Advice Request What should a noob user do/configure/install to keep their pc some what safe?

[Frogish]

I have recently taken an interest in IT security and i wonder what the first steps are (except downloading an AV) to keep your pc some what safe. I dont need advice when it comes to browsing and such. More like what you need to configure and think about generally speaking. For exampel - what are the most common security flaws users neglect that can be easily fixed with a few configurations or settings?

Thanks in advance

 

[MuzzMelbourne]

PC or Mac or…?

 

[Frogish]

PC or Mac or…?

Windows 11

 

[MuzzMelbourne]

Windows 11

Ok, I’m Mac so… good luck and welcome from me.

 

[Kongo]

1. Using secure DNS just as NextDNS or Quad9

2. Attack surface reduction with restriction policies. A great tool for that would be:

New Update - Simple Windows Hardening

Post updated in July 2023. SWH ver. 2.1.1.1 - July 2023 (added support for Windows 11 ver. 22H2) https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2111.zip SWH ver. 2.0.0.1 - August 2022 (no support for Windows 11 ver. 22H2)...

malwaretips.com

3. Hardening Windows Firewall with tools like:

Windows Firewall Control

Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall by adding outbound notifications and many other features.

www.binisoft.org

 

[Frogish]

.

 

[Back3]

Most of my friends are newbies. I have installed Configure Defender on their computer. Every 6 months or so, I check their device: make sure Windows Updates are current;use Sumo to check their apps updates; with Process Explorer and Autoruns, check what is running. Use a second opinion scanner to make sure Windows is clean.Check their browsers and Adguard or Ublock Origin. Make a backup of their important stuff including their passwords on an external drive.

 

[ScandinavianFish]

Windows Defender with ConfigureDefender or DefenderUI and the use of an adblocker like uBlock Origin are an good start

 

[Jonwinter]

Well I will suggest you to protected and secure your system by using a good antivirus software or with windows defender and don't download random application and software from random sites.

 

[pxxb1]

I have recently taken an interest in IT security and i wonder what the first steps are (except downloading an AV) to keep your pc some what safe. I dont need advice when it comes to browsing and such. More like what you need to configure and think about generally speaking. For exampel - what are the most common security flaws users neglect that can be easily fixed with a few configurations or settings?

Thanks in advance

Since you are not saying what you do when you use your pc it is hard to say. The recommendation can be anything from make a fort out of it to, leave as is.
The usual mistakes when it comes to security is to click on anything - including mails, install programs without full attention (adware). If you do not do these "mistakes" you could have a light set up. Ms Defender tweaked with Configure Defender is enough.

As for ransomware, that ordinary people seldom get, an external backup now and then takes care of that.

 

[show-Zi]

Do not use an administrator account.
Set UAC to maximum.

It's simple, but it's effective and quick to put into practice.

 

[Freki123]

Make sure the pc displays file extensions. Otherwise people still click on song.mp3.exe and wonder what happens.

How to Make Windows Show File Extensions

Windows really shouldn't hide them.

www.howtogeek.com

 

[Frogish]

1. Using secure DNS just as NextDNS or Quad9

2. Attack surface reduction with restriction policies. A great tool for that would be:

New Update - Simple Windows Hardening

Post updated in July 2023. SWH ver. 2.1.1.1 - July 2023 (added support for Windows 11 ver. 22H2) https://github.com/AndyFul/Hard_Configurator/raw/master/Simple%20Windows%20Hardening/SimpleWindowsHardening_2111.zip SWH ver. 2.0.0.1 - August 2022 (no support for Windows 11 ver. 22H2)...

malwaretips.com

3. Hardening Windows Firewall with tools like:

Windows Firewall Control

Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall by adding outbound notifications and many other features.

www.binisoft.org

Hi thank you for your response. I did downlad SWH and ran it on default settings. I must admit i felt a bit dumb when i did it even though i read the manual and such because I cant find any reviews on it what so ever. My macafee webadvisor extension flagged the bete exe file as it might be harmful. I ran it anyway since you seem to be a trustworthy guy. I checked your previous posts and you genuinely seem to care about others and computer security. I also reviewed Andy fuls earlier posts and got the same impression. My question is has anyone reviewed SWH and deemed it to be safe. Like reviewed the actual code or just made a review or the software? I felt like i did something kinda stupid. I downloaded something that im not 100% sure is safe.

 

[Kongo]

Hi thank you for your response. I did downlad SWH and ran it on default settings. I must admit i felt a bit dumb when i did it even though i read the manual and such because I cant find any reviews on it what so ever. My macafee webadvisor extension flagged the bete exe file as it might be harmful. I ran it anyway since you seem to be a trustworthy guy. I checked your previous posts and you genuinely seem to care about others and computer security. I also reviewed Andy fuls earlier posts and got the same impression. My question is has anyone reviewed SWH and deemed it to be safe. Like reviewed the actual code or just made a review or the software? I felt like i did something kinda stupid. I downloaded something that im not 100% sure is safe.

Well, @Andy Ful is also the developer of ConfigureDefender which is a quite well known tool among us geeks. You will find quite a few reviews about it on Google. Also, many people here on MalwareTips and also on WildersSecurity forum use his tools, and are very satisfied - me included. His tools are out there for a long time, and are even Open Source. The main idea behind his tools is to further strengthen the Windows security without the need of third-party applications that are running 24/7 on your system in real-time. That would also mean, that his tools have basically no attack surface for hackers, as they are only tools to control built in Windows functions that are not enabled by default. I hope I could take your skepticism a little... I personally use his tools for many months and never had any problems whatsoever. Just make sure that you understand what the tool actually does. If you don't, you can always PM me or ask here. And if you need more technical answers then I am sure that @Andy Ful will be happy to help you out.


A little off topic, but you can also create your own Computer Security Configuration thread, so that other people can give you recommendations and other tips how you could further improve the security of your system.
You can create it here: Computer Security Configuration

 

[Andy Ful]

... My question is has anyone reviewed SWH and deemed it to be safe. Like reviewed the actual code or just made a review or the software? I felt like i did something kinda stupid. I downloaded something that im not 100% sure is safe.

You cannot be sure if something is safe even if someone would review the app. Generally, the application (EXE or MSI installer) can be reasonably trusted if it is not blocked by SmartScreen or another file reputation service. If the app is blocked by SmartScreen then you have to check the app in some other way. Did SmartScreen block your SWH executable after downloading it from the Internet?

 

[upnorth]

Do not use an administrator account.
Set UAC to maximum.

It's simple, but it's effective and quick to put into practice.

Spoiler: Olé, Olé, Olé

 

[Andy Ful]

Do not use an administrator account.
Set UAC to maximum.

It's simple, but it's effective and quick to put into practice.

The advice is recommendable for many users who use both administrator and SUA.

Some comment:
If one does not use an administrator account then there is no need to set UAC to the maximum. On SUA, any process elevation triggers the credential consent prompt. It is stronger than setting UAC to maximum on the administrator account.

 

[Mjolnir]

My question is has anyone reviewed SWH and deemed it to be safe. Like reviewed the actual code or just made a review or the software? I felt like i did something kinda stupid. I downloaded something that im not 100% sure is safe.

Here is a test of Andy Ful's Configure Defender

 

[ForgottenSeer 94654]

I did downlad SWH

Please provide the exact download URL that you used to obtain SWH here.

My macafee webadvisor extension flagged the bete exe file as it might be harmful.

False positive (detection) by McAfee WebAdvisor. Highly probable.

 

[cc207]

Develop a backup strategy. Create system backups, such as with Macrium Reflect Free, so that you can quickly restore the system in case of trouble.