Friday 29 May 2015

Make Your PC Hack-Proof

Make Your PC Hack-Proof

Antivirus alone is no longer enough to keep malware off your PC. Jane Hoskyn counts down 14 new rules to beat hackers' latest tactics

Happy birthday to the word ‘hack’, coined 60 years ago by the Tech Model Railroad Club at MIT (Massachusetts Institute of Technology). Then, as now, the word simply means to tinker with technology, which is one of our favourite things to do (and definitely one of the MIT model railway enthusiasts' favourite things to do). But criminals are pretty keen on it too. and they’re having a particularly busy year.


As if to celebrate hack's 60th. malicious hackers have conjured up an array of new ransom ware, Trojans, rootkits and other disastrous gifts for your PC. They're even offering The Moon, a nefarious new type of worm that infects routers. Thanks, but no thanks.

Much of this vile stuff can be removed from your PC, but malware-removal is a stressful, time-consuming and difficult business. Far better to stop it getting there in the first place.

Hack proofing your computer is the tech equivalent of sticking masking tape all over your home's nooks and crannies before painting a wall. It’s a pain, and can feel like a waste of time (did you plan to spend Sunday configuring your router’s firewall? No), but it'll save a much bigger headache later on.

The bedrock of any hack proofing is. of course, a carefully chosen and configured antivirus (AV). But AV can’t block all threats, and to assume it can is to leave yourself vulnerable to attack. In fact, your AV may be worse than useless if it’s not set up properly. And no AV suite in the world can save you from criminals who hack you, by tricking you into downloading dodgy files that you and your AV think are safe. Read on to discover their latest tricks and find out how to beat them at their own ever evolving game.

STOP HACKERS BREAKING INTO YOUR PC


Fix unsafe Windows settings


All the third party security tools in the world are a waste of space if your PC’s built-in settings are leaving a window (no pun intended) open for hackers.

First, visit the Control Panel’s Action Center for an overview of your security settings. To get there quickly, type review into Start and click ‘Review your computer’s status’ (Windows 7 or 8/8.1). In the window that opens, click the tiny arrow to the right of Security to see information, including your AV status and internet security settings.

Check that Windows Update is set to ‘On’. This is as important as AV in defending your PC from hackers. If Windows Update is set to ‘OfF. type update into Start and press Enter, then click ‘Change settings' and select ‘Install updates automatically (recommended)’ from the dropdown menu.

Another key item is User Account Control (UAC). This is the Windows service that litters your screen with ‘are you sure?’ - type messages and dims your screen when you install software. Many people disable UAC to make installing programs slightly less tedious. However, if you do this, you’re giving hackers full administrative control over Registry-level changes to your PC. You may as well invite hackers round for tea and wear your credit card number as a bowtie.

To fix this, click ‘Change settings’ in Action Center or type user into Start and click ‘Change User Account Control settings’. Drag the slider to the top (‘Always notify’), then click OK and restart Windows. ‘Never notify’ is one of the most dangerous settings you can indict on your PC.

Microsoft has released a ‘Fix it' tool (www.snipca.com/16515) that scans your Windows security set up and automatically fixes unsafe settings. Click ‘Run now’, save the file and click to run it. If UAC is set up properly, you’ll have to click ‘Yes’ in the ‘Do you want to allow the following program...?’ pop-up. As we’ve explained, it’s well worth the extra click.

Note that the ‘Fix it' works in all version of Windows since Windows 2000. but for safety reasons you should download it using a PC running Windows 7 or later.

Configure your antivirus


To find out what AV you should be using now. see the latest quarterly test results from our team at Dennis Technology Labs (www.snipca.com/16503; click Download Home Anti-Virus Protection). Winner, again, is Kaspersky Internet Security (normally £39.99; reader offer £17.99 from www.snipca.com/16486). Norton Security is currently in second place and Avast Free Antivirus is third.

Choosing the right AV is only the first step, however. Its default settings may not protect you against all threats, especially if you regularly download from the web. Go to Settings and switch to a higher security level.

If your PC is quite old or slow, set a lower security level, but run a full scan first. Then find a postponed scan option and set it to run regularly when you're not busy with your PC.

Also look for a setting that lets you create rules for protected file types (here's how to do it in Kaspersky, for example; www.snipca.com/16508). Creating rules means you’ll see warning messages when you try to access certain files and programs, but like User Account Control pop ups they give you vital control over your PC's sensitive data, and can help block file encryption malware such as ransomware and cryptovirus infections.

Make full use of your AV’s companion website. Bookmark Its configuration guide and forum. (If the website doesn’t have either of these, choose a different AV.) For Kaspersky Internet Security, go to the Knowledge Base (www.snipca.com/16504) and click ‘Settings and Features’: for Norton, go to the Configuring Norton Internet Security page (www.snipca.com/16505); and for Avast, go to the Avast FAQ (www.snipca.com/16506).

Block zero-day attacks


If your AV includes a Cloud Protection option, enable it. I his aims to give you instant protection from internet threats the moment they’re discovered.

However, some threats aren’t discovered fast enough for your AV to protect you. Zero-day attacks happen when hackers discover a vulnerability in a program or plug in before the software makers can find and patch the flaw.

To guard against these attacks, use an anti exploit tool that works separately from your AV. Malwarebytes Anti Exploit (MBAE, www.snipca.com/16510) is a free, small tool that works like an invisible shield around your browser, keeping attackers away from any potential vulnerabilities in your PC’s software or operating system (OS).

MBAE runs in the background from the moment you install it, but it’s designed not to conflict with your AV or firewall (it's not a substitute for those tools, either). When we tried it, we didn’t notice our browser slowing down or suffering any other side effects.

Click Get My Free Download and run the installer. It automatically installs a free trial of MBAE Premium, which throws its invisible shield around Word, Excel, VLC and Windows Media Player as well as all common browsers; you don't have to hand over any payment details to get the trial. When the free trial is over, you'll switch to the free version without needing to do anything. МВЛЕ works on all versions of Windows from XP onwards including Windows 10.

Get software updates instantly


Once a Haw has been discovered, the race is on to patch it and keep hackers out. This is why software and OS updates are such a vital part of your hack proofing strategy. To get updates as soon as they’re issued, set Windows Update to install automatically.

Shockingly, Microsoft no longer includes Word and Excel in Windows Update by default unless you're running Office 365. This oversight left millions of Word users vulnerable to remote code execution attacks last year (www.snipca.com/16522). To stay sale, you need to add Word and Excel to the automatic update schedule by yourself. In Windows 8/8.1, type updates into Start and click ‘Choose whether to automatically install Windows updates’, then tick ‘Give me updates for other Microsoft products when I update Windows'. In Windows 7. go to Windows Update, click ‘Change settings’, then tick ‘Give me updates...’.

While you’re in Windows Update, click ‘Check for updates’ to find patches that have fallen through the net. then install any that are available. If an update won’t install, use the free Windows Update Automated Troubleshooter (www.snipca.com/16521, click ‘Run now’).

Don’t rely on Windows Update alone. Free portable tool Patch My PC Updater (www.snipca.com/16519) scans your PC for other missing updates and flags out of date versions in red text. You can then install all available updates with one click. Patch My PC doesn't quite cover all programs, but it will help you keep more than 100 of the most commonly exploited third-party programs and plug-ins updated safely, including Java and Flash, both of which have been hit by zero day attacks in recent weeks and had to be patched to limit the damage.

Uninstall unsafe plug-ins completely


Updating browser plug-ins is hazardous in itself. Bogus Flash and Java updates have been used to spread malware, including CryptoLocker. If you really want to keep your plug-ins. set them as click-to-play and set your browser to update them automatically. Never, ever attempt to update Flash by clicking a link in a video.

Even better, ditch plug-ins altogether. They’re increasingly unnecessary. YouTube has dumped Flash for a new default video format, HTML5, which doesn’t require extra software and is much safer (www.snipca.com/16527). Java is nearing extinction (there's even a website called Java Is Dead: www.snipca.com/16528) and these days you'll rarely come across a site that requires it.

Remove unwanted plug-ins and extensions manually from your browser, or disable any you can't remove. Then remove their residual files and settings using CCleancr, ideally in conjunction with free tool CCEnhancer (www.snipca.com/16529), which adds extra items that CCleaner can clean including Flash Player leftovers.

Beat router malware


Last year thousands of Linksys routers were infected by a self replicating worm with an inappropriately pleasant name. The Moon (www.snipca.com/16536). Linksys soon issued a patch (www.snipca.com/16537), but the precedent was set: hackers can now break into your PC via your router. And they don’t care if it’s made by Linksys, TP-Link or Father Christmas.

To hack proof your router, go to its setup page (here’s how: www.snipca.com/16542) and make sure remote management is switched off. If the remote IP address is ‘0.0.0.0’, it’s off. Change the device password (the default is usually ’password’) to something much stronger. Make sure the router's firewall is enabled (it won't conflict with your system firewall) and that its firmware is up to date. The manufacturer’s website will have details of the latest firmware.

You can add an extra layer of protection to your router by hiding your IP address with a virtual private network (VPN).

Never trust a USB stick


We love USB sticks. Who doesn't? You can store 64GB on one for under 15 quid (www.snipca.com/16538). That’s pretty lovable.

But in the league of hazardous peripherals, USB sticks are far ahead of routers. All a hacker has to do is put the USB stick in his or her computer and paste malware into it much easier than attacking a router remotely.

Get into the habit of scanning all removable storage devices for malware before you open them. The easiest way to do this is right click the device in Explorer and select ‘Scan for viruses’ (or similar), which triggers your installed AV to run a manual scan.

Next, edit the Registry to disable AutoRun, the Window's service that opens a selected program automatically when you connect a device. Type regedit into Start and press Enter. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, then right click in the right hand pane, click New and then ‘DWORD (32-bit) Value’. Type 000000ff under ‘Value data’, then click OK and restart your PC.

STOP HACKERS STEALING YOUR IDENTITY


Use 2-factor verification


Why would a hacker spend time and expertise breaking into your PC when they can log straight into your bank account by guessing your password?

Your first defence against identity theft is to use better passwords, and to use a different username and password for every online account, and for Windows. But even the strongest passwords are not enough to protect your most sensitive accounts. You need to back them up with another layer of protection known as two factor verification (aka two-factor authentication or ‘2FA’). You’ve probably experienced two factor verification already, in the form of text messages that contain a special code you have to enter to log into, say, your bank account. Your initial response may be: “Oh what are they asking for now?" and even fear that you're being scammed. but this is now a well established process and is incredibly useful in protecting your accounts.

Free site Two Factor Auth (https://twofactorauth.org) lists online accounts that support two-factor verification. Click the little document icon next to a site’s listing for more details. You can also use the site to submit a request for two-factor support for accounts that don't already have it.

Stay anonymous online


We tend to discuss virtual private network (VPN) software in the context of beating internet restrictions. Free VPN tool Hola (http://hola.org), for example, lets you watch US-only shows on Netflix.

But VPNs and proxy tools (which are technically different, but do the same thing) aren’t just for naughty rule-breaking. They’re also extremely good for security. I hey work by disguising your IP address, so websites can't track you and nor can hackers. When you hide your IP address, you effectively hide your identity, and even mask the fact that you’re online at all.

If you’re using Chrome, you don’t even have to download Hola, just add the extension (www.snipca.com/16545). Hola also has extensions for Firefox and Internet Explorer (IE), and once they're installed they work in the same way as the Chrome extension. However, you have to download them to your computer first from the Hola website, so the process is a bit more finicky. Firefox users should also try the free extension Zen Mate (or ‘ZenMate Security & Privacy VPN 4.1.7’, to give it its full name: www.snipca.com/16546), which is well rated by users and has a strong emphasis on security.

If you’ve tried a VPN and it keeps struggling to connect you to a server, try the free proxy service Anonymouse (http://anonymouse.org) instead. Anonymouse works completely online and doesn’t even need adding to your browser, let alone downloading to your PC. Just visit the website (make sure you include the ‘e’ at the end of ‘anonymouse’ in the URL), click the UK flag, type in a web address, then press Enter to access it. Behind the scenes. Anonymouse will redirect you through a safe proxy server that disguises who and where you are.

Encrypt everything you type


Epic Privacy Browser (www.epicbrowser.com) is a free Chrome style browser that encrypts everything you do. so no-one or nothing can read it. It also automatically blocks adverts and cookies, and clears your history' and cache every time you close it.

If you'd rather not replace your browser, try' the free version of extension Disconnect (https://disconnect.me), which works in Chrome, Firefox and IE. It blocks third party tracking cookies and gives you control over a site’s encryption level from an easy-to-use toolbar menu.

Also look at Reset The Net (www.snipca.com/16540), a new privacy project from a consortium of companies including Google and Mozilla. The group has created a free software Privacy Pack (https://pack.resetthenet.org) to help you encrypt your data and communications. One of the bundled programs is Tor (www.torproject.org), a free open-source program that cloaks everything you do in a proxy, offline as well as online. Tor has an air of illegality because it’s been used by people who want to hide for dishonest reasons, but it’s not illegal in itself in fact it’s the ultimate line of defence against identity theft.

STOP BEING TRICKED INTO DOWNLOADING MALWARE


Block adware automatically


We love free software, but we hate installing it. Our hearts are in our mouths every time we open an installation wizard, because we’re braced for the adware it might install sometimes openly, and sometimes by stealth.

Most PUPs (potentially unwanted programs) that come bundled with Tree software are not malware, but some of them arc, and it shouldn’t be up to you to tell the difference.

Free program Unchecky (http://unchecky.com) can help you avoid PUPs by automatically opting out of bundled extras when you're installing programs. It’s extremely easy to use and, in our experience, effective. It's not completely infallible, though. Adware, such as the horrendous regenerating search engine Binkiland. sometimes sneaks through in installers that don't include any opt-outs at all. and may not be picked up by Unchecky.

To avoid the menace of PUPs, use portable versions of software wherever you can. First, upload the program file to free online tool VirusTotal (https://www.virustotal.com) to make sure it’s safe, and keep an eye out lor updates. Portable programs may sidestep the installer problem, but they don't update automatically.

Avoid fake downloads


Download buttons aren't always what they seem. Go to a popular software site such as Download.com. and you'll see a blizzard of buttons saying ‘Free download!’, ‘Download now!' and so on but many are just adverts. Sometimes, these adverts are laced with adware or even malware. They’re a very easy way for hackers to trick you into downloading unwanted rubbish to your computer, but they're also very easy to block. Simply use a free advert blocking extension such as Adblock Plus (https://adblockplus.org), which works in Chrome, Firefox, IE and even Android's browser. Adblock Plus automatically blocks adverts on most websites, but you can click its bookmarklet to allow an advert through if you want. It’s a fantastic little extension that’ll change the way you see the web.

Stop your phone hacking you


Your phone and tablet are hotlines to your PC Your browser automatically syncs between devices, your email works across all platforms and you transfer files to and from your tablet and phone to your PC. They're not really separate devices at all.

So if malware gets into your tablet or phone, it gets into your PC too. As we’ve seen, adverts can easily be embedded with malware, and adverts on fiddly phone and tablet screens are especially easy to open by accident. Adblock Plus can't yet block adverts in all mobile apps. sadly. As soon as there's a free, safe advert blocker that effectively blocks ads on tablet and phone screens, we’ll let you know.

Meanwhile, you can help hack proof your phone and tablet by being very careful about the permissions you give to apps. Apps are extremely easy to build, and they're a popular way for hackers to trick you into giving them full access to your contacts list, social posts and even your private messages.

Free, open source Android app Permissions Explorer (www.snipca.com/16547) lets you double check the permissions you've given your installed apps, and lets you see which apps allow in app purchases. “No permission required to use this app.’’ says the developer. “No ads. Does only what you want it to do." If only all apps were like that.

Switch your spam filter


After 15 odd years of using email, you probably know that your spam filter doesn't work very well. It blocks important messages from your insurance company, and fails to block dodgy business pitches written entirely in Korean.

It’s easy to joke about this, but it really matters. Spam and phishing emails are as popular as ever among hackers, who embed malware in their links and attachments. This is how the drive wiping malware Rombertik was spread.

To guard against it, improve your spam defences with a third party spam filter. Online service Spamfence (www.spamfence.net), which is free for personal use. works with your installed email program (Outlook, for example) and redirects incoming messages through a secure and powerful spam filter. Similarly, Open DNS (https://www.opendns.com) works online and is free for personal use. and offers extra protection against phishing sites and spam.


HOW CONFLICTS HELP HACKERS


Antivirus suites and firewalls are designed to run constantly in the background, blocking threats. If there’s more than one AV or more than one firewall running on your PC, they will conflict and prevent each other working - which is a gift for hackers.

ONLY USE ONE FIREWALL


Disable Windows Firewall if you’ve got a third-party firewall installed and enabled. Type firewall into Start and press Enter. Click Windows Firewall Properties and choose Off from the 'Firewall state' dropdown box if you have another firewall running. If you don’t have another firewall, make sure 'Firewall state' is set to On.

Many AV suites automatically switch off Windows Firewall if they have their own firewall.

BEWARE WINDOWS DEFENDER


This built-in tool describes itself as anti-spyware and claims not to conflict with other tools. This is dangerously untrue. Defender has a background-running component that you must disable to avoid conflicts. Type defender into Start and press Enter. Click Tools, then Options and untick 'Automatically scan my computer'. Click Save and restart Windows.

COMPLETE YOUR SET OF SCANNERS


It's fine to use more than one manual security tool that you can run independently of each other. Three of our favourite security scanners don't conflict: AdwCleaner, CCleaner and Malwarebytes Anti-Malware Free. These tools remove malware rather than monitoring and blocking it, so they won't make your PC hack-proof in the way that a good AV or firewall will. But they're very useful for removing junk that sneaks through your defences.


HOW STRONG ARE YOUR PASSWORDS?


We regularly read stories about the death of the password. It's going to be replaced by pictures of your face, fingerprint scanners, brain waves or whatever. But we bet you a fiver you'll still be using passwords a decade from now.

Two-factor verification tools and password managers such as PassBox (www.snipca.com/16543) are no excuse for sloppy passwords. Don’t let these extra layers of safety lull you into a false sense of security. Your passwords must still include a mix of capital and lower-case letters, numbers and, if allowed, special characters. Free online tool Passwords Generator (http://passwordsgenerator.net) will help.

To test its strength, type it into free online tool How Secure Is My Password? (https://howsecureismypassword.net). The page is encrypted (hence the 's' in 'https') so no-one, including the site's developer, can see what you write. In real time, the site reveals how long it would take an average PC to crack your login, simply by guessing strings of characters. The password we used for roughly five years when we first went online, back in the late 90s, scored '0 days' - in other words, it was instantly crackable. No, we're not going to tell you what it was.