Malware and Other Bad Stuff

Your Computer is Always at Risk
of Becoming Infected

Malware (viruses, worms, trojan horses, ransomware, spyware, adware, scareware, rootkits, phishing, keyloggers, bots) and other malicious programs are constantly evolving and becoming harder to detect and remove. Only the most sophisticated anti-malware products and techniques can detect and remove these malicious programs from your computer.  Below are some recommendations for Windows.

Basic Malware Protection:

  • Ensure only one antivirus is installed. Free versions are usually adequate.
    (Avast, AVG, Panda Cloud, Avira, etc.)
  • Ensure only one firewall is activated.
    (Windows comes with its own firewall)
  • Install Malwarebytes Anti-Malware.
    (Does not usually conflict with antivirus products)
  • Extensions to consider adding to your browser:
    Adblocker: uBlock Origin
    Website safety indicator: Web of Trust
    Tracking blocker: Privacy Badger

    Force HTTPS if available: HTTPS Everywhere
    Website URL or link scanner: VirusTotal
  • Do your regular computer activities on a non-administrative user account.
    (Variously referred to as Standard User, Local User, Limited User account.)

Read up on the workings of your security software.

Malwarebytes Anti-Malware combines powerful new technologies built to seek out, destroy, and prevent malware infections.  Malwarebytes Anti-Malware is an easy-to-use anti-malware application available in both a Free and Premium version. The Free version is well-known for its detection and removal capabilities, and the Premium version uses advanced protection technologies to proactively stop malware infections. Malwarebytes Anti-Exploit is now part of the Premium version. Additionally, Malwarebytes offers a host of extra utilities as well as an approachable forum community to help you combat any piece of malware that exists in the wild.  A top malware remover.  Download

What’s the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)
Windows 10 won’t hassle you to install an antivirus as Windows 7 did. Since Windows 8, Windows now includes a built-in free antivirus called Windows Defender. But is it really the best for protecting your PC–or even just good enough?  Read_More

AV-Comparatives provides unbiased tests of security software
AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises.
If you plan to buy an antivirus, visit the vendor’s site and evaluate their software by downloading a trial version, as there are many other features of an antivirus that you should evaluate for yourself. Even if quite important, the data provided in the test reports on this site are just some aspects that you should consider when evaluating antivirus software.

Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves
People often think of computer security as something technical and complicated. And when you get into the nitty-gritty, it can be—but the most important stuff is actually very simple. Here are the basic, important things you should do to make yourself safer online.  Read_More

Tips, Tools, and How-tos for Safer Online Communications
We’re the Electronic Frontier Foundation, an independent non-profit working to protect online privacy for nearly thirty years. This is Surveillance Self-Defense: our expert guide to protecting you and your friends from online spying.  Read_More

How to Remove Your Personal Information from the Internet
If you’ve ever searched for someone on the web, what you usually end up finding is data gleaned from publicly accessible information. Websites that have this data, like phone numbers, addresses, land records, marriage records, death records, criminal history, etc., have collected and consolidated it from dozens of various places and put it in one convenient hub. Several services will remove your personal information for a fee, which is a time-saver, but you can do it yourself for free.

The lazy person’s guide to cybersecurity: minimum effort for maximum protection
Lazy cybersecurity should not apply to devices used to store sensitive data, conduct financial transactions, or communicate confidential or proprietary information. Lazy security is a good way to protect those who prefer to do nothing rather than be overwhelmed by 50-somethings, but it shouldn’t have severe consequences if it goes wrong.  Read_More

How to set up end-to-end encryption for your e-mails in Mozilla’s Thunderbird
In recent years, companies have been implementing various levels of encryption within their apps and services. ProtonMail offers encryption between its mail users, WhatsApp has encryption turned on by default, and Facebook Messenger lets you flip to more secure chats if you would like. While not the most straightforward to set up, Mozilla has tightly integrated PGP into its e-mail client Thunderbird, so you can encrypt e-mails, no matter your provider.

How to use two-factor authentication without a phone
Two-factor authentication is a powerful security feature that improves the security of online accounts significantly when set up. It will be replaced with passkeys eventually, but this is not going to happen overnight. Two-factor authentication adds a second security layer to the sign-in process. Users receive or generate a code, which they enter on the site or in the app.

Enumeration risks in password managers – not a good look
What’s a user account enumeration risk? Simply put, we speak of a user (account) enumeration risk when a website or application leaks whether a particular user has an account. That’s about enough for now to understand the problem, but if you want to learn a bit more about user account enumeration, I suggest you read this short post first.

How to block ads like a pro – part one
In part one of this series, we had a look at a few reasons why you should be blocking online advertisements on your network and devices. From malvertising attacks and privacy-invading tracking systems to just being an outright annoyance, online ads and trackers are a nuisance that provides an attack vector for malware authors, compromise user security, and plainly, diminish the browsing experience.  Read_More

The Freeware Download Sites That Don’t Force Crapware On You, 5/11/16
Most freeware download sites still use shady tactics, unfortunately, cramming their own installers full of unwanted software and misleading advertisements down your throat in order to make a buck. A few sites have started cleaning up their act.  Read_More

A Full Review of SUMo, a Free Software Update Monitor, by Tim Fisher
SUMo is a free software update monitor that finds more outdated software than any other updater tool I’ve ever used, but it does have some major drawbacks.  Read_More

The iVerify app will tell you if your iPhone has been hacked
It will also give you a wide array of tips, tricks, and tweaks to harden your security, improve privacy, and make your iPhone extremely hard for hackers to attack.  Read_More

How to lock down your Microsoft Account and keep it safe from outside attackers
You can get a Microsoft Account for free, but that doesn’t begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders.  Read_More

How to Improve Your Privacy and Security Online
This is for people who use their phones and computers for work and in their personal lives every single day and who want to reduce the chances that those devices and the accounts used by those devices will be compromised.  Read_More

Don’t Give Away Historic Details About Yourself
Social media sites are littered with innocuous little quizzes, games, and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.  Read_More

Plant Your Flag, Mark Your Territory
Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data . . . . The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.  Read_More

The only secure password is the one you can’t remember
Do you always create unique passwords such that you never use the same one twice? Ever? Do your passwords always use different character types such as uppercase and lowercase letters, numbers, and punctuation? Are they “strong”? If you can’t answer “yes” to both these questions, you’ve got yourself a problem.  Read_More

Better than the best password: How to use 2FA to improve your security
Want to avoid having your online accounts hacked? Enable two-factor authentication, a crucial security measure that requires an extra step when signing in to high-value services. In this post, I explain how to set up 2FA and which accounts to focus on first.  Read_More

FBI recommends passphrases over password complexity
For more than a decade now, security experts have had discussions about what’s the best way of choosing passwords for online accounts. There’s one camp that argues for password complexity by adding numbers, uppercase letters, and special characters, and then there’s the other camp, arguing for password length by making passwords longer.  Read_More

How to Check if Your Password Has Been Stolen
Many websites have leaked passwords. Attackers can download databases of usernames and passwords and use them to “hack” your accounts. This is why you shouldn’t reuse passwords for important websites because a leak by one site can give attackers everything they need to sign into other accounts.  Read_More

Hiding on a Wi-Fi network
The main point of this blog is that the encryption of data sent over the air is not the be-all and end-all of Wi-Fi security. Hiding on the network is just as important. Hiding means that your computer/phone/tablet is not visible to the other devices/people on the same network. Not even a highly skilled bad guy can hack into a device they cannot see.

How to protect your computer from malicious crypto mining
Noticing that your computer is running slow? While sometimes a telltale sign of infection, these days that seems doubly true. And the reason is malicious crypto mining. So, what, exactly, is it? We’ll tell you how bad this latest malware phenomenon is for you and your computer, plus what you can do about it.  Read_More

Tech Support Scams – Help & Resource Page
Tech support scams are a million-dollar industry and have been around since 2008. Every single day, innocent people are tricked into spending hundreds of dollars on non-existent computer problems. You can use this report as a go-to resource when you need it.  Read_More

Inside an International Tech-Support Scam
by Doug Shadel and Neil Wertheimer, AARP, April 1, 2021
How a computer hacker infiltrated a phone scam operation – exposing fraudsters and their schemes.  Read_More

The Ultimate Security Vulnerability Datasource
“CVE Details” provides an easy-to-use web interface to view CVE vulnerability data. You can browse for vendors, products, and versions and view CVE entries, vulnerabilities, related to them. You can view statistics about vendors, products, and versions of products.  Read_More

Recycle Your Phone, Sure, But Maybe Not Your Number
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. This means losing control over one thanks to a divorce, job termination or budgetary crisis can be devastating.  Read_More

Don’t Use Your Antivirus’ Browser Extensions:
They Can Actually Make You Less Safe
Most antivirus programs–or “security suites”, as they call themselves–want you to install their browser extensions. They promise these toolbars will help keep you safe online, but they usually just exist to make the company some money. Worse yet, these extensions are often hideously vulnerable to attack.  Read_More

Browser AutoFill Feature Can Leak Your Personal Information
Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this entire process faster, Google Chrome and other major browsers offer an “Autofill” feature that automatically fills out web form based on data you have previously entered in similar fields. However, it turns out that an attacker can use this autofill feature against you and trick you into spilling your private information to hackers or malicious third parties.  Read_More

No More Ransom: A Step Towards Eliminating Ransomware
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files, then offers a way to get it back – you pay for a digital key to unlock your files, which you may or may not receive. The No More Ransom Project offers infected users the chance to get their data back using their free tools.

Frequent password changes can be counterproductive
Researchers said if people must change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change them in some small way, producing a new password. Hampering attackers only minimally and not enough to offset the inconvenience to end-users.  Read_More

Seven tips for securing the Internet of Things
If you ignore the cool-sounding name, an IoT device is really just another computer, but one where you don’t have much say in what software runs on it, or whether it can be patched properly, or even secured at all.  Read_More

 Antivirus is Dead: Long Live Antivirus
An article in The Wall Street Journal this week quoted executives from antivirus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.  Read_More

CryptoLocker Ransomware Information Guide and FAQ
There is a lot of incorrect and dangerous information floating around about CryptoLocker.  This guide is from, one of the first support sites to try helping users who are infected with this infection.  Read_More

Botnets: What are They, and How can You Protect Your Computer
Botnets are armies of computers that have been compromised by online criminals, usually without the knowledge of the real owner, and remotely commanded to steal information, send spam, spread malware, or launch distributed denial-of-service (DDoS) attacks.  Read_More

The Start-to-Finish Guide to Securing Your Cloud Storage
Whether your files are stored on Dropbox, iCloud, or Mega, they could do with a little more security. It’s impossible to make them “hack-proof,” but there are a few things you can do to make your data as secure as possible—and still convenient to access. Let’s walk through those steps.  Read_More

5 Steps to Lock Down Your Webmail Account
Webmail is a prime target for cyber crooks so it’s vital we all keep our accounts as safe and secure as possible. Here are some of the most important steps to keep unwanted people out of your account.  Read_More

Two-factor authentication: Understanding the options
There are numerous sorts of 2FA. Problem is, these 2FA systems all work a bit differently, and they all have different strengths and weaknesses.  Read_More

Hardware-based 2FA is more secure, but watch out for these gotchas
Adding a hardware key as an additional authentication factor for online services is a great way to ratchet up your security. But be prepared for a bit of a learning curve and some frustration, especially on mobile devices.  Read_More

How to Harden Your Browser Against Malware and Privacy Concerns
One of the first lines of defense we have against the plague of security and privacy problems that stalk the internet resides within our browsers. This article is meant to help you to harden your browser against all types of problems.

Yes, we really are terrible at those password recovery questions
We’ve long known that humans are really, bad at choosing passwords. Just terrible.  Well, it turns out that we’re just as bad at answering those secrets, security questions like “What was your first pet’s name?” or “What’s your favorite food?” too.  Read_More

If You Download and Run Something Bad, No Antivirus Can Help You
Antivirus should be a final line of defense, not something you rely on to save you. To stay safe online, you should act as if you had no antimalware software on your computer at all.  Read_More

What’s in a Boarding Pass Barcode? A Lot
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.  Read_More

Android has a big security problem, but antivirus apps can’t do much to help
Yes, Android devices have serious security problems. There’s Android malware out there — mostly outside the Google Play Store. The biggest problem is that most Android devices don’t get security updates. Android antivirus apps aren’t a solution to these problems.  Read_More

Report: Everyone Should Get a Security Freeze
The U.S. Public Interest Research Group (US-PIRG), a major consumer advocacy group, recently issued a call for all consumers to request credit file freezes before becoming victims of ID theft.  Read_More

How to Check for Dangerous, Superfish-Like Certificates on Your Windows PC
Dangerous root certificates are a severe problem. From Lenovo’s Superfish to Dell’s eDellRoot and several other certificates installed by adware programs, your computer’s manufacturer, or a program you installed may have added a certificate that opens you to attack.  Read_More

Motor Vehicles Increasingly Vulnerable to Remote Exploits
Modern motor vehicles often include new connected vehicle technologies. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, it is important that consumers and manufacturers maintain awareness of potential cybersecurity threats.  Read_More

Eight Tips for Preventing Ransomware
If you haven’t been hit by ransomware personally, you’re either very lucky, or you’ve taken some proactive steps to protect your computers and files. Prevention is far better than a cure. So here are 8 tips to protect yourself against ransomware.  Read_More

Should you store your data in the cloud?
The cloud. It’s nebulous. It’s wispy. And you’re probably using it. But what exactly is “the cloud” and are your files safe there? Here’s the real scoop on cloud security.  Read_More

Why you can’t trust things you cut and paste from web pages
Repetition teaches us that what goes into our hand when we Ctrl+C (grab something) comes out of our hand when we Ctrl+V (let it go). But what if it didn’t? What if you reached out to grab one apple but when you opened your hand you had a pair? Or a piranha?  Read_More

What Is JavaScript, and Why Is Gmail Blocking It?
You might have seen a notification that things are changing in your inbox. Starting in February 2017, Gmail changed its policy regarding JavaScript. Here’s why this is changing, and how you can protect yourself from malicious JavaScript.  Read_More