and privacy settings and your services settings after a Windows 10 update.

Additionally, you can make Windows Update become manual again by turning on the setting in Windows 10 called metered connection for WiFi or Ethernet connections. You can prevent specific windows updates from being installed using the Microsoft "Show or hide updates" troubleshooter package, which can be downloaded direct from Microsoft. But first you will need to make sure Windows updates are not paused before using the Microsoft "Show or hide updates" troubleshooter package to hide or show Windows updates. Then afterwards if you have enabled the metered connection setting (to let you choose when to download Windows updates) and if the Windows update(s) you want to hide is/are still sitting ready to download or if after you have shown the Windows update(s) you had originally hidden, if another Windows update(s) is/are still sitting ready to download. You will need to pause and un-pause Windows updates, as this will refresh the Windows updates download list, so the Windows update(s) that you have hidden will not be downloaded or so that the Windows update(s) that you have originally hidden but have now shown can be download. Doing it this way ensures all other Windows updates can still be downloaded and installed that you want, so your computers and devices are still kept as up-to-date with Windows updates that you want. You can uninstall troublesome Windows updates easily by doing so after they have been installed, but do not uninstall an update before you have rebooted your computer first if it asks you to do so, because it can cause Windows to fail to boot, this is due to Windows needing to install the update properly before you uninstall it.





Also, all this can be done even in Windows 10 Home Edition and you can permanently disable the Windows update service in services.msc to disable all Windows updates, if disabled I would recommend that you enable the Windows update service again when the bad Windows updates have been corrected by new Windows updates. Finally, you can now defer major feature Windows updates for up to 365 days, you can now defer quality Windows updates for up to 30 days and you can pause all Windows updates for 7 days.

Once the security programs are installed and set-up remember to keep them up-to-date. Also, remember to keep your browsers and other programs up-to-date as well. Because doing all this will mean your security in those programs is up-to-date.

Always remember when installing programs to select a custom install vs selecting an automated install, this is so you can de-select any optional extras that you don't want and / or need to be installed, as these could be Adware and / or just things that you don't want and / or need to be installed, etc.





Always remember to scan archive files before you open and / or extract them, e.g. RAR and ZIP files, etc. This is because they could contain viruses, malware or spyware, etc. And by opening and / or extracting them before scanning them there is a chance that those files could be extracted into the temporary folder. Also, only download from websites that you trust, especially when you are directly downloading EXE (executable files), as they could contain viruses, malware or spyware, etc. But if you do forget to do this like I do sometimes, don't worry, this is because Norton Security and Norton 360 have Auto-Protect which will automatically detect when viruses, malware and spyware, etc. Are extracted and it will quarantine them automatically, but don't rely on that, as it's not fool proof, as nothing really is, that's why you have to be very smart about how you protect your computers and devices and that's why you and I have to keep always remembering to continue to do the best that we can when securing our computers and devices.

I would like to add that even I do not scan every file / archive, as if they are from trusted locations Norton Security and Norton 360's Auto-Protect should be enough on its own, but I will now scan even those files / archives, as you can never be too careful and I will try to remember to do this. Finally, if you are downloading and installing apps remember to scan them, to check what permissions they require, to check if they are sharing your personal data anywhere and to check for any unusual/intrusive behaviour, etc. You can do all these things even before you download an app with the App Advisor for Google Play Store feature in Norton Security and Antivirus, or if you are downloading apps (APK) files directly you can view the apps permissions before you install, you can scan the apps before you install and if you are using Norton Security and Antivirus it can scan the apps after you install them as well.





The bad news is there are CPU security flaws that have been identified on virtually everyone's CPU's that have been manufactured in the last 20 years, they are called Meltdown and Spectre which have many different variants. This is for Intel, AMD and ARM CPU's, etc. Spectre essentially gets programs and / or your systems to perform unnecessary operations - this leaks data that should stay confidential, where as Meltdown also grabs information - but essentially it simply snoops on memory used by programs and / or your systems in a way that would not normally be possible. I would like to add that the parts above about what Spectre and Meltdown does were paraphrased, but I cannot remember which source I got the original wording from, as multiple sources say the same original wording, so here is a link to a source that says the original wording "Meltdown and Spectre: How chip hacks work". The good news is you can protect against the Meltdown and Spectre CPU security flaws and you can do this by updating and keeping up-to-date your browsers, GPU drivers, system monitoring/management programs, Google programs and apps, etc. All to receive security update patches. But most importantly by updating your operating system and your BIOS / CPU microcode frmware, to receive security update patches as well.

Microsoft have already released a Meltdown security update patch for Windows operating systems, it protects Intel CPU's only, as AMD CPU's are immune to this CPU security flaw. The Microsoft security update patch will only install if your real-time security software is up-to-date and if it has been patched to work with the Microsoft Meltdown security update patch. All the major Linux operating system distributions already have Meltdown security update patches and they protect Intel and ARM CPU's. Nvidia have already released a Spectre security update patch for their GPU drivers. Google have already released a Meltdown/Spectre security update patch for Android and ChromeOS, it protects Intel and ARM CPU's. But for Android (which is mostly just affected by Spectre) it will be up to each manufacturer to distribute these security update patches. Apple have already released a Meltdown/Spectre security update patch for iOS, macOS, tvOS, macOS Sierra, OS X El Capitan and macOS High Sierra, it protects Intel and ARM CPU's of Apple's.





Intel have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it and it can also be downloaded from Intel directly for Linux, but now they have started manufacturing CPUs that contain hardware protection for Spectre and Meltdown, as they contain hardware fixes. Also each manufacturer should distribute these security update patches as well. AMD have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it. Also each manufacturer should distribute these security update patches as well. Firefox have already released a Meltdown/Spectre security update patch for their browser. Microsoft have already released a Meltdown/Spectre security update patch for their Microsoft Edge and Internet Explorer browsers. Google have released a Meltdown/Spectre security update patch for their Chrome browser. Finally, Apple have also already released a Meltdown/Spectre security update patch for their Safari browser. And the list goes on.





Make sure your Security is up-to-date, don't click/tap on suspicious links, don't go on suspicious websites, don't download suspicious programs / apps, only download from credible sources and always scan files before extracting and / or installing them. As if you have a secure system then nothing can use the Spectre and Meltdown CPU security flaws before you have fully patched them, because they require malicious code to be running on your system for these CPU security flaws to be acted upon. Also, if your programs are up-to-date and if they have security update patches they will protect against these CPU security flaws even more, as there will be even less of a chance they can be acted upon by malicious code before you have fully patched them. But always remember to apply security update patches as soon as they are released.
Always check before entering personal information into a website that it is HTTPS secured, which means between you and the website's servers communication is encrypted and it is only readable by you and the website's servers. Also it means you are protected against man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested), etc. I would like to add that even I have forgot to check this at times and on at least one occasion a website had loaded HTTP pages instead of the HTTPS pages that were expected due to the HTTPS URL links.

It's a good idea to check if your emails are sent using TLS standard encryption or not, as some email providers send your emails unencrypted allowing anyone along the line to read the contents of your emails.





On Android starting from Android 8 onwards you can enable randomised MAC addresses by going to settings, then to connections, then to Wi-Fi and by enabling this option when you connect to a new WiFi network or by enabling this option in the settings of an already connected WiFi network. You can enable a setting in the developer options to cause this setting to be the default choice when connecting to new WiFi networks even using Android 9. Even better news is that starting from Android 10 this option has been made the default choice when connecting to new WiFi networks. This setting is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy. I would like to add that these parts "This setting is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy" were paraphrased from these websites "Privacy: MAC Randomization", "How to enable a randomized MAC address in Android 10" and "How to use random hardware addresses". There are possibly other websites that helped me, but I think they get their information from these sources anyway. I enable randomised MAC addresses for new WiFi connections away from our home's WiFi. But it's easier to have a static MAC address for our devices connecting to our home's WiFi, as it helps our Bitdefender Box 2 UTM (unified threat managment) device by making sure that it doesn't keep thinking that a new device has connected when it's just the same device with a new randomised MAC address and by the customised settings for that device not having to be set again, etc.





You can test your browsers to see if they checking for revoked HTTPS certificates on websites using GRC's "HTTPS Certificate Revocation Awareness Test". If they are, that means if a website revokes it's HTTPS certificate you will not be able to access a website that uses that HTTPS certificate. This is so a website can not trick you into thinking that it's the website listed on the HTTPS certificate, but If your browsers don't check for revoked HTTPS certificates on websites, that means if a website revokes it's HTTPS certificate you will be able to access a website that uses that HTTPS certificate, so a website could trick you into thinking that it's the website listed on the HTTPS certificate when it's not. A website could have been made to look like the website listed on the HTTPS certificate. They would have had to have compromised the HTTPS certificate itself to gain access to it, that's why the website listed on the HTTPS certificate would have revoked it to prevent it from being used by anyone else. GRC's "HTTPS Certificate Revocation Awareness Test" is not working at the moment, but here is another website that has loads of browser tests on it, including a "revoked" HTTPS certificate test. The website is called "badssl.com". I emailed GRC to tell them that their website's subdomain is not revoked anymore and to tell them other things, but now their website's subdomain is revoked again, like it should be for their "HTTPS Certificate Revocation Awareness Test" to work.





You can obtain Perfect Passwords using GRC's "Ultra High Security Password Generator", they are 63-64 characters long and each one is completely random with a GRC guarantee that no similar passwords will ever be produced again. Their page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection. Also, their page is custom generated each time just for you so it will not be cached by the GRC website servers or be visible to anyone else. So the password it generates is private. These passwords use a massive 512 bits of security, so they are perfect for a wireless security password, etc. Finally, if you don't like entering the long password into each device manually, just use WPS Push Button connect or a device's WPS client randomly-generated security personal identification number (PIN) that you enter into your router, both ways can be used to connect your devices to your router and they save time if your router supports it. The other way would be to just copy and paste the long router password into your device if your device supports it. I would like to add that I have paraphrased some of the wording above using information from GRC's website and possibly from other sources, as I have learned a lot through the years.





You can use GRC's "Interactive Brute Force Password Calculator" to check and see how long it would take to find your password if an attacker had to try every possible combination, as if you don't use passwords with dictionary words in them an attacker has to find your password using brute force by trying every possible combination. Also, the passwords you enter are only locally temporarily stored in your browser, they never leave your browser and that means the GRC website servers do not know the passwords you enter, so your passwords are still private. I would like to add that I have paraphrased some of the wording above using information from GRC's website and possibly from other sources, as I have learned a lot through the years.

Additionally, choose strong passwords that are different for each online account, especially for your email accounts, as this will limit the impact if one password gets compromised. Use a combination of numbers, symbols, and upper and lower case letters, make sure your new passwords are a minimum of 10 characters, create different passwords for every login for better security and avoid storing passwords in your browser to help avoid password leaks. Finally, by creating different strong passwords for each online account, you will help to maintain your privacy and prevent attackers from hacking your online accounts. I would like to add that I am in the process of changing all of our old passwords for some of our accounts to new randomly generated ones and I am in the process of stopping my other family members from using our old passwords, by teaching them how to randomly generate them instead. And using app passwords in say Google is fine, as they are randomly generated 16 character passwords, but only use app passwords if necessary, this is because they are only lower case and they are relatively short passwords.





Choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. I would also recommend that you choose to turn off in the Android security settings the "Make passwords visible" option, this is because it will show the last number and / or letter as you type, this could be your lockscreen PIN / password, so it can be a security risk. But do not use fingerprint or face authentication, as they have been proven to have security vulnerabilities that can be exploited. I would like to add that using fingerprint authentication is acceptable on Windows with LastPass, as LastPass doesn't support PIN authentication on Windows, so your potentially very long LastPass master password would have to be entered in each time you login without using fingerprint authentication, but to make it more secure you can use double two-factor authentication by having fingerprint login and then having it request a second two-factor authentication method after. I would like to add that some devices do not support 12 digits for their lockscreen, so on those devices just use the maximum digits they allow, as anything is better than nothing. But our emergency mobile phone that we mainly have just for emergency purposes didn't really need a lockscreen PIN set and a SIM PIN set at all, but I have set them both anyway.

I would recommend that you set a SIM PIN on your mobile phone and tablet devices that contain a SIM card, the SIM PIN will prevent unauthorised use of your SIM card if an attacker steals your SIM card, due to the SIM card being locked. As the SIM PIN will then have to be entered at every boot of your mobile phone and tablet devices or the SIM card will not be unlocked.





For the Windows 10 lockscreen I would recommend that you enable these settings by using these commands in the CMD command prompt "net accounts /lockoutthreshold:5", replacing 5 with the number of times a wrong password has to be entered to trigger the lockout. Then "net accounts /lockoutduration:30", replacing 30 with the duration of time that you have to wait when the number of wrong passwords has been entered that has triggered the lockout. Finally, "net accounts /lockoutwindow:30", replacing 30 with duration of time that you have to wait before the wrong passwords count will be reset to 0 without triggering the lockout. So with the above commands an attacker would have to wait 30 minutes if tried 5 passwords or would have to wait the same 30 minutes if tried less than 5 passwords, this slows down to a crawl the brute force attack speed where an attacker tries every possible combination until they find your password. Like the LastPass encrypted password manager does with their customisable iterations count, which make it harder and more time consuming to the attacker to brute force your master password. Here is information from Microsoft about the "Account Lockout Policy", here is information about "How to Change Account Lockout Duration for Local Accounts in Windows 10" and here is infromation about the "Net accounts command". I would like to add that these websites helped me to learn this knowledge and possibly other sources helped me, as I have learned a lot through the years. And I would like to add that I think I have not enabled these settings on my desktop until recently, but I have now enabled these settings on my desktop to protect its lockscreen from password brute force attacks as well.

If you are in a data breach and you have to change your passwords, by only using one password for each online account it will definitely limit the impact if one of your passwords is leaked to the public and by using randomly generated passwords that are stored in an encrypted password manager's vault, it's so easy to just generate a new randomly generated password with an encrypted password manager. Also, you can check if you have been in a data breach by visiting Have I Been Pwned.





Enable two-factor authentication in all your accounts that support it, this will add an extra layer of security to your accounts, so when you want to sign in it will ask you to enter your password and it will also send you a temporary random code each time to either your email address or to your phone number via a call or a text or it will generate one in an app like the Google Authenticator app or on a physical hardware key that you will have to plug in each time, etc. Google account's two-factor authentication will popup a yes or no prompt on signed in devices, to ask whether or not to allow the new device to sign into your Google account. I would like to add that other companies can have their own method of a two-factor authentication popup verification prompt, either using their own app or using a different companies / persons app or using another method, etc. I would also like to add that I know sometimes disabling two-factor authentication temporarily is needed or is thought to be needed even if it's not, as even I have to do this if I am changing around settings or if I am testing things out, etc.

If you have got the choice of which two-factor authentication to use, then I would recommend that you choose TOTP which is time-based one-time password to generate one in an app like the Google Authenticator app, etc. But remember to enable if possible brute force protection on the TOTP two-factor authentication method and remember to choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. Here are pages about TOTP, here and here, etc. It will ask you to enter this extra code in or to press yes on a signed in device after you enter your username and password, as an additional level of security. Also, this will protect your accounts if your passwords get leaked in a data breach and this will give you time to change your passwords. Again I would like to add that I am in the process of changing all of our old passwords for some of our accounts to new randomly generated ones and I am in the process of stopping my other family members from using our old passwords, by teaching them how to randomly generate them instead. And using app passwords in say Google is fine, as they are randomly generated 16 character passwords, but only use app passwords if necessary, this is because they are only lower case and they are relatively short passwords.





You can use GRC's "DNS (Domain Name Server) Spoofability Test" to check the spoofability protection of the DNS server(s) you use. As when you visit a website the DNS provider you use has already worked to get you to that website. This is because they have located and identified that website by using that website's domain name to match it to its IP address. Because it's a lot easier to remember a website's domain name instead of its IP address. Spoofability is where an attacker redirects you to a false website even when you have typed in the correct domain name of that website. So that's why spoofability protection is so important, as it prevents an attacker from being able to redirect you to a false website without your knowledge.

I would recommend that you disable your router's built-in static WPS PIN, as it is short and can easily be found by an attacker. You can do this in your router's advanced wireless settings, if your router supports it. Also, you will still be able to use WPS because your router still allows WPS Push Button Connect and it still allows the randomly-generated WPS PIN of your device to be entered into your router, if your router supports it. I would like to add that some routers will turn back on their built-in static WPS PIN, if you have to turn back on WPS to use WPS Push Button Connect and / or to enter into your router the randomly-generated WPS PIN of your device. This is if you had to turn off WPS to turn off your router's static WPS PIN, if your router did not have an option to turn your router's static WPS PIN off while keeping WPS on.





I would recommend that you disable UPnP in your router / modem and devices, as UPnP basically automatically port forwards ports in your router / modems firewall, this in itself is a bad idea, as it may decide to port forward a bunch of ports leaving your network open and vulnerable to an attack. But it's even worse than that, as there's so many vulnerabilities in UPnP itself, which can allow attackers to tell UPnP to port forward say all your router / modems ports leaving you network totally open and totally vulnerable to the internet and to attackers and UPnP will obey as it has no authentication, so any device inside of your network can just ask UPnP to port forward any port. The better way to port forward is to just do it manually yourself, then you know exactly what ports have been forwarded, as devices could ask for way too many ports to be opened than is needed. Here is information from How-To Geek that helped me, about "Is UPnP a Security Risk?". Also, here is another page from GRC's website that has helped me, it's called "UnPlug n' Pray" and you can use this test to make sure UPnP is disabled on your Windows computers and devices. I would like to add that I have paraphrased some of the wording above using information from How-To Geek's website and possibly from other sources, as I have learned a lot through the years.





I would also recommend that you uninstall Java if it's not needed or if you want it left installed that you choose for it to ask first to allow activation, so you only choose to activate it in your browser if you trust the website that's asking for your permission to activate Java, as Java has lots of security vulnerabilities in it and I do not think a lot of website's are using Java much now anyway.

I would recommend that you uninstall Adobe Flash Player / block sites from running Adobe Flash Player or until support is ceased that you choose for Adobe Flash Player to ask first to allow activation, so you only choose to activate it in your browser if you trust the website that's asking for your permission to activate Adobe Flash Player, as it has lots of security vulnerabilities in it. As Google Chrome will cease to be supported in Google Chrome from 2020 and Adobe Flash Player are also ceasing support for it in 2020. It already has lots of security vulnerabilities in it, but these security vulnerabilities and others found in it's final release will probably never get patched, so it's just a bad idea to keep it installed or to keep using it, seeing as many websites have now moved away from Adobe Flash Player in favour of HTML5. YouTube has moved to HTML5 with their YouTube videos ages ago and as Google Chrome will cease support in 2020 and probably other browsers will follow, there just won't be much use for it anyway and websites will have to move to HTML5 anyway in the end.





I would recommend that you enable all security features in your router / modem, like for an example Asus's AiProtection with their enterprise grade security, as it does help to protect your local network and devices from attacks, but AiProtection at the moment can cause a RAM leak on some Asus router / modems, where the RAM usage keeps increasing until it causes the router / modem to crash / freeze / lock up and depending on the settings you choose it will need to disable NAT acceleration to be able to inspect packets more effectively, which will probably slow down your internet speeds if you have internet speeds of over 100Mbps. Here is a YouTube video called Safer Internet for Your Family and Devices - AiProtection | ASUS. Also, YouTube and other websites can be slow on Chrome, because of an experimental feature that routes QUIC Protocol traffic over UDP for certain websites, this is meant to be more efficient and this is meant to improve performance, YouTube being one of them for videos, etc.

But this experimental feature can either not be packet inspected, logged or reported on correctly by your router / modem's firewall causing a security risk or if it is packet inspected, logged or reported on by your router / modem's firewall like with Asus's AiProtection it can slow the QUIC Protocol traffic flow down to a crawl. So it's best to disable this experimental feature in Chrome by entering into your browser's URL bar "chrome://flags/" and by disabling "Experimental QUIC protocol", then by doing this in whatever else it's enabled in, which may have a different process to disable this experimental feature. But dont block UDP traffic on your router / modem directly or it will stop other things from working like OpenVPN if used on UDP with port forwarding. OpenVPN can create an encrypted tunnel into your local network from wherever you are in the world, this is to make it seem like you are at where your local network is, you can access local IP addresses in your local network remotely all secured over an encrypted VPN tunnel, but it has to be setup with the correct settings to be as secure as possible, etc. Here is more information from Fastvue about how Google’s QUIC protocol impacts network security and reporting. I would like to add that this website taught me some of the QUIC issue information above and I have paraphrased some of the wording above using information from Fastvue's website and possibly from other sources, as I have learned a lot through the years.





OpenVPN is excellent if you want to remote into your local network in a safe and encrypted manner. Opening a port specifically for OpenVPN is safe, as OpenVPN doesn't respond to pings and if OpenVPN is configured in a secure manner and properly firewalled. It can further be protected using tls-crypt, as using an additional tls-crypt security key file will mean that the OpenVPN server will not even respond and will not ask for authentication without it receiving the first tls-crypt security key file, etc. Because quantum computers will be around at some point, it's a good idea to make sure that you use post-quantum cryptography, to be more secure against quantum computers, because they will be able to quickly solve the pre-quantum cryptography. Using post-quantum cryptography is a good idea for lots of different applications, like OpenVPN, OpenSSH, HTTPS encryption with SSL/TLS and SSL certificates, etc.

When I said "Because quantum computers will be around at some point", I meant when they become available to the general public, not just like they are at the moment available to the people building them or available to commercial / governmental entities, etc. And when I said "because they will be able to quickly solve the pre-quantum cryptography.", I meant when they get faster and faster in the future as technology advances. As at the moment the quantum computers that are around can't solve any pre-quantum cryptography, as they are not fast enough at the moment or they are not designed in a way to allow them to do it and when they do become available to general public, if it's anytime soon they probably won't be able to solve all pre-quantum cryptography straight away. This is because they will get faster and faster in the future as technology advances.





I would recommend that you set your router's wireless security encryption to WPA2 if it's available and if it has been vulnerability patched (because WiFi security can have lots of vulnerabilities), WPA2-PSK AES Personal if your a home user or to WPA2 IEEE 802.1X Enterprise if your a business. And even better if WPA3 is available and it has been vulnerability patched (because WiFi security can have lots of vulnerabilities), WPA3-SAE Personal if your a home user or WPA3 IEEE 802.1X Enterprise if your a business, as these provide the highest level of security encryption, if your router supports them. Your device may constantly broadcast its saved networks list of WiFi SSID names that have been saved in your device, I would like to add this is only when your device is probing for a WiFi network to connect to, hence why I said "may constantly". An attacker can pretend to be the open unencrypted WiFi SSID name that's in your device's saved networks list, which means your device will try to connect to their rogue WiFi, because it's using the SSID name that you have connected to using your device in the past and I would like to add that this only works for SSID names that are using open unencrypted WiFi only.

So delete / forget open unencrypted WiFi SSID names from your device's saved networks list after you have finished with your connection to them, turn off WiFi auto connect on open unencrypted WiFi SSID names, so that your device does not try to automatically connect to them and use a VPN (virtual private network) to encrypt your communication even while you are using open WiFi. This YouTube video pointed this out to me with their Bitdefender sponsor section "The Birthday Paradox", this website also provided some information to me, it also has some extra information for you to read "7 Wi-Fi Security Tips: Avoid Being Easy Prey for Hackers" and this website provided some information to me, it has some extra information for you to read "IOS 10 warning: Using a hidden network can expose personally identifiable information".





I would recommend if you are connecting to open unencrypted WiFi that you also use a VPN (virtual private network) like OpenVPN, if you have a fast enough Internet upload speed at your home and if you have a server at your home, then you can install and setup an OpenVPN Server for free, then you can connect to your home's LAN (local area network) when you are out and about, just as if you were at home and all of your data will be encrypted all the way back to your home. Here is my review of OpenVPN, this link will take you to a different location on this page of my website, it takes you to the previous section directly above. I would like to add that when I said "this link will take you to a different location on this page of my website, it takes you to the previous section directly above.", this was the case when this wording was in the section directly above, but now this wording is in this section. So this link will take you to the same previous section, but it's now further up this page of my website instead. But if you do not have a fast enough Internet upload speed at your home and if you do not have a server at your home, then you can pay to use a commercial VPN (virtual private network) and your data will be encrypted all the way to their server(s), a VPN service may be included with one of your security subscription services, etc.





I would also recommend that you check your router's firewall to make sure it's set to its maximum setting and if it's not then set it to its maximum setting, if your router supports it. Also, I would recommend that you set your router's firewall to enable DoS protection and / or DDoS protection, if your router supports it and I would recommend that you disable your router's remote management feature / function, as if the remote management function is enabled your router's login page is accessible by anyone on the internet, if your router supports it.

I would recommend that you change the username and password of your router, if your router supports changing both of them, as it may only support changing the password. This is important because using the default values can be visible physically on some routers, making it easy for someone who is inside of your house to just physically look at your router's username and password or it may even be a default one that's used for every make and / or model of your router. I would recommend that you randomly generate your password using LastPass (which is a free encrypted password manager, that has a premium subscription option if you would like to buy it. I would highly recommend that you do, as it offers multiple benefits for your premium subscription.). Here is the premium subscription benefits of LastPass and here is my review of LastPass, this link will take you to another page on my website. This website also provided some information to me, it also has some extra information for you to read "How to secure your home wireless network (Updated 2020)".

I would recommend that you enable HTTPS encryption in your router and devices, as this will encrypt the login process and data that's transmitted between devices, if your router and devices support it.





I would recommend that you encrypt any data that's personal, I would also recommend that you backup your data whether your data is encrypted or not and that you encrypt any backups, as for an example if an encrypted container gets corrupted you could lose all the data inside of it. Creating an encrypted backup of the encrypted container's volume header is also a good idea to try and prevent you from losing all the data inside of it, in case it gets corrupted you can try and restore its volume header from the encrypted backup. But I would like to add that some countries prohibit the use of encryption / cryptography, so it's a good idea to check your own countries laws on encryption / cryptography. You can check for issues like protected system files data curruption and you can check if protected system files have been replaced by using this command in the CMD command prompt "SFC /SCANNOW". Another way to check for system component store data corruption is by using this command in the CMD command prompt "DISM /Online /Cleanup-Image /ScanHealth" and if there's any system component store data corruption use this command in the CMD command prompt "DISM /Online /Cleanup-Image /RestoreHealth". To check for errors and data corruption on any drive for example a drive formatted in NTFS use this command in the CMD command prompt "CHKDSK C:", replacing C: with your drive's letter, so for an example D: is another drive letter that could be used, if any issues are found run "CHKDSK C: /F", the /F is to fix errors on the drive and again replacing C: with your drive's letter.

I also would recommend that you enable User Account Control (UAC) in Windows if it is not already and if you can put up with the prompts I would also recommend that you change its setting to "Always notify me when:". This is for added security, as it helps to stop malicious programs and apps from running malicious code. It does this by Windows needing your permission before making changes that Windows deems important, suspicious or just needing a higher priviliage, etc.





When you delete files or folders using the recycle bin or using the permanent delete option it doesn't delete them, as it just tells the OS (operating system) to mark the space that the files or folders are occupying as free space, so other files and folders can overwrite the files or folders that you have deleted using the recycle bin or using the permanent delete option, with the exception of SSDs that have TRIM enabled and / or that use TRIM manually, as TRIM tells their garbage collection algorithms to erase the pages in the blocks that fragments of your deleted files are in sooner. But the problem is that this can take a long time for the space of the files or folders that you have deleted using the recycle bin or using the permanent delete option to be overwritten by other files or folders. So the solution is to use a file and folder shredder, that overwrites your files and folders while it is deleting them or after it has deleted them or another solution for hard drives is to wipe their free space, which will make sure that your deleted files and folders are erased.

Also, it may still be a good idea to use a file and folder shredder on an SSD even if the SSD uses TRIM, but it could for an SSD prove to not wipe the file and / or folder and to just cause extra writes for no reason. As do understand that if the file or folder being deleted is large that it will cause lots of writes on an SSD by it overwriting a large file or folder many times, because SSDs only allow a certain number of writes per block before they cannot write to that block anymore, this will cause premature wearing of the SSDs. The good news for the longevity of SSDs is that they normally will do what is called wear levelling, which causes them to write to different blocks instead of to the same blocks each time, but this is what can cause problems in trying to securely erase files and / or folders, because fragments of the files and / or folders can be spread across multiple blocks. TRIM and garbage collection on SSDs should also be aware when deleting files and / or folders of what pages in what blocks have been written to due to wear levelling, so they should be able to mark all the fragments of data in the pages of the blocks for erasure.





SSDs can only write to blocks once the data in the pages in the blocks has been erased first, so by using TRIM it makes sure that anything that has been deleted is actually marked for erasure, so that the garbage collection algorythm can erase the data in those pages in those blocks. This makes writing faster as when an SSD is writing data to a page in a block that has been marked as free space, but that still contains data in it due to the fragments it contains being deleted, but not actually erased yet, these pages in these blocks don't need to be erased before writing to them anymore, so it speeds up writing. Also, the deleted data in those pages in those blocks doesn't need to be moved around to be written to other blocks, when the garbage collection algorythm has to save some pages in a block that has undeleted data in them. So TRIM saves the SSD from performing unnecessary writes of deleted data to new pages in new blocks and so TRIM just marks the pages in the blocks for erasure that contain fragments of data that has been deleted, but not erased yet.

But encrypting an SSD is a better way, as then it doesn't matter if files and / or folders are not securely deleted, because even the free space of an SSD will be encrypted. It's best to choose a minimum of 7 passes to overwrite your files and folders that you want to delete. I would recommend a program called Eraser, as it's open source meaning it can't have any backdoors or coding to circumvent the overwriting process and if you use this program with 7 or above passes to overwrite your files and folders that you delete they are gone forever on a hard drive, there will be no way for anyone to recover them. But remember for an SSD to achieve this it will need to be using TRIM and its garbage collection to erases each page in each block that wear levelling has used for storing fragments of files and folders.





If a drive has bad sectors, then it cannot erase the data stored in the bad sectors, so I would recommend that you also check your drive for bad sectors, so that you know if there is any bad sectors that some data might still remain on your drive in those bad sectors. I would also recommend that you run drive tests and smart tests on your drives, which is a good practice to follow regularly anyway to check the health of your drives. This video from "Vsauce" on YouTube got me thinking about bad sectors when erasing data "Where Do Deleted Files Go". I am sorry when I originally linked to this video, as I had linked to this video but it had been re-uploaded by someone else. Good job I double checked this video that I had linked to, as I had missed this issue, because obviously I want people to watch the original video from "Vsauce" on YouTube. But it was only on my website for a short amount of time anyway.





When I was much younger before I knew to use all of these programs, apps, settings and this knowledge I had a takeover caused by a virus or viruses, malware and / or spyware, etc. As it was so long ago I cannot fully remember how it happened or what was installed in the form of protection at the time, I think there was just an old version of Norton 360 installed which was new at the time, but I don't think it was properly set up for the highest protection, which you can do in the settings now. And over the years I like anyone have had detections caused by a virus and / or viruses, malware and / or spyware, etc. I am not going to lie and say that I have not, but the difference is while using all of these programs, apps, settings and this knowledge is that they don't takeover, because they get detected, stopped and if they are on your computer and / or device they get removed. The reason I left this wording out was because I thought it would be too hard and / or too messy and / or too lengthy to explain, etc. But in the end I have explained it now.

I could not list every security vulnerability there has ever been or every new security vulnerability and how to deal with each one, as there is just too many too list. So I have chosen to include a few major security vulnerabilities and how to protect yourself from them and how to protect yourself in general as well.

I could not list every update there ever has been or every new update and if each one is safe to install or not. So I have chosen to provide general advice on how to protect yourself from bad updates and how to block bad updates.

I would also like to add that I may have duplicated some of the wording that is on this page.





This knowledge was obtained from many sources over a long period of time typed in my own words and parts of this knowledge was copied from many sources and pasted into this page, edited by me (I would like to add when I said edited by me, I meant paraphrased by me), all to help you secure your computers and devices, but that's part of what life is about accumulating knowledge. This page can be modified at any moment, so check back regularly to see the modified version.




This page was last modified on January 01, 2021


  • Privacy Policy
  • Cookie Policy

Author Ryan Dewsbury