Windows users: IMPORTANT information about password exposure

Taoz

Erdehel said:

Kendall Sears said:

Even "signed" sites aren't safe and can be (have been) hijacked.

The last thing I'm saying in the thread since it has moved beyond the prupose for which it was created:

What "boxes" or security you have in front of a Windows box means exactly zero if the user visits a site and loads a page that hits a compromise in your OS or receives an email that similarly contains the specifc exploit.  If Outlook, Edge, Flash, or whatever software pulls the malware through the layers then the box WILL BE INFECTED.

The point of this thread was not for people to compare about how "secure" they've made their connections, or to extol their opinions about where the news of the exploit is published, but to warn those poor souls who were forced to W10, selected the Express Settings (many of them), and are now staring at the very real prospects that they're now horribly vulnerable or compromised and MicroSoft has no current intentions to remedy the situation in a "one step" security update that makes it easy on them. Many of these folks have NO experience with, nor desire to learn, about network security or otherwise.  They just want to know what the easiest way to not be a victim is.

The long and short of it is that if a Windows box is taken onto the internet it has a very real chance to be infected.

Kendall 

Sorry, but you're reading something I didn't say. Unsigned is unsafe for every person working in the internet security domain. You can't infer from that sentence that signed is safe while you switch the context of what is safe or not.

Many people have windows boxes. I say a windows Box on the Internet can be perfectly safe even for a non techie but there are some simple rules to follow. The people who wrote in this thread are obviously risk aware and react accordingly and that is good. You can't tell them their windows box 'has a very real chance to be infected'. IMO that's unnecessary alarm.

I agree. I've been on the internet almost daily, often for many hours, since 1993, as part of my work, and been using all Windows versions since 3.1 and all versions of IE on several PCs. I've had a total of 3 virus infections during that time. I think most viruses comes from people clicking on all kinds of things they get in their mail, from torrents and pirated software, and visiting dubious places and public sites like Facebook. It's quite easy to avoid the bad stuff with a little knowledge and sensible behaviour. A good AV program and a good firewall can catch a lot of bad stuff but you can't rely on these alone.

 

Jan19

Taozen said:

Jan19 said:

Taozen said:

Jan19 said:

Taozen said:

 

Jan19 said:

Taozen, could you explain?  I'm not a techie.  I would quote your post, but Quote is in the mood to quote everything, even what I write.  It won't turn off.

I mean -- does someone have to upload something onto a website or download something, or what?

Networking is pretty complex so it's easy to configure things the wrong way so others on the internet can get access to your stuff. A basic Windows 7, 8 or 10 installation on a network behind a router and a firewall is usually pretty secure be default though, but if you install different things to give people public access, like a web or FTP server you must know what you're doing to avoid the public getting access to files you don't want them to have access to. A NAS can usually also be configured to give public access to the files it stores so you have to be careful here too.

Always change the password for your router as soon as you have installed it, otherwise hackers can easily get access to it using the default password and re-configure it to get access to your system.

You can test how secure your system is here:

https://www.grc.com/default.htm

Quote, please work.  It is.

OK, Taozen, thanks.   No, I won't give people public access, not knowingly.  As for a router, I won't use one, for the reason you mentioned.

Personally I'll recommend using a NAT router as it acts as a hardware firewall adding an extra layer of security by preventing port scanning, hiding your computers IP address etc.. I've been using routers myself for many years and never had any infections through any of them. Some claim that a good software firewall (like those that come with some AV programs) is enough, personally I use both router and software firewall (Avast IS - antivirus with firewall).

From grc.com: "Although NAT routers are not generally purchased for their security benefits, all NAT routers inherently function as very effective hardware firewalls (with a few caveats examined below). As a hardware firewall they prevent "unsolicited", unexpected, unwanted, and potentially annoying or dangerous traffic from the public Internet from passing through the router and entering the user's private LAN network.....With a NAT router protecting your connection to the Internet — even if you only have one computer on the LAN behind the router — none of the Internet scanning and worms and hackers and other annoying and malicious Internet nonsense can get to your computer or computers."

https://www.grc.com/nat/nat.htm

http://www.dslreports.com/forum/r20016986-Does-a-router-increase-general-security

BUT a router should be of good quality and configured correctly, which most cheap consumer routers often are not:

http://routersecurity.org/

http://www.tomsguide.com/us/home-router-security,news-19245.html

https://www.us-cert.gov/ncas/tips/ST15-002

 

Thanks.  :-)  I really have no need for a router though. 

OK - just got the impression that you didn't want a router because of what I said about the password thing (which I don't consider an issue as long as you use a secure password), so just wanted explain a bit about routers. But it looks like you already have an opinion about routers in general, for whatever reasons.

No, no, it was not anything you said.  I'm sorry if I get wary on this subject, but...let's just say I've been burned.  And now I know better. ​ 

 

Taoz

Jan19 said:

Taozen said:

Jan19 said:

Thanks.  :-)  I really have no need for a router though. 

OK - just got the impression that you didn't want a router because of what I said about the password thing (which I don't consider an issue as long as you use a secure password), so just wanted explain a bit about routers. But it looks like you already have an opinion about routers in general, for whatever reasons.

No, no, it was not anything you said.  I'm sorry if I get wary on this subject, but...let's just say I've been burned.  And now I know better. ​ 

OK.

Jan19

The update came through, at last.  So far, so good.  Keeping fingers crossed and wearing good luck charms.