Page 1 of 1

Safe and secure computer life

Posted: (210909)(20:09.14)
by LDAsh
Recently, many people I know have had problems with malware (ransomware, specifically), losing personal files and needing to begin from scratch, which is heartbreaking and has inspired me to make this 'article' about how I personally go about setting up and securing my computers. I'm not claiming these are the BEST approaches, nor am I claiming to be invulnerable, which is why this is in a forum and people are more than welcome to add their opinions, but I hope this will provide some helpful insights.

This isn't a step-by-step tutorial, but more of a philosophical article. You'll need to research the exact how-tos for yourself, but you can still feel free to ask me to be more specific about something and I'll do my best to help. I'm also not going to mention really obvious stuff like online privacy and avoiding phishing scams, I don't consider it to fall into the categories of viruses or hacking. No software is going to prevent user stupidity.

First of all, I'd like to encourage people to look into Linux, even just to try it. It doesn't need to be your "daily driver" (yet) but now is definitely the time to become more familiar with it. I haven't trusted Microsoft for so many years now and given the advent of distros like Mint, features like Proton, WINE and VMs, you really don't need to miss out on anything while having Linux as your fundamental OS. If you absolutely need Win10/11, DX12 and their store, then you can always multi-boot. For the most part, virtualising Windows (if your PC is powerful enough) shouldn't really limit your productivity too much, depending on what you do.

Speaking of VMs, this is a great way to try new software in a safe self-contained environment, even if it comes with a virus or two. A program called Sandboxie also claims to offer this feature and it has recently seen a free version released. It should be less hassle than a VM, but I've yet to spend too much time with it. Personally, I always have a "burner OS" handy that I can trash anytime I want to, if I want to inspect a whole range of new software without making a mess of my main setups. It's up to you which approach you think is worth your time, for what you need.

When installing Windows, take the time to nail down which updates you choose, and which services you use. One of the first things I do is disable 'Remote Assistance' because I use third-party solutions for that anyway, and I've heard stories that make me not trust it at all. These kind of things aren't just for security and privacy, but also for performance. You might be gasping and horrified at how much time all of this could take, and you're not wrong, but it's totally worth doing and not as bad as it seems for the following reason...

Once you've got your OS, settings and software just the way you want it, clean and new, you should make an "image" of your drive. For this, I use Acronis True Image, but there are freeware alternatives. This is like a backup archive, but it's an exact clone of your drive, the OS and MBR. If you ever have any problems, from your own mishaps to something like ransomware, you'll be able to restore this image and you'll be right back to where you were, EXACTLY. I mean every desktop icon, even your recycle bin and clipboard. If done correctly, you'll never need to reinstall Windows and deal with all the updates ever again, at least for that OS version. Keep in mind, this is something you want to do right at the beginning, not regularly. If you restore a later image that might have a virus or security flaw, you're restoring those too. For more incremental approaches, there are programs like CloneApp, registry and file monitors, and getting familiar with your AppData folder probably takes care of the rest. You can be back up and running in literally several minutes.

However, you can't really do this in a reasonable way unless you follow this rule - dedicate a whole drive (not just a partition) to ONLY your OS, software and games. Don't put TBs of vacation photos in with your OS. It will make the imaging approach a nightmare, it will cause you to need a larger SSD that will be full of files that won't benefit from the performance gains of that, and for anyone still using mechanical drives, it will make things less optimised and defragging more difficult. Not to mention, in the very rare case when your system may be directly hacked, a lot more difficult for hackers to find your personal files if they reside on a whole other physical device. If you have the drive fail, whether mechanical or SSD, you will only lose OS and software (which you'd have an image of anyway) and not your personal files. Personal files don't need to be imaged, so making backups of those should be very straight-forward.

Everyone should have some cleaning solutions. I'm behind the times with this and still use CCleaner, which I don't think is recommended anymore but I have some other BAT files that I've made for myself to clean out folders as I find them. A lot of the stuff I do these days is very low-tech like that, but that's just what I prefer. The more portable the solutions, the better, so I can just copy+paste everything between different machines and keep my system and registry as clean as possible. I can't really recommend other cleaning software apart from CCleaner, so you'll need to do your own research with those. Apart from cleaning, you might also want to consider monitoring tools to keep track of your system temperatures and health of your drives. You can't always predict when a drive is going to die suddenly but something like HDtune is worth scanning with periodically. Just like viruses, there are plenty of false positives and only experience will help you discern them all.

Now it's time for virus solutions. I was just relying on Defender for a long time, and I used to use and swear by Kaspersky a long time ago, but I've recently discovered ClamWin. It's a truly portable, up-to-date and thorough virus scanning solution - if you extract the initial EXE with 7-Zip and understand how to edit the INI with WordPad, it will work. I literally just zip it up and copy it to other machines and run it. Nothing is installed, it's self-contained and I've found threats that Defender never found, which is a good thing. It is very slow, especially when run from Safe Mode (which is recommended) but I also consider that a good thing, it means it's probably being a lot more thorough. It's even better to run it from a completely different drive and OS installation to avoid conflicts with used system files. The best solution is to stick to trusted and known places to download, and anything you feel suspicious about, throw it to 'OPSWAT MetaDefender'. If you do find something nasty and can't remove it directly, then there are boot-drive solutions that will help you. I'm not going to go into disinfecting files, just outright removal. Remember what I said about imaging your OS drive, that's a better solution, in my opinion.

There's so much more I could talk about, such as securing your networks, de-bloating your OS and automating incremental backups, etc, but I wanted to avoid this article becoming even bigger. It's really just a ramble. I'll end by stating the two main tools people ought to first look into, which is ClamWin and Acronis. Free alternatives to Acronis may be found here, but I have yet to test the reliability of any of them:-
https://www.majorgeeks.com/files/catego ... aging.html

Other relevant links:-
https://clamwin.com/
https://alternativeto.net/software/ccleaner/
https://github.com/W4RH4WK/Debloat-Windows-10
https://linuxmint-installation-guide.re ... stall.html
https://www.softpedia.com/get/Programmi ... gmon.shtml
https://docs.microsoft.com/en-us/sysint ... ds/procmon
https://metadefender.opswat.com
https://www.sandboxie.com/
https://www.hdtune.com/

Be smart, be safe and good luck.
.
.
.

Re: Safe and secure computer life

Posted: (210909)(23:09.05)
by LDAsh
I forgot to be more specific - a recent scan with ClamWin turned up a potential ransonware in my System32 folder. It's now gone but I may have otherwise had my days numbered before becoming yet another victim. Windows Defender failed to detect this. You usually probably only need to scan System32 and SysWOW64 folders regularly and a full scan less often, so please don't be lazy or complacent. It's worth the time it takes.