Practicing Safe Computing

Introduction

In the old days of personal computers, you had to install the operating system yourself and configure it.  This meant that you at least had some idea on how to restore it if things went bad.

Many things can go wrong with a personal computer, and usually the most problematic is if the hard disk failed.  And there is now malware out there that can destroy your data.

And chances are that your system was pre-installed by computer manufacturer.

This article is more oriented to Microsoft Windows for example, as those users tend to be less technical than on the other platforms.

It is now more a case of when, not if your system will get infected by malware.  Web sites can be taken over by criminals.   A typo in going to a web site can take you to a site run by a criminal.  I had seen a computer infected just by visiting a well known legitimate news site.  I do not know what on the web site triggered the infection.

Protecting your system and data

So what should you be doing to protect your system and data?

Have Operating System Recovery Media

Make sure you have recovery media for your system in a safe place. 

For Microsoft Windows 10 and 11 now, it appears that you can download recovery media.

For older Microsoft Windows system, the recovery media was only on a hidden partition on the hard drive.  Which means that you needed to create either CD-ROMs or later a USB stick with using a tool on that hard drive.  And this could only be done once.   If you have not done it, then you need to do that now.  Otherwise your system vendor is the only trusted source of recovery media, and they usually charge for it.  Many though have stopped all support and downloads for older systems.

Separate User and Administration accounts

You want a separate account for doing computer administration than what you use for normal use.
This administration account should be one that does not require a network connection to log into.

This will make it so that you install software or do other operations, you will get a dialog popup about what account to use for continuing.  That is supposed to block accidental installations of malware, but it does not always.

For some malware, it generally only corrupts the login account.  And this means by logging into the administrator account you can run the cleanup procedures.

Malware Protection

In addition to what ever malware protection that you have, I would recommend at least the free tier of MalwareBytes.  It has found and fix issues that have infected systems with other more well known brands of AntiVirus.   You may also consider the free ClamAV and for Linux based systems, look at at using ClamAV with the "maldetect" databases.

Backup your data

Remembering to backup your data can be a pain, so you need at least one automatic method.

The best way to do that is use a cloud backup service.  It is hard to find a free provider that provides full service.  These services work generally by you telling them what you want to back up, and with in seconds of an update, an encrypted copy in the cloud will be set up.  And backup changes will be set.

There are also providers that do not encrypt.  I use those only for backing up open source work in progress, so I do not need to be concerned if they have an information leak.

Local backups need to be to a USB drive of some type.  And one of the problems with backup is that only normal sized SD-Cards seem to have write protect switches.  SD-Cards generally seem to be more expensive than USB drives though.

On Windows 8.1 and possibly later, the backups are now hidden under "File History" in the Control Panel where you can direct it to keep backups of your files on change.

If you insert a USB backup drive into a system that is still infected, it is likely to corrupt your backup media.  So it would be a good idea to have USB stick for each month.

By using an OTG connector in your charging port, you can use most android devices to validate your backup media periodically.   Of course make sure that your Android device is backed up first.

Use at least one Firewall

For your home network, you should use at least one firewall / router appliance.

Universal PNP should be disabled.  That allows any program on your network to reconfigure the firewall, generally a bad idea.  Some games may claim that they need this for full features, but generally they should provide instructions on how to do it manually.

And always use the built in firewall when you are not using the firewall appliance.  Beware of free open wifi that your system may find.

Secure your WIFI with a good password.  Criminals in many areas look for open WIFI to steal internet from, or to try to break into your systems.

Just because you can not get a good WIFI connection a block away from your home, under the right conditions, including very good antennas on at least one end, your WIFI signal can travel for miles.

Pass your internet driving exam

Unfortunately there is no official internet driver's licenses, and some people should simply be not allowed unsupervised access to the internet.
  • Never ever reply to spam!
    Never use a system that claims to bounce spam or sends an e-mail challenge!
    All these systems do is send more spam to other innocent victims like you and will put you in violation of the terms of service for your Internet Provider.

  • Never post on social media your upcoming travel schedule for anything or that you are away from your known home address.  That is inviting unwelcome visitors.

  • The pop-ups and e-mails claiming your system is infected are probably false.  Most of these are just fake, and some will just put your browser in a CPU loop so that the system becomes real slow, and will stop if you just kill your system.  If you are not sure, then power off your system and get a real tech support to investigate.  Any tech support number that pops up in one of these messages is usually a criminal.

  • There are no lotteries or lost fortunes to be collected.
    Same for notices of past due bills, and uncollected unsolicited packages.
    All they want is your help in stealing from you.

  • Do not trust social media posts asking for charity.  Just about every one has turned out to be a scam.  And most of them are just edited copies of previously successful scams.

  • If you have a wired phone so that your phone number, name and address are in a public directory, or you posted that information on social media, scammers will be using that information to call you to tell you that a friend or a family member is in a foreign jail or stranded some where.

Be very wary of download sites for software

Pretty much most users end up needing software that is downloaded from the Internet.

And the scammers are out there to try to trick you into downloading malware instead, even by getting advertisements for downloads that are placed on legitimate sites.

Special download software packages are not needed and avoid distributed downloads.  Many distributed downloads will install extra stuff on your computer to have it participate in helping others.  You have no idea if that extra data contains malware or illegal content.

One site that I get software from has the download instructions and link in the body of the text, but has big graphics with a download button from an advertisement for doing a download of who knows what that implies it is the official download for the site.

And malware distributers are using similar spelled domains to try to trick you into visiting their site.


Comments

Post a Comment

Popular posts from this blog

D-RATS from Python2 to Python3

What is D-RATS? D-rats is a multi-protocol GUI communications package for Ham Radio. While d-rats was inspired by D-Star, pretty much nothing in D-Rats requires D-Star. D=Rats knows how to convert D-Star icon codes to APRS icon codes. D-Rats will work over any radio link that can transfer 8 bit data over a serial port, and also over the Internet when a connection is available. D=Rats has connections for Serial, APRS, TNCs, and WinLink. https://github.com/ham-radio-software/D-Rats D-Rats on Python2: Developed on Linux for Linux by Dan Smith. Ported and packaged for Microsoft Windows by one or more users of D-rats. Running on Linux:  Only possible on older Linux systems that are very out of date. Running on Windows: Older version is installed as a single file so still works.   It is unknown if there are any exploitable security vulnerabilities that may have been fixed on other platforms. Maintenance on Windows: No longer practical, all dependent components are deprecated. K...
Read more

OpenVMS 9.2-2 Community Edition setup on KVM on Fedora/41

 This is a write up of my setting up an OpenVMS 9.2-2 Community edition on Fedora/41. The community edition comes as a vmdk file for installation on Virtualbox.  To use on KVM it must be converted. Fortunately a user Marin has written a document on how to do this. https://forum.vmssoftware.com/viewtopic.php?t=9026 First step is to convert to a qcow2 image.  Different from the instructions, I will name qcow2 image based on community-flat in  my image storage area. First convert the image. qemu-img convert -O qcow2 community.vmdk community-flat.qcow2 Then I need to put the OS specific copy for libvirt to use. sudo mkdir -p /data/libvirt_pools/default/ sudo cp community-flat.qcow2 /data/libvirt_pools/default/robin.qcow2 First thing I discovered is that selinux needed to be put in permissive mode from the default.  This is apparently a bug in one of the kvm required packages that according to the internet reports was fixed in an earlier version of the package than I...
Read more

OpenVMS 9.2-3 Community Edition setup on KVM on Fedora/41

In January 2025, I got the update to the OpenVMS 9.2-3 Community Edition. Actually I got two updates, there was a problem with the first update.   This article describes a script that I developed for quicky getting a new or updated disk image for the community edition installed on a KVM host to the point where you can control it from DECnet or SSH. It appears by default the VM will boot up with a DHCP assigned address with SSH enabled. So if you can force the DHCP assigned address, or can easily find out what it is, you can use that for automating the configuration. I want to avoid the password setting dialog, and I need DECnet IV for my home network, and I can not lookup a DHCP address easily to find the IP address. So first I will describe using the first OpenVMS 9.2-3 update which I used for debugging the script.  Then I will describe using it again for the second update. It turns out that my previous install using virt-install tool to create the OpenVMS 9.2-2 edition ...
Read more