Guide Internet Security: Explained

Last edited:
SECTION 1: UPDATES

Updates are a crucial component of staying safe online. You should always try to have the latest stable version of any kind of software you are using. Emphasis is placed on your operating system as well as your browser.

A lot of people groan and postpone updates until absolutely forced. This is a bad habit to get into. By pushing away updates, you expose yourself to security holes. Updates can fix these security holes and provide other user enhancements and functionality.

In my practice, I usually set aside a half hour or so on every weekend to perform maintenance on all of my PCs. This involves checking for updates on pieces of software as well as my operating system.

Additionally, Microsoft always pushes out operating system updates on every other Tuesday of the month, so you can always be prepared to grab them.
 
Last edited:
SECTION 2: ANTIVIRUS

While much more simplified now with Windows 10's automatic inclusion of Windows Defender, having an antivirus client on your PC is absolutely necessary. Actually, Windows Defender is pretty skimpy in and of itself, so it's recommended to grab other anti-malware/spyware applications in addition to it.

Antivirus clients will periodically scan your PC and monitor activity to make sure nothing seems out of place or malicious. In tandem with the previous section, always make sure that your antivirus client has the latest database definitions so you can be sure that the newest threats are caught by the system.

Though to clarify the last statement in the first paragraph, one should never have multiple antivirus suites running concurrently with one another. More often than not, they'll raise false-positives on one another and generally hog a lot of system resources.

Also, as another tip, NEVER think that you should have to PAY for a service designed to keep you safe. Remember, COMMON SENSE is your first firewall on the Internet. A free application + good Internet surfing skills should protect you in 95% of cases.

Personally, I employ Malwarebytes in addition to Microsoft's built in Windows Defender. It's always good to have an extra line of defense in place.

SECTION 2.1: BLOCKING UTILITIES

While surfing the web, a common way that malicious individuals compromise the security of PCs is through annoying adverts on websites. For example, when trying to download a program, there may be several "download" buttons, and all of them may look differently in an effort to get you to click on them.

In order to circumvent this, most browsers offer an extension called Adblock. You can download this from the respective "addon" store for your browser. It'll block all intrusive advertising. This is another line of defense against Internet baddies who wish to prey on unsuspecting users with appealing/confusing/intriguing advertising.

Just as a note... never never never install McAfee or Norton. Just saying. Don't.
 
Last edited:
SECTION 3: PASSWORD SECURITY

Perhaps the hugest category of Internet security deals with passwords. Passwords are usually the only thing barring access to a user's account on the Internet. It's becoming common practice to have websites impose password requirements on its users in order to promote better password-setting habits.

General guidelines are as follows. Your password should:
  • NEVER be personally identifiable
  • NEVER contain words in the dictionary
  • NEVER be written down anywhere
  • ALWAYS use a mixture of capital/lowercase letters, numbers, and special characters
  • ALWAYS be at least 8+ characters in length
  • ALWAYS be easy to remember, but hard for others to guess
Some malicious individuals may use brute-forcing techniques or a dictionary attack to repeatedly try different combinations of characters in order to crack a user's password. Therefore, by using a variety of letters, numbers, and other characters, one can greatly reduce the chances of a password being cracked.

Just for fun, you can use this website to see how long it would take a typical desktop computer to crack your password (NO PASSWORDS ARE LOGGED OR PUBLISHED ON THE INTERNET): https://howsecureismypassword.net/

One recommendation is to use some sort of password manager, like LastPass. LastPass enables you to save all of your passwords in an encrypted location and auto-fill them into username/password fields on your favorite websites. This way, one can set a very complicated password but remembering it won't be an issue - it'll be saved in LastPass.

Another recommendation is to use Two-Factor Authentication (2FA) on your account. In addition to a password, some 2FA systems may send a text message to an account holder's phone or email with a special code to enter in to be granted access to their account. Not all websites support this, but if the option is available, take it.
 
Last edited:
SECTION 4: PHISHING & SCAMS

Phishing scams typically come in the form of disguised email messages that either have a spoofed sender or that appear to come from a legitimate source. They usually send you to a look-a-like website that intends to trick you into visiting it or entering in your actual information.

Things to look for:
  • Hover over links to see where they actually go to before visiting it.
  • Look for subtle differences in the attached URL. For example, prntscr.com is a legitimate site, but prtnscr.com is NOT.
  • Check out the domain of the sender's email address (the piece after the @ sign) to see if it matches up with the legitimate service's site.
  • If you've NEVER signed up for a particular service/website and you receive an email from them, the message likely isn't real.
  • Shoddy image editing/fake looking logos
  • Lack of an SSL certificate (SSL certificates basically show that a website's connection is encrypted and that any information sent through it cannot be seen by anyone else. A website that has an SSL certificate will have https:// at the beginning of its address and show up "green" in the address bar).
  • Email attachments (usually files that end in .zip) from senders you do not trust/do not know
AND, if for ANY reason you feel uncomfortable about a situation, go with your gut. The first rule of Internet security is ALWAYS to NEVER proceed somewhere if you hesitate even if for a second.

Phishing can even occur in a real life setting as well. Sometimes scammers based in India will call about potential "problems" on your computer. Their end goal is always to sell you some sort of "support" package worth hundreds of dollars that, in actuality, will do NOTHING. In the process, all of your personal information is handed over to them - so say goodbye to your bank account balance.

Here's a good example of this happening to an experienced tech:

View: https://www.youtube.com/watch?v=GVQoAlQrnSg
 
Last edited:
SECTION 5: TYPES OF MALWARE & ATTACKS

Malicious individuals employ many styles of attacks in order to prey on unwary, unsuspecting users. Usually these attacks aim to compromise or alter some form of your PC's software, though other attacks can actually use the Internet as a service itself to disable/cripple entire networks.

Below I'll detail the broad categories of malware that can occur on a PC system:

Virus
  • Viruses are infectious files that are capable of copying themselves over and over and can spread to other computers. They can attach themselves to programs and can spread throughout a network. They can also be used to steal information and allow advertisements to appear.

Worm
  • Worms are like viruses in that they can spread across multiple PCs on the same network. They usually hog network bandwidth. Additionally, they can steal data and delete files. The most important characteristic is that they can self-replicate - they don't need a host file to attach to.

Trojan Horse
  • Trojans are programs that look normal and disguise themselves as an actual legitimate piece of software. These are able to give remote access to a user's computer, keylog, and modify files - all without a user's permission.

Adware
  • While generally harmless, adware includes pop-up ads that are very intrusive and disrupt the user. Most adware is usually intended solely for advertising, but sometimes it can come bundled with other nasties that can track user activity and steal information.

Spyware
  • Spyware does what it sounds like - it spies on users. They collect keystrokes, harvest data, and can even modify security settings of your browser. It spreads by exploiting software vulnerabilities and can even attach itself to legitimate software or Trojans.

Ransomware
  • Perhaps the deadliest and most crippling form of malware is ransomware. This is a form of malware that basically holds a PC hostage. It encrypts a PC's entire hard drive and usually nags the user to pay a fee in order to release the encryption or get a decryption key. Ransomware can easily spread to multiple computers on a network, causing chaos within enterprise environments.

Rootkit
  • Rootkits are created with the intent to remotely access or control a computer without being detected by antivirus or the user. The malicious individual can steal files, execute scripts, or add the PC to a botnet. Detecting rootkits is difficult as they usually are able to evade most forms of antivirus software.

In addition to malware, there are also several forms of network-based attacks you need to be aware of:

Eavesdropping
  • Generally speaking, much of the activity that occurs on the Internet is in an unsecured or "plain text" format. Those who are able to gain access to your activity can see everything you are doing without any deterrence. This is why encryption is so emphasized - by scrambling/hashing data, attackers cannot gather sensitive information.

Man-in-the-Middle Attack (MITM)
  • A MITM attack occurs when someone between you and the person you are communicating with actively monitors, captures, and controls your communication. They can alter where data is sent. Essentially, it's like someone is assuming your identity without your knowledge.

Distributed Denial of Service Attack (DDoS)
  • Perhaps the most widely used type of attack - DDoS attacks take on many forms, but they all share several characteristics. DDoS attacks aim to cripple a network by overflowing it with requests, causing it to crash or load slowly (hence the name Denial of Service). It's important to keep your public IP safe for this reason - attackers can literally flood your network and cause you to temporarily lose Internet access altogether.

SECTION 5.1: HOW TO HANDLE A COMPROMISED SYSTEM
(Added 8/13/16)

If you're seeing a bunch of popups, your system has been drastically slowed down, or you fear that someone might be maliciously accessing your account, chances are you have been the victim of one or more of the above categories of malware.

The first step in handling this situation is to REMAIN CALM. Try your best to retain your composure. Depending on the type of malware you have contracted, most scenarios aren't very serious. However, more severe infections may seem very intimidating and contain graphics/sounds that are intended to scare you. Do not lose your cool.

Some infections are able to control what kinds of files are opened, such as your antivirus. If this is the case, you may need to boot into Safe Mode (Windows and Mac) in order to proceed with the cleanup of your system. This is rare, but the following steps should apply to most, if not all scenarios.

  1. Open up your antivirus and run a scan. As stated in a previous post, make sure your virus database definitions are up-to-date and that you have the latest version of your antivirus. As stated before, I recommend using Malwarebytes for this.
  2. Let the scan run. You should see the numbers of the detected suspicious files and malware. Once the scan completes, depending on what antivirus you have, hit "quarantine" or "delete" on all of the files that were found.
  3. You may need to scan several times in order for your antivirus to find all of the files. Restart your PC. Open up Task Manager and look at your CPU and disk usage to see if it's back to normal idle levels (malware has a tendency to really hog system resources).
  4. As a "cleanup" last step, download CCleaner and run a scan on your system to remove any junk files that might have been left behind. Also go into the Registry cleaner and run a scan on that as well.
Remember that these steps might not work for the worst incidents of malware infection. Sometimes your only option to regain access to your PC (like in the event of ransomware) is to re-image/factory restore your PC. Be sure to keep backups of important user data in this case.

_______________

@Shamus The Brute has also asked me to cover the subject of keyloggers. A keylogger is a form of malware that can read every single key you press on your keyboard. Everything that you type is sent over the Internet to the attacker. The intent of this type of malware is to steal usernames, passwords, credit card info, and other sensitive information that you may type in.

If you notice that you receive "suspicious log in activity" emails from websites you use, or notice that your account shows activity that was not made by you, chances are you may have become victim to a keylogger (assuming you are following all of the password guidelines in one of my previous posts).

Here are steps to take if you think you have a keylogger on your system:
  1. Run a scan with your antivirus program of choice or Malwarebytes. The keylogger should come up as a detected object. From there, you can blast it right out of the water.
  2. Even though the keylogger is now gone from your system, data has already been sent to the malicious individual on the other side. Change ALL of your passwords. If you made any online purchases using your credit card, ask that your card be deactivated and that you receive a new card.
Things you can do to prevent further incidents of keyloggers grabbing information from your system:
  • Copy and paste sensitive information from a text document (obviously not accessible to other users on your PC). To the keylogger, all that will be sent over is a CTRL+C and a CTRL+V.
  • Use a password manager, like LastPass. LastPass automatically fills in login details - no keyboard activity is required.
_______________

Another thing I also want to cover is what to do in the event that a malicious individual has somehow grabbed your public IP off of the Internet and is now DDoSing you.

Some ISPs may distribute a new IP upon rebooting your modem. Take note of your old public IP (using something like https://www.whatismyip.com/) and simply unplug your modem for a few seconds and plug it back in. Refresh that webpage and check to see if it changed.

If not, you may need to call your ISP and tell them what is going on. They may be able to manually change your IP address.

If your ISP has no control over IP distribution, the last option is to spoof your router's MAC address (not your modem's - your ISP uses your modem's MAC address to ensure you are actually a customer). While this is technical and some users might not feel comfortable doing this, it is a surefire way to trigger an IP change (since some ISPs tie the router's MAC to a specific public IP). I won't detail how to do this process here, but you can search elsewhere on the Internet for a guide.
 
Last edited:
SECTION 6: FINAL THOUGHTS

The above is the best comprehensive guide I was able to drum up from both my personal experience as well as my work experience in the field of IT. I'll periodically update the guide to include more information.

If anyone has any questions, feel free to ask. I'm always here to lend advice or offer up suggestions on what to do/buy/not do, etc.

Remember: always go with your gut. Don't share sensitive data, have a strong password, and be cognizant of the different types of methods malicious individuals can use to take advantage of you. Do your research, stay updated (both knowledge-wise and software-wise), and most importantly, use common sense!
 
Last edited:

Mark Scurvyfox

Not sunset...Sundown! And rise... up!
Moderator
Very informative article John!

I have one question! What is your opinion about remaining secure on unsupported operating systems? Some of my friends are still using operating systems such as Windows XP or Windows 8 (non 8.1) in which Microsoft ceased security patch updates long time ago. I mean apart from common sense which is always good to have, should they really dare to take the pludge and upgrade?
 
Very informative article John!

I have one question! What is your opinion about remaining secure on unsupported operating systems? Some of my friends are still using operating systems such as Windows XP or Windows 8 (non 8.1) in which Microsoft ceased security patch updates long time ago. I mean apart from common sense which is always good to have, should they really dare to take the pludge and upgrade?
My answer will always be yes, take the upgrade if it is offered. People who write viruses and such will always target the stragglers who are still using old, outdated OSes. Each day that goes by, more and more security holes are found and Microsoft is doing nothing to patch them. Of course, the machine that is still running WinXP is not suitable to run Win10 due to legacy hardware. I'd recommend your friends get a brand new PC with Win10 installed, or if they are running Win8, take the upgrade to Win10 (assuming that's still a thing - I think Microsoft stopped doing that at the end of July).
 
S

Shamus The Brute

@John Foulroberts - When you have time, would you mind educating people also on awareness made pertinent to the danger of Key Logger RAT's? (Said tactic has been used readily online in the past by certain individuals affiliated with both the ex-POTCO and ex-TTO communities).

Also (if ye don't mind), what can gamers do if they suspect they have been RAT'd. Thank you. ;)
 

Mark Scurvyfox

Not sunset...Sundown! And rise... up!
Moderator
People who write viruses and such will always target the stragglers who are still using old, outdated OSes. Each day that goes by, more and more security holes are found and Microsoft is doing nothing to patch them.
Here's the catch. My friends claim that a combination of a strong antivirus, a good anti-malware and a firewall alternative to Windows Firewall gives them the overall security control they need to stay protected. Of course if we were to compare Windows XP and Windows 8 regarding security, Windows 8 blows XP off which is over a decade old. Like you have said, common sense and a little bit of Internet surfing skills could save from trouble. So here it is me wondering, how a good security protection (AV+AM+Firewall) is not able to keep up with the security holes you referred? And I am wondering, how would one define security holes?
 
Here's the catch. My friends claim that a combination of a strong antivirus, a good anti-malware and a firewall alternative to Windows Firewall gives them the overall security control they need to stay protected. Of course if we were to compare Windows XP and Windows 8 regarding security, Windows 8 blows XP off which is over a decade old. Like you have said, common sense and a little bit of Internet surfing skills could save from trouble. So here it is me wondering, how a good security protection (AV+AM+Firewall) is not able to keep up with the security holes you referred? And I am wondering, how would one define security holes?
While it is true that a good AV and firewall will defend against most threats (no AV is perfect by any means), the fact that many pieces of software have discontinued support for Windows XP introduces a bunch of security exploits. For example, Google Chrome only supports Windows XP up to version 49. We're on version 52 now. XP machines are at an update wall - they're vulnerable to any exploits that are application-specific.

Here's an article from the Newegg blog which illustrates some of the same points: https://blog.neweggbusiness.com/news/10-reasons-upgrade-windows-xp-2015/

@John Foulroberts - When you have time, would you mind educating people also on awareness made pertinent to the danger of Key Logger RAT's? (Said tactic has been used readily online in the past by certain individuals affiliated with both the ex-POTCO and ex-TTO communities).

Also (if ye don't mind), what can gamers do if they suspect they have been RAT'd. Thank you. ;)
Certainly! I'll likely make it into a sub-section of the "Malware & Attacks" section - maybe a "What to do if your PC is compromised in some manner" type of thing.
 

Mark Prowfish

Swashbuckler
Hey John, I've been considering using/purchasing the application 1password for a while now. What are your thoughts and/or guidance on using an application like this for password management?
 
Hey John, I've been considering using/purchasing the application 1password for a while now. What are your thoughts and/or guidance on using an application like this for password management?
That looks like a pretty good password manager - better than LastPass since you can actually link your phone to it (though if you pay for LastPass you can get that functionality). If you are going to use a password manager, you can now use very extensive passwords without having to remember them. My recommendation is to set all of your passwords to a very long base64 password. You can literally type in some gibberish and take the outputted base64 from this site http://www.motobit.com/util/base64-decoder-encoder.asp to have an extremely safe password.
 
Top