Accountant from Kyiv diving into security — be patient with me

[olenakovalenko5]

Welcome to MWTips, and thanks for joining ! Hope You enjoy our community !

Feel free to read the forum rules: Forum Rules

Thank you for the warm welcome! I've read the rules and will follow them. Looking forward to being part of this community

 

[olenakovalenko5]

That is great, but do not forget a backup, a second 2FA app, preferably not the same app and not on the same device, if you lose access to it, you will lose everything.
Password managers allow to store 2FA as well, but that it is a double edge sword, it renders 2FA pointless. Desktop 2FA in addition to a phone 2FA would be perfect.

Using a secure DNS can stop random clicks and block malicious connections even in the background for malvertising, botnets or for malware trying to download a payload.

Public DNS malware filters to be tested in 2025

How well do the largest public DNS resolvers that protect you against malware domains perform in June 2025? We put them to the test!

techblog.nexxwave.eu

Malware is not magic, like news make it sound, that you click on a link and you are infected. It works like ABC, if you break the chain, you break the malware.

Generally it involves scripts, so regularly check for unknown startup items and scheduled tasks, both viewable via Autoruns by MS.
MS has recently disabled VBS scripting in 11, so malware is mostly using PowerShell present by default, but you can restrict it.

GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator

github.com

Keeping Windows and apps updated is basics, MS made it easier with winget, you can use CMD, but there are apps designed to make it easier

UniGetUI | Devolutions

UniGetUI is one user interface for all package managers. Install, update, and uninstall software via Winget, Chocolatey, Scoop, Snap, Pip, Npm, and more — no CLI required. Free, open source, MIT licensed.

devolutions.net

Aside from NextDNS, this Task Manager's replacement is top, easy processes, services, firewall and network monitoring. VirusTotal scanning included of course.

System Informer

System Informer, A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

systeminformer.com

Wow, thank you so much for such a detailed and helpful reply!

I honestly didn't expect such a thorough breakdown. You gave me a lot to think about and check.

A few things I took away from your post:
2FA backup - you're absolutely right. I only have it on my phone. If I lose it or break it, I'm in trouble. I'll set up a second one today.
Secure DNS - I actually didn't know this was a thing for blocking malicious links. I always thought "just don't click on anything suspicious" was enough. Clearly not. I'll check the DNS filters you linked.
Autoruns and scheduled tasks -this is something I never check. I'll start looking at it once a month. Thanks for the tool recommendations.
System Informer - looks powerful. VirusTotal integration is a nice bonus.
The part about malware not being "magic" really stuck with me. It's just scripts and execution chains. Break the chain, stop the malware. Simple but effective mindset.

Thank you again for taking the time to write all this. Really appreciate it

One small question: what DNS filter do you personally use and trust the most?

 

[olenakovalenko5]

Welcome!

Thank you!

 

[olenakovalenko5]

Welcome to MalwareTips!

Thank you! Seems like a friendly place. Looking forward to good discussions

 

[olenakovalenko5]

Hello Olena, welcome to MalwareTips.

Thanks for the welcome! I've been reading some threads already - lots of useful info here. Looking forward to learning more

 

[simmerskool]

One small question: what DNS filter do you personally use and trust the most?

everyone has their fav, there's about 5 to choose from, I use Quad9, easy & free but if I'm in a vpn tunnel I let vpn use its dns

Quad9 | A public and free DNS service for a better security and privacy

A public and free DNS service for a better security and privacy

quad9.net

Quad9 | A public and free DNS service for a better security and privacy

A public and free DNS service for a better security and privacy

on.quad9.net

 

[Sorrento]

On a personal basis the best practice I have which does not increase security as such but really helps if you have an issue(s) is frequent full C:\ imaging, I use the free Hasleo, I've used others but this is as good as any, keeping images on a separate drive or ideally drives unplugged, that will get you out of almost any problem. IMO if I had a malware issue I would find the cause but image back. Saved me many times when I've been experimenting & gives the ability to try out new ideas & programs without the concern about messing a good install up, of course imaging does not help if info/etc is lost to the evil ones via the net but highly recommended nevertheless.