Microsoft Edge already has some security tricks up its sleeve, but you can beef up the browser still further. Windows 10 users, you’re probably using Microsoft Edge to surf the web. But how secure is the newest browser on the block? And how can you tweak it to make it more secure? Edge already includes or takes advantage of several features that enhance your security. But it also offers several options that you can enable or disable to better protect your privacy on the web and ensure that you’re practicing safe surfing. You can make sure the SmartScreen filter is turned on to protect you from malicious websites. You can use InPrivate browsing so no cookies or other data are collected. You can opt to block cookies, especially ones from third-party websites. You can choose to clear your browsing history, especially whenever you shut down Edge. And you can remove your Bing search history. First, let’s go over the security features already built into or used by Edge. One item is SmartScreen. Initially developed for Internet Explorer 8, SmartScreen checks each webpage you visit and each file you download to make sure they don’t contain malware. The feature works by … Read More
Since we have been using computers, we have been looking for a way for each machine’s administrators to better control the machines and take care of them. This is how we got PowerShell: Microsoft gave admins a command line tool that would be able to automate more and more tasks, from scripting across a network to fully deploying and managing a server with no graphical user interface. Of course, with every good thing comes attackers that abuse it, and PowerShell is no exception. A recent attack that utilizes a malicious word attachment also used PowerShell commands to put a back door in the system, then used DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. While this process is not new, the recent headline use of PowerShell has led to some question if one can block PowerShell on their machines. The first thing to know is that one truly cannot uninstall PowerShell from a system. Think of PowerShell like the DOS command line that is still hiding under the hood of the operating system: it’s a deep, embedded part of the operating system. However, that doesn’t mean you aren’t without options to better prevent the use of … Read More
Here’s a morsel of what I learned about Web security at this year’s RSA Conference in San Francisco. It’s just another tale of the good, the bad, and the ugly 1.Security in Windows 10 is better than any version before it. That’s because unlike previous versions which had user customizable settings to control how your PC received updates and patches, updates in Windows 10 are by default automatic. Ostensibly this means that Microsoft is staying one step ahead of malware hackers. There’s just one problem with this assumption. Unlike the dozens and dozens of anti-malware/virus software companies which update their malware definitions 24/7, Microsoft offers its updates just once a month on its Patch Tuesday which means any Windows 10 is vulnerable to new malware for possibly a month in between. So installing third party anti-malware/virus software is probably still advisable. 2.Nothing is necessarily safe on the Web even if you have anti-malware installed because the hackers are changing their sinister codes virtually every few seconds. You read that right: every few seconds in a lousy game of digital whack-a-mole. And the bad guys are ever finding new ways to infect your system. 3. Then there’s the increasing rise of … Read More
Recently a WordPress attack led to defaced web sites. WordPress is an easy web platform to use and one used in many attacks. Here’s why — and what you can do to protect a WordPress site. Why WordPress Is Attacked WordPress is a very powerful platform. It makes it easy for novices and non web developers to build their own customizable web sites that are easily updated and very social. But that ease of use can also mean ease of being used in attacks. The core of WordPress is augmented by any number of third party plug ins and thus to patch and maintain WordPress sites can be pretty tricky. Recently, several security issues caused many sites to be defaced. The update, released on January 26th, fixed several issues the worst of which caused an “unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.” The bottom line? Attackers could take control of a site and post whatever content they wanted. As soon as the patch was released, sites came under attack. So why didn’t all of us running WordPress sites immediately update? Well, for the same reason we don’t immediately update Windows patches – we fear new releases will … Read More
Not a day goes by that I don’t see some sort of scam or attack. Awareness of the latest scams it key to staying safe — here are some new scams you should be aware of. Ransomware’d Printers The latest in ransomware techniques is to target vulnerable printers inside networks. As noted in a recent article, the attack takes advantage of a network if port 9100 is open. While in a small network behind a router provided by your Internet Service provider, the chances are small that port 9100 will be open if you’d like to make sure you can perform the following steps. From a computer inside your network go to the ShieldsUP website. Click on proceed to begin the process In the box, enter 9100 Click on user specified custom port probe The test will indicate if the port is open or closed. Chances are very good that the port will be closed. If so, you will not be at risk to this attack from external sources. However, I have seen several firms impacted by this attack because the malware entered into the network into a workstation and was able to attack vulnerable printers. In one case it … Read More
Credit card numbers, Social Security Numbers, scanned passports, plans for world domination — these are only a few of the items that you may be tempted to send in an email. But unless you have encryption, you shouldn’t hit “send” on any of them. A message can pass through numerous servers on its journey and can be read on any of them. Encrypting a message can be much more complicated than encrypting a file or even a drive. There are other people involved. And they may not be as tech savvy or security conscious as you. So you need encryption that won’t confuse someone who panics at the thought of downloading a file. Another issue you need to consider: Just how much security do you need? It’s one thing to protect your information from run-of-the-mill cybercrooks. It’s another to keep your private words from the government. And remember that there is no perfect security. Even the best encryption algorithm can be cracked if someone uses a password like 123456. The goal is to find something both practical and sufficiently secure. The Weak Encryption You Probably Already Have Your messages probably already travel encrypted from your email client to your email provider’s server, … Read More
It’s a new era in terms of risk on the Web: from scams to spam to predatory practices, you have more reasons than ever to be proactive about protecting your kids while they’re surfing online.
Fortunately, Windows 7 gives you a robust set of built-in parental controls.
Keeping your personal financial information safe from cyber thieves doesn’t require a ban on online shopping and banking — it just requires care.
Follow these tips and you should be okay — even if you take the riskier path of banking by cell phone.
Frequent Internet users get mixed messages about data privacy.
We worry about data miners and identity theft but put our life stories up on Facebook. Here are some basic steps to enhance your personal security.
You wouldn’t drive your car at night without at least buckling up and turning on the headlights, so why would you surf the Web without using basic safety procedures?
Our Windows Secrets Security Baseline is a simple summary of the products and services that give PC users a minimum safe PC configuration.