#What are some good online security measures I can do for a specific computer/whole home network?

My family has some concerns about online security especially when banking.

I don't particularly trust that their computers don't have stuff on them that shouldn't be (less malicious stuff, but more just extra programs and junk to slow them down/fill them up).

Is there any paid for or free anti-virus software that's worth it? What about VPN's? Is it worth trying to make my own VPN or proxy (using home server/PI)? What about virtual/hardware firewalls?

How can I also explain that their Internet traffic is safe and that online traffic is encrypted and safe or that its safe to use financial apps that belong to the companies themselves?

Well yah good online safety teaching lol. Also on the defenser, their computers use windows 7 or older.

The VPN stuff was mainly for I think some do extra encryption. Also may help against knowing address and blah blah your city (phising whatever's seem more realistic then)

They are just older and not used to tech and are kinda paranoid they are gonna get scammed or something.

Ayo whaa

Lol they have a super old laptop and they are cheap haha 🤣

💀💀 they could not handle that

I'll see maybe j can sell them some new clean windows 10 laptops or something

What about chromebooks?

Are they very secure and honestly that would be best performance for price I believe

Though i thought I heard some issues about them, but that may have only been with installed apps

Yah lol

Hmm

Check if there are any basic computer classes available in your area, for security and internet basics, your family's concerns will be alleviated with education, sign them all up.

Right now they're operating with hearsay and just being scared with tech they don't understand.

teach them

@queen anvil as for AVs go with kaspersky

What about Zorin? its almost impossible to get confused between them.

If you chose to stay Windows? For anti-virus windows defender is definitely good enough, but if you feel you absolutely need the extra security of an anti-virus i suggest Bitdefender.

Also i suggest researching how to host your own 2fa servers if you feel it necessary and dont trust a third party as a 2FA service

windows defender is only good with the right config

otherwise its kinda... awful.

true

ive literally had a virus that was named virus.exe lmao (long time ago)

like its good for well-known malware but for anything thats new and advance, it usually slips right past it.

ive seen some malware capable of entirely disabling defender

kaspersky is def the best, but some people don't like that it originated from russia.

never heard of it but according to GPT it does have better malware detection but overall loses out on features

wanted to get a second opinion on this "According to a comparison by Tom’s Guide, Bitdefender Antivirus Plus (starting at $19.99 for one PC) comes away with a victory, thanks to its wealth of useful functions and features and its easy-to-use interface Kaspersky Anti-Virus (starting at $39.99 for three PCs) has a very slight edge in malware detection and a lighter system impact"

it doesnt really lose out on features tbh

i see

might be hallucinating

ill look into it and see if i want to switch

the pc security channel has a few good videos on it

will check them out thanks

which channel is that im having trouble finding it

https://www.youtube.com/@pcsecuritychannel

oh

I thought you meant on this server 💀

ohhh

lol

this one is def worth watching

https://youtu.be/MxKCz0NMb2o

its a bit older but its still valid

found a 2022 video from the same channel

watching rn

Is Google's that good?

Zorin = linux distro?

Oh and @fierce acorn @untold haven im sure the best anti virus is just to not download anything right?

What's the worst attack that could happen from visiting a bad webpage, like not downloading anything or inputting any information, just visiting it? I think they can cross-page take some cookies or other information right? (I don't know too much about webpages and information that they take in, etc.)

Oh hmm.

Can you compare like sms 2FA vs Google vs another authenticator app?

Like going from sms to an app is a massive jump, but app to app is just a little?

And its less uhh about app layout or looks/features, just in terms of security.

yep, there's little reason to daily-drive an admin account

for a home user

and when you do need the admin priviliges, it prompts you for the account password

The admin account password?

yep

How do you setup the two users and does that take much disk space or make the file structure any weirder? Or when you download apps does it work with both?

I'm thinking is it similar to the windows 10 feature of virtual desktops? Like ALT+Windows gets you a new "desktop"?

Lol make them call me over for admin privileges 💀, but that sounds good honestly

setup is easy, it's done from windows users under control panel, installing apps also gives you the option to install them for all users or for current user

and it does take up some disk space, but not a whole lot

They have one time codes and the uh like time changing ones yes?

So maybe I could try to install windows 10 on their old laptop, though it is pretty slow.

That seems like a candidate for throwing away/not using or like the linux variant someone suggested earlier

noo don't hoard the password :P they should know the admin account password, but they usually don't need to use it, so when something requests it that should be suspicious and they can give you a call and ask wtf is this thing, unless they're installing some software or something that needs admin to run install shield

Oh okay, I got you

Perhaps both are in order. They could use a PC period in the office. Maybe a Windows pc and try linux on the old laptop

Long term, just educate them

But if they're not interested in learning, setup some compromise

Someone suggested zorin?

Id just be like whatever distro is most like windows lol.

Most they would need is like maybe office type apps.

Ubuntu or Mint is easy for a windows user

Uh what about keeping financial spreadsheets? Whats good for that? Like physically downloaded? Would online excel or google sheets be a bad idea?

open office has spreadsheets and it's free, local install

Yeah libreoffice yah?

I think that's different software, but also an option

oh, actually the same?

hmm wait, no

Would the file be the same? Like I could open a libreoffice spreadsheet in Excel or Google sheets and keep formatting and stuff?

I think open office is open source, so support for that is available but optional in other systems, it can also do excel files

plenty of options yep

Eh office to office is goof

Good

Interesting

Uh are firewalls worth anything or helpful at all? I almost feel they get in the way more than help lol?

For a regular user, all you need is the windows builtin protections

They've made it so good in the past 10 years that the market for third party firewalls has kinda died

Yeah true

Okay ive got lots of good information and ideas now

yeah but at some point you’ll have to download something

True true

Yeah Zorin is a Linux distro

The best anti virus is often times learning learning common sense

Basically as similar to windows 10 you can get

VPNs aren't encrypting anything any more than you would normally be 'encrypting' traffic served over https, it's just routing your stuff through a random server somewhere, which means you have to trust the vps provider if you're worried about someone snooping on your logs or whatever. honestly like someone else said above, vpns are not needed in most cases, certainly not in this specific case...they are way overmarketed and the people shilling them often misrepresent what they can even do in the first place

on to the rest of stuff, i would second the people who advised you to upgrade the operating system. frankly, this is almost a non-negotiable at this point, it's so outdated that it being used in 2023 is itself the biggest liability. not sure how old or outdated the laptop they're using to run windows 7 is (and from what i can gather it doesn't seem appropriate to recommend installing a lightweight beginner friendly linux distro on it) but if you can scrape together like 100 bucks or so you can buy some pre-built mini pc from amazon and it'd be an enormous improvement

yah if you were to go that route, zorin is a fantastic choice, it's extremely user friendly, i have installed zorin os 16 lite on the machines of some older people who are probably similar to those you're trying to help, OP, and they have no clue it's linux, it just works and it's super stable, lightweight

Hmm, yah aren't VPN's more just to protect identify/location information etc?

Like security but only in that sense?

And is zorin/other linux distros have antivirus or security programs, like Windows defender or do they just do it like at system level?

aside from all of that, would STRONGLY suggest having them use a password manager. i like Bitwarden, personally -- it's what I use and have used for years, they have a stellar security record and they have apps and browser plugins for every platform you can imagine. getting them into regularly using a password manager is pretty crucial, if you use it properly it will mitigate nearly all chances of being attacked, save for a few really crazy and quite rare scenarios. provided that you use it with 2FA enabled (it works and nwill automatically fill in the 2FA codes for you on websites, it manages the whole thing from within the app), and use it to manage your passwords, it's golden

it's probably outside of the realm of this convo/their needs to get a physical security key, but i noticed someone was mentioning SIM swapping, which is definitely a concern to be aware of. right now it's mostly limited to targeted attacks, usually for high profile individuals and those who have access credentials tied to their phones, it's led to a lot of people having things like crypto stolen from them. outside of having them call into their phone providers and putting an explicit warning on their account information that under no circumstances is anyone to make any changes to their account without having verified some kind of pre-set password they can give the company, there's not much to be done other than not using SMS verification for 2fa as best practice right now, because a rogue actor inside of the phone company can always bypass the 'secret password' thing anyway

I'll have to see about that too. They only have one computer right now they both use and its an old cheap toshiba laptop.

yeah vpns can provide security through obscurity, but only in situations where the network admin or person trying to 'track' you has little idea what they're doing, for most commercial vpns the ip blocks they utilize are well known and show up in databases, worse still they're oftentimes blocked or downgraded by different blacklists and shit like that

if not going for the mini pc (i can provide some recommendations), an alternative that would be great and would basically remove any possibility of some kind of malware or virus shit would be getting an ipad, even one that's a few models old. they are supported for YEARS after release and run quite quickly, if they are very tech naive there's nothing that they can't do on the ipad, i'm a huge nerd and i basically can do almost anything on there

plus it's portable and you can get a little keyboard and mouse for it and everything, super easy to use, intuitive

Password Managers can do 2FA like the one time temporary password stuff?

What's the pricing and use of these like?

Extension/app and do you need just a password manager password and then it uses the other passwords?

yes, bitwarden does all of that

yes basically that's it you have a master password for bitwarden

you can also set it up with 2fa on bitwarden itself and have that tied to like an authy installation (totp app) or google authenticator app, etc. on your phone or other device. i use a physical security key for logging into my bitwarden, but that's probably overkill

bitwarden is 10 dollars for a year

https://bitwarden.com

If you have the app can you view the passwords? Or do you have to like install it and it handles it all start to finish?

comes with secure cloud storage as well

Hmm hmm interesting

everything is encrypted in bitwarden, so the only time you can see anything is if you are logged into the app or extension and you explicitly choose to go look at it, it uses public/private key cryptography which means that theprivate key (what you use to unlock or 'see' the items) is stored only on your device

The advantage is being able to have really complicated passwords for everything right?

that's what keeps the information safe, they dont have the key

yes, it's also automatic and it checks to make sure your accounts havent been included in any leaked dumps of credentials

Oh nice

so you will get warned to change your login details, etc

Sort of like the haveibeenpwned?

honestly password managers are essential, they have a ton of other features, you can use it to securely share logins with someone if you wanted to do so and added them to your 'organization', they have secure notes in the app, etc. yes, like haveibeenpwned

bitwarden is legit, one of a handful of things i am a huge advocate for, i have used a bunch of different pw managers and this is the one that hits the right mix between features, security and being user friendly

makes it super easy also if you have multiple logins for a website to manage all of it

And bit warden has a good track record?

I'm trying to think just for password wise. Would it have any advantage than just having all the complicated passwords memorized (theoretically, one may not be able to actually do that)?

Other than other features it may have, just security benefits.

it's got a built in password generator, you can configure it to your liking, will show you the histsory of your accounts pw's if you change them as well as the ones you generated

memorizing passwords is a pain in the ass

especially with how many accounts people have nowadays, it's only increasing

Hmm, and you say its encrypted by a key thats only stored locally? And that can be a physical key?

there are some people who use an approach of a passphrase or a mnemonic device to let them remember passwords, or to generate passwords based on a formula of sorts, this is something that i guess can work (the formula approach), it's what i do to a certain extent when i am using slightly less security demanding things, like the passphrase on my server's SSH keys, i will have them generated according to a formula i made up so i dont have to remember all of them

yes and yes

the key is a cryptographic hash, it's a long ass string of random numbers and letters

Interesting

it's stored locally and can only be recovered using a recovery phrase which is a series of words, either 12 or 24 words, similar to how a bitcoin wallet has a recovery feature

if you get an ipad for example, you can just use bitwarden with the face ID feature or the thumb scanner thing, and never have to do anything really

So perhaps get them on windows 10/11 (any preference there) or linux.

Then change all passwords and use a password manager like bitdefender to get complicated safe passwords.

While changing them see if they also have auto-log-out features on all accounts.

Good strat?

bitwarden, but yes.

How would you use a physical security key on a bit warden app?

i saw that there was a bunch of conjecture about anti virus stuff earlier, honestly, most of it is unnecessary, windows defender is sufficient as long as you regularly update the OS and install the windows updates

i take it they aren't downloading files from sketchy places like torrent trackers

which is where like 95% of people are getting random malware from lol

physical security key would be something like this:

https://www.amazon.com/Security-Key-NFC-Yubico-authentication/dp/B0BVNPWPCN/

I'm just thinking if anything it will probably be from phising stuff or them failing.

So if i can get some kind of like, the password isnt auto working instead its asking me to sign in again other than normal then i was told to hang on and see something is up yk

there are a bunch of different models, I would strongly recommend yubikey brand, it might sound neurotic but i know where it's manufactured and the company is legit

yeah bitwarden will do things to notify you like if the status changes of your account login

there's also browser extensions you can get which will stop from visiting any kind of phishing sites or from displaying spoofed emails and those kinds of things

Hmm hmm you know any particularly?

Also is just changing an email password good enough to prevent access to that too?

most security comes down to common sense things, well, common sense to those of us who have been online for a while -- don't open random email attachments or download them, if something sounds too good to be true it probably is, don't give your online banking info to anyone, use 2 factor authentication and a password manager always

yeah if you change your passwords and then clear the browser cookies and cache, you will be fine

i would also avoid using third party logins like where you have google acting as your account and basically logging in to sites for you with your google info

or facebook or whatever, lots of places offer this but it's inherently risky, if one of those services is compromised it can mean your accounts elsewhere are fucked

technically it's not 'supposed' to work that way, but all kind of weird and shady things happen online so better to be safe than sorry

Hmm hmm true

We talked linux, windows, ipads

What about chromebooks? Is that similar to the ipad argument or do they have inherent issues too?

i gotta go but yah one final thing, if they are older -- advise them to never, ever, ever, talk to people who are claiming to be from microsoft support or best buy or any random company on the phone, especially those with a heavy indian accent...tech support scammers are some of the worst scum on the planet and they prey upon old people, steal money from them, it's awful. i warn any old person i know about this shit, you'd be surprised at how often people fall victim to it and lose hundreds of thousands of bucks, they'll get a phone call telling them they are going to be charged 500 bucks or something and they call to cancel it, the scammer says they are refunding them and then does this song and dance to get the old person to let the scammer remotely connect to their pc with anydesk or a remote access software, then they do this ridiculous (honestly, laughably bad, but old peope fall for it) thing where they open a command prompt and tell the person to "type in the refund amount for our server" and they will add another 0 or two 0s to the amount, so 500 bucks becomes 5000 or 50,000 and then they make them go buy gift cards or take out cash and send it to them, that's if they haven't already got access to their bank account info

chromebooks are okay, they are just limited in what they can do and what kind of software can run on them, i havent used one in a long time idk if they are still making them tbh, they probably are

lot of garbage shit in the google play store though that can be installed on a chromebook, not any more secure due to the restrictions. ipads at least are still for now in a walled garden where anything on ios and ipad os has to go through apple's super strict policies to be on the app store and get installed

https://www.youtube.com/watch?v=yGY7UQji2go this is a video of the tech support scam thing i was talking about btw, worth having them aware of what goes on so they know what to look out for

anyway im out for now, good luck

All good info. Thanks so much! 🫡🫡

try installing chrome os flex on them

yah i was considering doing that or a linux version, just something simple that is secure and would allow that slower laptop to be used lol

@static mesa Hey, so i was looking at bitwarden and they have some free options. I guess they are funded and open source and able to provide this though they do have some premium or family plans.

Are the premium or family plans worth it. What do they provide over the regular free one? It seems they claim the difference to be that the premium has:

• "advanced" 2FA
• bitwarden authenticator
• security reports
• etc

Would it be worth that or should i stay away from the free one or anything?

You can host your own bitwarden server if you’re into that and get all the features that entails with the open source vaultwarden if I’m not mistaken

hmm

true, but i wouldnt trust myself to be able to manage a critical service like that well and itd probably be less secure than the pros managing it.

Yeah my brother has it set up here

its just the whole idea of yk, if something is free that means you are the product lol 🤣 im surprised that they can host the service for free

oh dang yall both got it

huh

Yeah if you don’t trust yourself just get the service bitwarden provides

yah man that was really cheap, may just get family plan lol 🤣

hmm yah

so I hate to dig up and old thread, but I found why my parents were so paranoid about it now.

They recently got some letters about data breaches from some companies

They got letters that told them their information was compromised including names, SSN, DOB, zip, state, etc.

The thing is the data wasn't really on their side of things. They wanted to like get Norton antivirus or something but like, idk. It may be hard trying to convince them that its not really them and its the companies that lost their data.

All they can do now is just try to monitor their credit reports etc.

Anything else they can do?

I think there are sites/services that advertise getting rid of your data online, but it seems sketch lol and if it does remove data its stuff like phone numbers not serious things.

freezing credit reports? Like im familiar with freezing credit cars, but can you just say no one is allowed to make inquiries or try it or anything?

Then to keep it that way until they need to temporarily do some kind of banking thing? Huh, interesting. Is this a long term kinda thing?

does this mean credit card companies can still report to your credit? Like if you made payments and stuff. Like will this keep your score from rising/falling?

Its main purpose is for preventing new lines of credit from opening.

Credit cards will work as normal. Just can't open any new ones, or get new loans, without lifting the freeze

okay

ill definitely have to tell them about that then

that seems really cool, cause i doubt they are getting any new loans or credit cards ANY time soon

They also don't need to pay anyone to get their credit reports. One can be gotten for free from each credit bureau per year.

https://www.annualcreditreport.com/index.action

Can get all 3 in one go, or request one from each 4 months apart

hmm

but they need to visit all 3 of them to freeze at each of them and unfreeze at each of them yes?

Correct. But it's not something you need to do very often. Most of the time when someone wants to check credit they pull only from 1 bureau. Just gotta ask them which bureau they check.

Hmm hmm