Computers Security Knowledge

I would recommend that you buy and install real-time security software, to protect continuously from viruses, malware, spyware and other online threats, etc. I would recommend Norton Security, this link lists the features of Norton Security and Norton 360, as it utilizes one of the largest global civilian intelligence networks to spot threats faster and it is the number 1 ranked consumer security software for overall protection and performance. You can purchase protection for up to 10 devices, it has anti-virus with advanced machine learning, anti-malware and anti-spyware, multiple layers of protection and artificial intelligence, an intelligent smart firewall, auto protect, intrusion prevention, proactive exploit protection which protects your computers from exploits that take advantage of vulnerabilities in software and your computer's operating system and file insight which provides reputation information on software files gathered from their global network. Also, it has SONAR protection which protects you against malicious code, even before virus definitions are available through LiveUpdate, so that means it proactively detects unknown security risks on your computer. Additionally, it has SafeWeb which shields you from bad websites which includes malware, phishing & scam websites, etc. Finally, it has Safe Surfing, Norton Tamper Protection, browser protection, download intelligence, Norton Power Eraser, it blocks ransomware and it now has Online Banking Protection, which means Norton's servers connect to the banking website for you safely encrypted and you remotely connect into Norton's servers encrypted inside of your browser to browse the banking website, etc.

Now a new Norton 360 has been released, it replaces Norton Security and it has extra features included like Norton Secure VPN and SafeCam which protects your computers webcam from being accessed without your permission. In the USA extra features are included, as Norton LifeLock is included as well. But remember to turn off auto renewal, as it's charged at a much higher price than if you were to buy it at retail price. I think that Norton Security, Norton 360 and Norton Mobile Security and Antivirus are the most protective real-time antivirus products in the world, this is backed up by actual test results that have been performed on lots of the main antivirus products and Norton came out on top with their Norton Security and Norton 360, but Bitdefender Total Security did come in at a close second.

Your Norton Security and / or Norton 360 subscription also gives you access to their app counterpart on mobile devices, which can be used with your Norton Security product license key. The app is called Norton Mobile Security and Antivirus, this link lists the features of Norton Mobile Security and Antivirus and it is the most advanced mobile security for Android in the world. It has anti-virus, anti-malware, which now includes protection against trojans and ransomware and it has Norton Safe Search. Also, it has App Advisor powered by Norton Mobile Insight, which automatically checks apps on the Google Play Store before you download them for potential privacy risks, unusual/intrusive behaviour, high battery and data usage, etc. Finally, it has Norton SafeWeb filtering protection to shield you from fraudulent websites that are designed to steal your personal information and money, the ability to block unwanted calls and text messages, contacts backup, privacy report and Link Guard, the LinkGuard feature and its name has now been removed from the user interface, but you will now get the same link protection benefit from the Web Protection feature, etc. LinkGuard well now the Web Protection feature scans any link you go on via emails and text messages to make sure it is safe, if it's not safe then it will be automatically blocked. Surveilance app protection has been added to the anti-malware feature to help protect your privacy and security by letting you know if an app is sharing your device's location, contacts, photos or messages without your authorisation.

Here is its page on the Google Play Store Norton Mobile Security and Antivirus and here is a page on Norton's website to download the Norton Mobile Security and Antivirus app, if the Norton Mobile Security and Antivirus app is missing from the Google Play Store.

I would recommend that you install free, non real-time security software, to perform extra scans, to block bad websites and even more with things like immunisation, prevention and protection, which can protect your computers and browser programs against things like spyware, malware, adware, browser hijackers and dialers, etc. You can't have two real-time security programs running at the same time as they will interfere with each other. So I would recommend Malwarebytes free - this is a direct download link it does come with a free pro trial included, but don't say yes to that because if you do it will become a real-time security program. I would also recommend Spybot - Search & Destroy, SpywareBlaster, Norton Power Eraser, Malwarebytes AdwCleaner and Kaspersky TDSSKiller. NPE (Norton Power Eraser) is included with Norton Security, but you can download it as a standalone program as well. This means you can install all these non real-time security programs for free and they will not interfere with each other, as you will only have one real-time security program running. Another good free scanning program is the Microsoft Windows Malicious Software Removal Tool by running its executable file at this location "C:\Windows\System32\MRT.exe".

Norton Power Eraser uses aggressive methods to detect threats, and there's a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files. Also, you should carefully review any security program's scan results page before removing files, as there can be false positives, as for an example a legitimate program / app can use rootkit methods to hide its data from the user or a legitimate program / app in the access control list (ACL) can not have its admin username, that it lists as the owner of a file or folder that it uses, etc.

SpywareBlaster will cause Google Chrome to say "Managed by your organisation", but it's of no concern because it's just SpywareBlaster creating policies in Google Chrome to protect it. You can check this for yourself by putting this into your URL bar and by searching for it "chrome://policy/", it will say these two policies "CookiesBlockedForUrls" and "JavaScriptBlockedForUrls" if you have enabled both of these protection features for Google Chrome in SpywareBlaster. If you notice any polices that are managing Google Chrome that shouldn't be, then it's probably a good idea to clear and / or refresh your policies, to run "Clean up computer" in Google Chrome to find and remove any harmful software on your computer and maybe it would be a good idea then to "Reset settings to their original defaults" in Google Chrome, this is if there are any policies that are managing Google Chrome that shouldn't be.

The two exceptions to running more than one real-time security program one exception being Android can have more than one real-time security app running at one time without them interfering with each other, so for more features and for extra security use two real-time security apps on Android, especially if you get Bitdefender Mobile Security & Antivirus included in the yearly subscription fee of the Bitdefender Box 2 listed below (Norton Mobile Security and Antivirus, Norton Security has been proven in tests to be the best at protecting your computers and devices and Bitdefender Mobile Security & Antivirus, Bitdefender Total Security came out near the top in tests as well) and the other exception being NoVirusThanks OSArmour, it's a real-time security program, but it doesn't interfere with your other real-time security program, because it just adds an additional layer of defense. This is wording from the manufacturer's website "Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. Also, this tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via vssadmin.exe, it blocks processes with double file extensions (i.e invoice.pdf.exe), it blocks USB-spreading malware, and much more. It is lightweight, zero-configuration and runs in the background protecting your system.".

And this is a direct quote from the manufacturer's website "This smart security application focuses on preventing a malware infection by applying smart and intelligent rules that block bad processes behaviors. This tool can block threats not detected by your installed security solution. Add to your system an additional layer of defense to prevent infections by malware and ransomware! You don't have to configure anything, just install it and forget about it. We have already added more than 60 smart policies to improve your system security with this security application.". It blocks processes from running that are not meant to be run, it blocks remote scripts from running, it monitors and protects a wide range of programs and apps including MS Office apps, it blocks USB malware from running, it blocks processes that have command line strings commonly related to malware, it blocks execution of processes with .COM or .PIF, which are obsolete file extensions, it protect shadow copies of files from being deleted, it's very lightweight only using a few MBs of memory, etc.

But I have had one instance where I have had to temporarily disable NoVirusThanks OSArmour, which you can use in its settings. As with my custom strict settings that I have implemented in NoVirusThanks OSArmour, it was interfering with the installation process with one program that I was installing. So if you get a popup saying that NoVirusThanks OSArmour has blocked something and if the program and / or game that you are installing has issues, then uninstall the program and / or game, then temporarily disable (for a period of time that you choose) or disable using the normal disable button both in NoVirusThanks OSArmour and then reinstall the program and / or game and it should work correctly now. Then re-enable NoVirusThanks OSArmour, so that you continue to receive its protection.

Certain security, privacy and other features are not enabled or disabled or set to the correct values by default in browsers, so for Google Chrome go to chrome://flags and for Firefox go to about:config, etc. Here are some features that you should enable in Google Chrome, some of these features are only available on certain platforms: "Anonymize local IPs exposed by WebRTC.", "Smooth Scrolling", "Site Isolation For Password Sites", "Strict site isolation", "TLS 1.3 hardening for local anchors", "TLS Post-Quantum Confidentiality", "Prefetch request properties are updated to be privacy-preserving", "Parallel downloading", "Mark non-secure origins as non-secure", "Treat risky downloads over insecure connections as active mixed content", "Detect target embedding domains as lookalikes.", "Strict-Origin-Isolation", "Privacy Settings Redesign", "Show security warnings for sites using legacy TLS versions", "Heavy Ad Intervention", "Heavy ad privacy mitigations", "Enforce deprecation of legacy TLS versions" and "Rework password change flow". And here are some features that you should disable in Google Chrome, some of these features are only available on certain platforms: "Enables an experiment for Related Searches on Android" and "Experimental QUIC protocol". Also, here are some features that you should enable or change the values of in Firefox, some of these features are only available on certain platforms: "security.tls.version.min", set it to 3 (which means it won't allow connection to websites that use a TLS version below 1.2), "privacy.firstparty.isolate", set it to true and "privacy.firstparty.isolate.block_post_message", set it to true.

I have changed the above to reflect new Chrome flags that have been added or new Chrome flags that I have noticed and to reflect removed Chrome flags, etc. And it's a good idea to make sure the privacy and security settings are set correctly in the browser(s) that you use like in Google Chrome and Firefox, etc.

I would recommend that you install these browsers addons for security, for privacy and to block advertisements, etc. They are Norton Safe Web (which is a website grading scanner, a link scanner and which also includes banking protection. It's part of Norton Security and Norton 360.), Bitdefender Traffic Light (which is another website grading scanner, but it's free and part of what it does is it "Checks every web page you access for threats, phishing and fraud attempts.".) AdblockPlus (which is a brilliant free ad blocker) and LastPass (which is a free encrypted password manager, that has a premium subscription option if you would like to buy it. I would highly recommend that you do, as it offers multiple benefits for your premium subscription.). Here is the premium subscription benefits of LastPass and here is my review of LastPass, this link will take you to another page on my website.

When the Bitdefender Traffic Light free addon is installed, make sure if you have the Norton Safe Web addon installed to turn off "Search Advisor" which "Checks the search results to warn against dangerous web pages before you access them.". This is because in a browser's search results say in Google, it will take the place of Norton Safe Web's search suggestions, which gives you a website grading next to the websites in the search results before you go on a website. So if you want the Norton Safe Web suggestions instead of Bitdefender Traffic Light's search suggestions, then do the above. But if you still want the protection of Bitdefender Traffic Light, make sure to keep turned on in Bitdefender Traffic Light, "Web Protection" which "Checks every web page you access for threats, phishing and fraud attempts.".

I would recommend that you also scan files, websites, IP addresses, domains and file hashes using VirusTotal, to determine if they are safe or not. By visiting the VirusTotal website and by using their services for free.

Buying and installing a UTM (unified threat management) device is a good idea, some can either replace your router or some can either work along side your router, etc. So if it replaces your router, but you have a combined router / modem then put your router / modem into modem only mode and the UTM device will then become your router or double NAT, double firewall and have your router / modem still in router / modem mode with its DHCP server disabled, but also have a UTM device acting as a router and DHCP server as well. But the idea is that they constantly monitor your network, computers and devices for threats even devices that can not have security software installed on them, like for an example Bitdefender Box 2 does with Brute Force Protection (where it will protect from an attacker trying to brute force passwords and trying to brute force into your network, computers and devices), with Sensitive Data Protection (where it ensures no sensitive data like credit cards, usernames and passwords, personal information and location data is sent unencrypted because it will block the information being sent in that case), with Anomaly Detection (where it monitors your network, computers and devices and it learns how they normally operate and if they deviate from how they normally operate it will warn you), with Exploit Prevention (where it prevents attackers from using exploits that are present in network, computers and devices), with Vulnerability Assessment (where if a device that has vulnerabilities connects to your network it will warn you of this) and with Safe Browsing (where it will block malicious URLs, so this will help even further to block phishing and online fraud).

Also, with Advanced Parental Control (where it can filter out content that's inappropriate for children, it can warn you if attempts to access blocked websites, it can warn you of attempts to access blocked apps, it can warn you of a call or text from a blocked/unknown phone number, it can allow with the press of a button in the Bitdefender Parental Control Mobile app the sending of a arrived safe message instead of having to call or text to say / send it, it can protect your children's safety like from cyberbullying (only available until August 1, 2020) and online predators (only available until August 1, 2020), it can track where your children are, it can set zones that are restricted to give you warnings when those zones are entered and it can manage when your kids have access to the internet at home. But some of these require the Bitdefender Parental Control app or one of the Bitdefender security apps to be installed on your computers and devices). You can find out more about Bitdefender Box 2 here.

Some UTM devices come with subscriptions to real time security programs, but Norton Security has been proven in tests to be the best at protecting your computers and devices and some UTM devices will slow down your internet speed if you have a fast internet connection, say over 200 Mbps. Most UTM devices require a paid subscription, but having a paid subscription will usually offer more protection and will usually be updated more often. For home users I would recommend Bitdefender Box 2, as it has got great protection features, as it doesn't slow down your internet connection, as it's fast, as it auto updates itself to keep ahead of identified vulnerabilties, as it's sold at a great price for the features offered and for the inclusion of 1 years worth of subscription in the price, as it has got a pretty good yearly renewal price for the features offered, as it has scored pretty good in reviews and as it has also got pretty good customer reviews, etc. As within the price of the yearly subscription you also get access to the Bitdefender security programs and apps, which provides lots of other benefits, including but not limited to Anti-Theft, App Lock, Malware Scanner, Web Protection, Account Privacy (which keeps a check on if your email addresses have been in a data breach) and a VPN that for each device provides 200MB per day that has no logging of your activites and that has no looking into your encrypted data, etc.

It can have a few installation issues, but once it's installed it runs fine and it's well worth a bit of your time to secure your network. There can be a few false positives, but it's better to have false positives than false negatives, so in the app it gives you an option to allow what has been blocked, but make sure you check that it's really something that you want to allow and make sure that it's a false positive first before you allow. If the app does not show some of your devices, it could be because if you have a wireless bridge network device that serves clients, the Bitdefender Box 2 might just see the wireless bridge network device and not the clients behind it or it may be that you have deleted the network devices from the list either by accident or on purpose and the devices do not show back up, even after changing the devices IP address because it's MAC address probably does not change or the final thing it could be is that it makes a mistake and doesn't detect the devices MAC address even if the device's IP address is changed and it could be a combination of all of these things. And if you do not want to use its WiFi you can disable its WiFi, say if you already have a device or devices that provide WiFi that you would like to continue to use instead. But there is an issue and / or a bug in its firmware where if you disable its main WiFi then its LAN IP address range setting can get changed back to its default automatic IP address range setting instead of your custom LAN IP address range setting, if you have set a custom LAN IP address range setting. There is a way that I know of to counteract this by enabling its guest WiFi before disabling its main WiFi and if you don't want to use its guest WiFi, then you can disable its guest WiFi.

I would also recommend that you install Norton Halt exploit defender app on Android for free, as it is a first responder app designed to warn you about and scan for the latest security vulnerabilities and exploits that threaten your device and personal information. This includes the Krack, Bluebourne, Spectre and Magellan security vulnerabilities, etc. As these security vulnerabilities and exploits allow attackers to bypass system permissions, inject malicious code and install unauthorized apps, etc. This app has been discontinued and has been taken off the Google Play store on the 3rd of March 2020.

I would recommend that you set your DNS to CleanBrowsing DNS for free, as it will protect your computers and devices from bad websites, including malware, phishing & scam websites, etc. As it checks every website before you go on it to make sure it is safe and if it is not safe then it will be automatically blocked. They do not log any of your data, they are fast and they score very high on tests. Also, they can block adult sites, explicit, other unsafe content and mixed adult content, etc. Additionally, they can enforce Safe Mode on Google, Bing and YouTube and they can block proxy and VPN domains that are used to bypass the filters, etc. Finally, all these additional filter options you can choose whether to use them or not, but all the filter options include protection for malware, phishing and scam websites, etc. This it to keep you safe with this first layer of protection for your network.

I would also recommend that you install AdGuard for free on Android, as it creates a local VPN (virtual private network) connection to itself and Adguard's servers can not see your data, AdGuard blocks ads, tracking, annoyances and spyware websites, etc. Also, it can connect you to your DNS encrypted via HTTPS, via TLS 1.3 which one of the things it does is to encrypt the website that you are visiting server's security certificate, it's faster and it suppports more mordern security ciphers with perfect forward secrecy and via DNSSEC which validates that the DNS server is who they say they are as well, if your DNS supports it, which prevents spoofing attacks (an attacker redirecting you to a different website without your knowledge, instead of sending you to the website that you requested, by pretending to be the DNS server(s) that you use), man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested and pretending to be the DNS server(s) that you use) and encrypted DNS makes it harder for your ISP to know what websites you have been visiting.

When visiting HTTPS websites your ISP can only see what website you are on, not what page you are on, but with an encrypted DNS your ISP can only see what IP address you have been sent to and as multiple websites can be hosted by a single IP address that's why it makes it much harder for your ISP to know what websites you have been visiting. If you are not visiting HTTPS websites, then your ISP can see what page you are on as well as all the data being transmitted to and from the websites, even with your DNS encrypted and your SNI encrypted. This is due to the websites themselves not transmitting encrypted data. When I said "but with an encrypted DNS your ISP can only see what IP address you have been sent to", I was not including SNI, as with SNI (Server Name Indication) your ISP can still tell what websites you have been sent to because they can see the domain names of the websites. But thankfully encryption for that is now possible due to TLS 1.3, so SNI will soon be encrypted as well. And then when I said "as multiple websites can be hosted by a single IP address that's why it makes it much harder for your ISP to know what websites you have been visiting.", this is also true for encrypted SNI. Sometimes blocking solutions can block legitamate useful things like for an example cookie banners, that inform you of what cookies are, that inform you of what cookies are used by a website, that let you choose what cookies are used and so things that use those cookies are allowed to run if you choose to allow those cookies. For Android, other operating systems and other computers and devices, there are other free blocking solutions for ads, tracking, annoyances, malware and spyware websites, etc. Like Adblock Plus which have extensions for most of the main browsers including Google Chrome and Firefox, etc. Finally, for Android, other operating systems and other computers and devices, there are other free solutions for encrypted DNS and for encrypted VPN.

Always remember before doing any update that it's best to check the reviews and / or comments for the update in question, but really it's only worth doing every time if it's an update to an operating system for a critical machine, to a critical piece of software or to a critical app, etc. As you can usually revert back to a previous update version if there is trouble, this is fine if it's an update to nothing that's really important, but it's not fine if it's to an operating system for a critical machine, if it's to a critical piece of software or if it's to a critical app, etc. Because any downtime could either be costly, could take time to fix or could possibly be dangerous to life, etc.

If not done automatically I would recommend that you always check for new Windows updates manually and that you then choose whether to install important Windows updates. Also, it is a good idea if supported to check for new optional Windows updates manually and to choose which optional Windows updates to install if any, this is so you can get the latest Windows security patches and updates. Like for an example the Windows security patch to block WannaCry ransomware and the Windows security patch to protect against the Meltdown CPU flaw. Additionally, to resolve general Windows issues and bugs, and to access new Windows and software features if supported. But even though optional Windows updates are validated and production quality, they can contain bugs and those bugs could harm your computers, devices and files, etc. So be careful, as if in doubt just wait for the main Windows update releases and the optional Windows updates will dissapear.

I would recommend that you upgrade to the latest version of Windows 10, as Windows 7 SP1 in 2020 is now unsupported. As mainstream support has ended on the 13th of January 2015 and as extended support has ended on the 14th of January 2020. There will be no new features or Windows security patches & security updates added to Windows 7 SP1. Also, Windows 10 is better anyway because Windows 10 is faster, as it has a faster boot time, faster USB 3.0 speeds, it is more stable, it is more secure, it has new features with more new features to come and Windows 10 will be supported for more years, etc. You can fully stop Microsoft and other companies from collecting your data by disabling telemetry and data collection, so just search Google for Windows 10 disable telemetry and data collection or search Google for (the company in question) disable telemetry and data collection. And you can enable random hardware addresses by going to settings, then to Network & Internet, then to WiFi and by enabling the option, this is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy, this setting applies to new connections.

I would also recommend that you go to settings, then to privacy and that you disable all the settings that are a privacy risk and that could be used to track you in Windows 10. Additionally, you can make Windows Update become manual again by turning on the setting in Windows 10 called metered connection for WiFi or Ethernet connections. You can prevent specific windows updates from being installed using the Microsoft "Show or hide updates" troubleshooter package, which can be downloaded direct from Microsoft. But you first you will need to make sure Windows updates are not paused before using the Microsoft "Show or hide updates" troubleshooter package to hide or show WIndows updates, then afterwards if you have enabled the metered connection setting (to let you choose when to download Windows updates) and if the Windows update(s) you want to hide is/are still sitting ready to download or if after you have shown the Windows update(s) you had originally hidden, other Windows update(s) are still sitting ready to download, you will need to pause and un-pause Windows updates, as this will refresh the Windows updates download list, so the Windows update(s) that you have hidden will not be downloaded or so that the Windows update(s) that you have originally hidden but now shown can be download. Doing it this way ensures all other Windows updates can still be downloaded and installed that you want, so your computers and devices are still kept as up-to-date with Windows updates that you want. You can uninstall troublesome Windows updates easily by doing so after they have been installed, but do not uninstall an update before you have rebooted your computer first if it asks you to do so, because it can cause Windows to fail to boot, this is due to Windows needing to install the update properly before you uninstall it.

Also, all this can be done even in Windows 10 Home Edition and you can permanently disable the Windows update service in services.msc to disable all Windows updates, if disabled I would recommend that you enable the Windows update service again when the bad Windows updates have been corrected by new Windows updates. Finally, you can now defer major feature Windows updates for up to 365 days, you can now defer quality Windows updates for up to 30 days and you can pause all Windows updates for 7 days.

Always remember to scan archive files before you open and / or extract them, e.g. RAR and ZIP files, etc. This is because they could contain viruses, malware or spyware, etc. And by opening and / or extracting them before scanning them there is a chance that those files could be extracted into the temporary folder. Also, only download from websites that you trust, especially when you are directly downloading EXE (executable files), as they could contain viruses, malware or spyware, etc. But if you do forget to do this like I do sometimes, don't worry, this is because Norton Security and Norton 360 have Auto-Protect which will automatically detect when viruses, malware and spyware, etc. Are extracted and it will quarantine them automatically, but don't rely on that, as it's not fool proof, as nothing really is, that's why you have to be very smart about how you protect your computers and devices and that's why you and I have to keep always remembering to continue to do the best that we can when securing our computers and devices. Finally, if you are downloading and installing apps remember to scan them, to check what permissions they require, to check if they are sharing your personal data anywhere and to check for any unusual/intrusive behaviour, etc. You can do all these things even before you download an app with the App Advisor for Google Play Store feature in Norton Security and Antivirus, or if you are downloading apps (APK) files directly you can view the apps permissions before you install, you can scan the apps before you install and if you are using Norton Security and Antivirus it can scan the apps after you install them as well.

Once the security programs are installed and set-up remember to keep them up-to-date. Also, remember to keep your browsers and other programs up-to-date as well. Because doing all this will mean your security in those programs is up-to-date.

Always remember when installing programs to select a custom install vs selecting an automated install, this is so you can de-select any optional extras that you don't want and / or need to be installed, as these could be Adware and / or just things that you don't want and / or need to be installed, etc.

The bad news is there are CPU security flaws that have been identified on virtually everyone's CPU's that have been manufactured in the last 20 years, they are called Meltdown and Spectre which have many different variants. This is for Intel, AMD and ARM CPU's, etc. Spectre essentially gets programs and / or your systems to perform unnecessary operations - this leaks data that should stay confidential, where as Meltdown also grabs information - but essentially it simply snoops on memory used by programs and / or your systems in a way that would not normally be possible. The good news is you can protect against the Meltdown and Spectre CPU security flaws and you can do this by updating and keeping up-to-date your browsers, GPU drivers, system monitoring/management programs, Google programs and apps, etc. All to receive security update patches. But most importantly by updating your operating system and your BIOS / CPU microcode frmware, to receive security update patches as well.

Microsoft have already released a Meltdown security update patch for Windows operating systems, it protects Intel CPU's only, as AMD CPU's are immune to this CPU security flaw. The Microsoft security update patch will only install if your real-time security software is up-to-date and if it has been patched to work with the Microsoft Meltdown security update patch. All the major Linux operating system distributions already have Meltdown security update patches and they protect Intel and ARM CPU's. Nvidia have already released a Spectre security update patch for their GPU drivers. Google have already released a Meltdown/Spectre security update patch for Android and ChromeOS, it protects Intel and ARM CPU's. But for Android (which is mostly just affected by Spectre) it will be up to each manufacturer to distribute these security update patches. Apple have already released a Meltdown/Spectre security update patch for iOS, macOS, tvOS, macOS Sierra, OS X El Capitan and macOS High Sierra, it protects Intel and ARM CPU's of Apple's.

Intel have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it and it can also be downloaded from Intel directly for Linux, but now they have started manufacturing CPUs that contain hardware protection for Spectre and Meltdown, as they contain hardware fixes. Also each manufacturer should distribute these security update patches as well. AMD have released a Spectre security update patch for the different CPU microcode firmware versions, Microsoft have distributed it. Also each manufacturer should distribute these security update patches as well. Firefox have already released a Meltdown/Spectre security update patch for their browser. Microsoft have already released a Meltdown/Spectre security update patch for their Microsoft Edge and Internet Explorer browsers. Google have released a Meltdown/Spectre security update patch for their Chrome browser. Finally, Apple have also already released a Meltdown/Spectre security update patch for their Safari browser. And the list goes on.

Make sure your Security is up-to-date, don't click/tap on suspicious links, don't go on suspicious websites, don't download suspicious programs / apps, only download from credible sources and always scan files before extracting and / or installing them. As if you have a secure system then nothing can use the Spectre and Meltdown CPU security flaws before you have fully patched them, because they require malicious code to be running on your system for these CPU security flaws to be acted upon. Also, if your programs are up-to-date and if they have security update patches they will protect against these CPU security flaws even more, as there will be even less of a chance they can be acted upon by malicious code before you have fully patched them. But always remember to apply security update patches as soon as they are released.

Always check before entering personal information into a website that it is HTTPS secured, which means between you and the website's servers communication is encrypted and it is only readable by you and the website's servers. Also it means you are protected against man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested), etc.

It's a good idea to check if your emails are sent using TLS standard encryption or not, as some email providers send your emails unencrypted allowing anyone along the line to read the contents of your emails.

On Android starting from Android 8 onwards you can enable randomised MAC addresses by going to settings, then to connections, then to Wi-Fi and by enabling this option when you connect to a new WiFi network or by enabling this option in the settings of an already connected WiFi network. You can enable a setting in the developer options to cause this setting to be the default choice when connecting to new WiFi networks even using Android 9. Even better news is that starting from Android 10 this option has been made the default choice when connecting to new WiFi networks. This setting is to make it harder for people to track your location when you connect to different WiFi networks and this is to prevent listeners from using MAC addresses to build a history of device activity, thus increasing user privacy.

You can test your browsers to see if they checking for revoked HTTPS certificates on websites using GRC's "HTTPS Certificate Revocation Awareness Test". If they are, that means if a website revokes it's HTTPS certificate you will not be able to access a website that uses that HTTPS certificate. This is so a website can not trick you into thinking that it's the website listed on the HTTPS certificate, but If your browsers don't check for revoked HTTPS certificates on websites, that means if a website revokes it's HTTPS certificate you will be able to access a website that uses that HTTPS certificate, so a website could trick you into thinking that it's the website listed on the HTTPS certificate when it's not. A website could have been made to look like the website listed on the HTTPS certificate. They would have had to have compromised the HTTPS certificate itself to gain access to it, that's why the website listed on the HTTPS certificate would have revoked it to prevent it from being used by anyone else.

You can obtain Perfect Passwords using GRC's "Ultra High Security Password Generator", they are 63-64 characters long and each one is completely random with a GRC guarantee that no similar passwords will ever be produced again. Their page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection. Also, their page is custom generated each time just for you so it will not be cached by the GRC website servers or be visible to anyone else. So the password it generates is private. These passwords use a massive 512 bits of security, so they are perfect for a wireless security password, etc. Finally, if you don't like entering the long password into each device manually, just use WPS Push Button connect or a device's WPS client randomly-generated security personal identification number (PIN) that you enter into your router, both ways can be used to connect your devices to your router and they save time if your router supports it. The other way would be to just copy and paste the long router password into your device if your device supports it.

You can use GRC's "Interactive Brute Force Password Calculator" to check and see how long it would take to find your password if an attacker had to try every possible combination, as if you don't use passwords with dictionary words in them an attacker has to find your password using brute force by trying every possible combination. Also, the passwords you enter are only locally temporarily stored in your browser, they never leave your browser and that means the GRC website servers do not know the passwords you enter, so your passwords are still private. Additionally, choose strong passwords that are different for each online account, especially for your email accounts, as this will limit the impact if one password gets compromised. Use a combination of numbers, symbols, and upper and lower case letters, make sure your new passwords are a minimum of 10 characters, create different passwords for every login for better security and avoid storing passwords in your browser to help avoid password leaks. Finally, by creating different strong passwords for each online account, you will help to maintain your privacy and prevent attackers from hacking your online accounts.

Choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. I would also recommend that you choose to turn off in the Android security settings the "Make passwords visible" option, this is because it will show the last number and / or letter as you type, this could be your lockscreen PIN / password, so it can be a security risk. But do not use fingerprint or face authentication, as they have been proven to have security vulnerabilities that can be exploited. I would like to add, that using fingerprint authentication is acceptable on Windows with LastPass, as LastPass doesn't support PIN authentication on Windows, so your potentially very long LastPass master password would have to be entered in each time you login without using fingerprint authentication, but to make it more secure you can use double two-factor authentication by having fingerprint login and then having it request a second two-factor authentication method after.

For the Windows 10 lockscreen I would recommend that you enable these settings by using these commands in the CMD command prompt "net accounts /lockoutthreshold:5", replacing 5 with the number of times a wrong password has to be entered to trigger the lockout. Then "net accounts /lockoutduration:30", replacing 30 with the duration of time that you have to wait when the number of wrong passwords has been entered that has triggered the lockout. Finally, "net accounts /lockoutwindow:30", replacing 30 with duration of time that you have to wait before the wrong passwords count will be reset to 0 without triggering the lockout. So with the above commands an attacker would have to wait 30 minutes if tried 5 passwords or would have to wait the same 30 minutes if tried less than 5 passwords, this slows down to a crawl the brute force attack speed where an attacker tries every possible combination until they find your password. Like the LastPass encrypted password manager does with their customisable iterations count, which make it harder and more time consuming to the attacker to brute force your master password. Here is information from Microsoft about the "Account Lockout Policy", here is information about "How to Change Account Lockout Duration for Local Accounts in Windows 10" and here is infromation about the "Net accounts command".

If you are in a data breach and you have to change your passwords, by only using one password for each online account it will definitely limit the impact if one of your passwords is leaked to the public and by using randomly generated passwords that are stored in an encrypted password manager's vault, it's so easy to just generate a new randomly generated password with an encrypted password manager. Also, you can check if you have been in a data breach by visiting Have I Been Pwned.

Enable two-factor authentication in all your accounts that support it, this will add an extra layer of security to your accounts, so when you want to sign in it will ask you to enter your password and it will also send you a temporary random code each time to either your email address or to your phone number via a call or a text or it will generate one in an app like the Google Authenticator app or on a physical hardware key that you will have to plug in each time, etc. Google account's two factor authentication will popup a yes or no prompt on signed in devices, to ask whether or not to allow the new device to sign into your Google account. If you have got the choice of which two-factor authentication to use, then I would recommend that you choose TOTP which is time-based one-time password to generate one in an app like the Google Authenticator app, etc. But remember to enable if possible brute force protection on the TOTP two-factor authentication method and remember to choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. Here are pages about TOTP, here and here, etc. It will ask you to enter this extra code in or to press yes on a signed in device after you enter your username and password, as an additional level of security. Also, this will protect your accounts if your passwords get leaked in a data breach and this will give you time to change your passwords.

You can use GRC's "DNS (Domain Name Server) Spoofability Test" to check the spoofability protection of the DNS server(s) you use. As when you visit a website the DNS provider you use has already worked to get you to that website. This is because they have located and identified that website by using that website's domain name to match it to its IP adress. Because it's a lot easier to remember a website's domain name instead of its IP address. Spoofability is where an attacker redirects you to a false website even when you have typed in the correct domain name of that website. So that's why spoofability protection is so important, as it prevents an attacker from being able to redirect you to a false website without your knowledge.

I would recommend that you disable your router's built-in static WPS PIN, as it is short and can easily be found by an attacker. You can do this in your router's advanced wireless settings, if your router supports it. Also, you will still be able to use WPS because your router still allows WPS Push Button Connect and it still allows the randomly-generated WPS PIN of your device to be entered into your router, if your router supports it.

I would recommend that you disable uPnP in your router / modem and devices, as uPnP basically automatically port forwards ports in your router / modems firewall, this in itself is a bad idea, as it may decide to port forward a bunch of ports leaving your network open and vulnerable to an attack. But it's even worse than that, as there's so many vulnerabilities in uPnP itself, which can allow attackers to tell uPnP to port forward say all your router / modems ports leaving you network totally open and totally vulnerable to the internet and to attackers and uPnP will obey as it has no authentication, so any device inside of your network can just ask uPnP to port forward any port. The better way to port forward is to just do it manually yourself, then you know exactly what ports have been forwarded, as devices could ask for way too many ports to be opened than is needed.

I would also recommend that you uninstall Java if it's not needed or if you want it left installed that you choose for it to ask first to allow activation, so you only choose to activate it in your browser if you trust the website that's asking for your permission to activate Java, as Java has lots of security vulnerabilities in it and I do not think a lot of website's are using Java much now anyway.

I would recommend that you uninstall Adobe Flash Player / block sites from running Adobe Flash Player or until support is ceased that you choose for Adobe Flash Player to ask first to allow activation, so you only choose to activate it in your browser if you trust the website that's asking for your permission to activate Adobe Flash Player, as it has lots of security vulnerabilities in it. As Google Chrome will cease to be supported in Google Chrome from 2020 and Adobe Flash Player are also ceasing support for it in 2020. It already has lots of security vulnerabilities in it, but these security vulnerabilities and others found in it's final release will probably never get patched, so it's just a bad idea to keep it installed or to keep using it, seeing as many websites have now moved away from Adobe Flash Player in favour of HTML5. YouTube has moved to HTML5 with their YouTube videos ages ago and as Google Chrome will cease support in 2020 and probably other browsers will follow, there just won't be much use for it anyway and websites will have to move to HTML5 anyway in the end.

I would recommend that you enable all security features in your router / modem, like for an example Asus's AiProtection with their enterprise grade security, as it does help to protect your local network and devices from attacks, but AiProtection at the moment can cause a RAM leak on some Asus router / modems, where the RAM usage keeps increasing until it causes the router / modem to crash / freeze / lock up and depending on the settings you choose it will need to disable NAT acceleration to be able to inspect packets more effectively, which will probably slow down your internet speeds if you have internet speeds of over 100Mbps. Here is a YouTube video called Safer Internet for Your Family and Devices - AiProtection | ASUS. Also, YouTube and other websites can be slow on Chrome, because of an experimental feature that routes QUIC Protocol traffic over UDP for certain websites, this is meant to be more efficient and this is meant to improve performance, YouTube being one of them for videos, etc.

But this experimental feature can either not be packet inspected, logged or reported on correctly by your router / modem's firewall causing a security risk or if it is packet inspected, logged or reported on by your router / modem's firewall like with Asus's AiProtection it can slow the QUIC Protocol traffic flow down to a crawl. So it's best to disable this experimental feature in Chrome by entering into your browser's URL bar "chrome://flags/" and by disabling "Experimental QUIC protocol", then by doing this in whatever else it's enabled in, which may have a different process to disable this experimental feature. But dont block UDP traffic on your router / modem directly or it will stop other things from working like OpenVPN if used on UDP with port forwarding. OpenVPN can create an encrypted tunnel into your local network from wherever you are in the world, this is to make it seem like you are at where your local network is, you can access local IP addresses in your local network remotely all secured over an encrypted VPN tunnel, but it has to be setup with the correct settings to be as secure as possible, etc. Here is more information from Fastvue about how Google’s QUIC protocol impacts network security and reporting.

OpenVPN is excellent if you want to remote into your local network in a safe and encrypted manner. Opening a port specifically for OpenVPN is safe, as OpenVPN doesn't respond to pings and if OpenVPN is configured in a secure manner and properly firewalled. It can further be protected using tls-crypt, as using an additional tls-crypt security key file will mean that the OpenVPN server will not even respond and will not ask for authentication without it receiving the first tls-crypt security key file, etc. Because quantum computers will be around at some point, it's a good idea to make sure that you use post-quantum cryptography, to be more secure against quantum computers, because they will be able to quickly solve the pre-quantum cryptography. Using post-quantum cryptography is a good idea for lots of different applications, like OpenVPN, OpenSSH, HTTPS encryption with SSL/TLS and SSL certificates, etc.

When I said "Because quantum computers will be around at some point", I meant when they become availiable to the general public, not just like they are at the moment available to the people building them or availiable to commercial / governmental entities, etc. And when I said "because they will be able to quickly solve the pre-quantum cryptography.", I meant when they get faster and faster in the future as technology advances. As at the moment the quantum computers that are around can't solve any pre-quantum cryptography, as they are not fast enough at the moment or they are not designed in a way to allow them to do it and when they do become available to general public, if it's anytime soon they probably won't be able to solve all pre-quantum cryptography straight away. This is because they will get faster and faster in the future as technology advances.

I would recommend that you set your router's wireless security encryption to WPA2 if it's availiable and if it has been vulnerability patched (because WiFi security can have lots of vulnerabilities), WPA2-PSK AES Personal if your a home user or to WPA2 IEEE 802.1X Enterprise if your a business. And even better if WPA3 is available and it has been vulnerability patched (because WiFi security can have lots of vulnerabilities), WPA3-SAE Personal if your a home user or WPA3 IEEE 802.1X Enterprise if your a business, as these provide the highest level of security encryption, if your router supports them.

I would recommend that you enable HTTPS encryption in your router and devices, as this will encrypt the login process and data that's transmitted between devices, if your router and devices support it.

I would also recommend that you check your router's firewall to make sure it's set to its maximum setting and if it's not then set it to its maximum setting, if your router supports it. Also, I would recommend that you set your router's firewall to enable DoS protection and / or DDoS protection, if your router supports it and I would recommend that you disable your router's remote management feature / function, as if the remote management function is enabled your router's login page is accessible by anyone on the internet, if your router supports it.

I would recommend that you encrypt any data that's personal, I would also recommend that you backup your data whether your data is encrypted or not and that you encrypt any backups, as for an example if an encrypted container gets corrupted you could lose all the data inside of it. Creating an encrypted backup of the encrypted container's volume header is also a good idea to try and prevent you from losing all the data inside of it, in case it gets corrupted you can try and restore its volume header from the encrypted backup. You can check for issues like protected system files data curruption and you can check if protected system files have been replaced by using this command in the CMD command prompt "SFC /SCANNOW". Another way to check for system component store data corruption is by using this command in the CMD command prompt "DISM /Online /Cleanup-Image /ScanHealth" and if there's any system component store data corruption use this command in the CMD command prompt "DISM /Online /Cleanup-Image /RestoreHealth". To check for errors and data corruption on any drive for example a drive formatted in NTFS use this command in the CMD command prompt "CHKDSK C:", replacing C: with your drive's letter, so for an example D: is another drive letter that could be used, if any issues are found run "CHKDSK C: /F", the /F is to fix errors on the drive and again replacing C: with your drive's letter.

I also would recommend that you enable User Account Control (UAC) in Windows if it is not already and if you can put up with the prompts I would also recommend that you change its setting to "Always notify me when:". This is for added security, as it helps to stop malicious programs and apps from running malicious code. It does this by Windows needing your permission before making changes that Windows deems important, suspicious or just needing a higher priviliage, etc.

When you delete files or folders using the recycle bin or using the permanent delete option it doesn't delete them, as it just tells the OS (operating system) to mark the space that the files or folders are occupying as free space, so other files and folders can overwrite the files or folders that you have deleted using the recycle bin or using the permanent delete option, with the exception of SSDs that have TRIM enabled and / or that use TRIM manually, as TRIM tells their garbage collection algorithms to erase the pages in the blocks that fragments of your deleted files are in sooner. But the problem is that this can take a long time for the space of the files or folders that you have deleted using the recycle bin or using the permanent delete option to be overwritten by other files or folders. So the solution is to use a file and folder shredder, that overwrites your files and folders while it is deleting them or after it has deleted them or another solution for hard drives is to wipe their free space, which will make sure that your deleted files and folders are erased.

Also, it may still be a good idea to use a file and folder shredder on an SSD even if the SSD uses TRIM, but it could for an SSD prove to not wipe the file and / or folder and to just cause extra writes for no reason. As do understand that if the file or folder being deleted is large that it will cause lots of writes on an SSD by it overwriting a large file or folder many times, because SSDs only allow a certain number of writes per block before they cannot write to that block anymore, this will cause premature wearing of the SSDs. The good news for the longevity of SSDs is that they normally will do what is called wear levelling, which causes them to write to different blocks instead of to the same blocks each time, but this is what can cause problems in trying to securely erase files and / or folders, because fragments of the files and / or folders can be spread across multiple blocks. TRIM and garbage collection on SSDs should also be aware when deleting files and / or folders of what pages in what blocks have been written to due to wear levelling, so they should be able to mark all the fragments of data in the pages of the blocks for erasure.

SSDs can only write to blocks once the data in the pages in the blocks has been erased first, so by using TRIM it makes sure that anything that has been deleted is actually marked for erasure, so that the garbage collection algorythm can erase the data in those pages in those blocks. This makes writing faster as when an SSD is writing data to a page in a block that has been marked as free space, but that still contains data in it due to the fragments it contains being deleted, but not actually erased yet, these pages in these blocks don't need to be erased before writing to them anymore, so it speeds up writing. Also, the deleted data in those pages in those blocks doesn't need to be moved around to be written to other blocks, when the garbage collection algorythm has to save some pages in a block that has undeleted data in them. So TRIM saves the SSD from performing unnecessary writes of deleted data to new pages in new blocks and so TRIM just marks the pages in the blocks for erasure that contain fragments of data that has been deleted, but not erased yet.

But encrypting an SSD is a better way, as then it doesn't matter if files and / or folders are not securely deleted, because even the free space of an SSD will be encrypted. It's best to choose a minimum of 7 passes to overwrite your files and folders that you want to delete. I would recommend a program called Eraser, as it's open source meaning it can't have any backdoors or coding to circumvent the overwriting process and if you use this program with 7 or above passes to overwrite your files and folders that you delete they are gone forever on a hard drive, there will be no way for anyone to recover them. But remember for an SSD to achieve this it will need to be using TRIM and its garbage collection to erases each page in each block that wear levelling has used for storing fragments of files and folders.

When I was much younger before I knew to use all of these programs, apps, settings and this knowledge I had a takeover caused by a virus or viruses, malware and / or spyware, etc. As it was so long ago I cannot fully remember how it happened or what was installed in the form of protection at the time, I think there was just an old version of Norton 360 installed which was new at the time, but I don't think it was properly set up for the highest protection, which you can do in the settings now. And over the years I like anyone have had detections caused by a virus and / or viruses, malware and / or spyware, etc. I am not going to lie and say that I have not, but the difference is while using all of these programs, apps, settings and this knowledge is that they don't takeover, because they get detected, stopped and if they are on your computer and / or device they get removed. The reason I left this wording out was because I thought it would be too hard and / or too messy and / or too lengthy to explain, etc. But in the end I have explained it now.

I could not list every security vulnerability there has ever been or every new security vulnerability and how to deal with each one, as there is just too many too list. So I have chosen to include a few major security vulnerabilities and how to protect yourself from them and how to protect yourself in general as well.

I could not list every update there ever has been or every new update and if each one is safe to install or not. So I have chosen to provide general advice on how to protect yourself from bad updates and how to block bad updates.

Here you can learn how to secure your computers and devices, with more knowledge to come.