Windows Defender gets the job done — so why even gamble with third-party antivirus?

by

What I use is Windows Defender and Malware Bytes Pro.

In a world where Windows Defender is more than good enough to get the job done, why even risk using a third-party antivirus?

Dan Thorp-Lancaster

28 Jan 2020

Windows Defender family optionsSource: Windows Central

News broke this week that Avast has apparently been selling the browsing data of its users to major companies, including Microsoft, Google, Pepsi and Home Depot. The data, which was obtained as part of a report by Motherboard and PCMag, included things like Google searches, what LinkedIn pages and YouTube videos people looked at, and even the porn sites people viewed.

Avast claims the data it collects is anonymized, and its users have to opt in to allow Avast to use their data. However, it’s unlikely that every owner included in the around 100 million devices that opted into the program knows exactly how their data is being used and what’s being collected. Despite all of the caveats, the fact remains that an antivirus company is harvesting browsing and search data from its users, dumping it off to a subsidiary, and selling it for marketing purposes.

Our favorite VPN service is more affordable now than ever before

Why even gamble with the idea of yet another company treating your online habits like a sack of money to be pillaged when Windows Defender, which is build into Windows 10, is good enough?

Defender isn’t perfect but it’s more than good enough

Windows Defender Security CenterSource: Windows Central

Microsoft has received some backlash in recent years over the telemetry data it collects with Windows 10, but that’s a far cry from pulling your entire browsing history and selling it, even if it’s anonymized. Otherwise, Windows Defender has a lot going for it: it’s fast, and it doesn’t hit system resources as hard as heavy third-party antivirus software does. Even better, it’s just as good as all of the other antivirus options on the market.

By opting to stick with Windows Defender, you also avoid all of the annoying parts of third-party antivirus software. It’s free, there are no annoying pop-ups to renew your subscription, and you aren’t opening yourself up to other potential attack vectors opened up by the way other antivirus software has to integrate itself into your system. Did I mention, it’s free for Windows users?

Windows Defender is no cure-all for every problem out there. You’ll still want to practice some common sense when poking around the internet, and you might even want to pair it with a malware scanner of some sort to double up on protection. Still, there’s no reason to go out of your way with third-party antivirus software when Windows Defender is just fine in its current state.

I don’t say all of this as some sort of privacy warrior. I’m well aware that every Google search I make, every trip I map out with my phone’s GPS, and every Amazon purchase I make are all going into some marketing black box that is uniquely designed to make me buy more stuff I probably don’t need. But when everyone online is looking to make a buck on our data, it only makes sense to cut down where you can.

This is information is from https://www.windowscentral.com/windows-defender-great-so-why-even-gamble-third-party-antivirus

 

New Google Android Threat: Malicious App

by

This information came from Forbes at https://www.forbes.com/sites/kateoflahertyuk/2019/10/30/new-google-android-threat-malicious-app-installed-by-40-million-play-store-users/amp/

Google Android users have been put at risk again, after it emerged a keyboard app called ai.type previously available on the Play Store has been making millions of unauthorized purchases of premium digital content. The Android app has been downloaded more than 40 million times, according to researchers at Upstream.

Hiding in plain sight by masking its activity to spoof apps such as Soundcloud, the rogue Google Android app delivers millions of invisible ads and fake clicks, passing on user data about real views, clicks and purchases to ad networks.

Ai.type is a customizable on-screen keyboard app developed by Israeli firm ai.type LTD, which describes the app as a “free emoji keyboard.”

But in the background, without your knowledge, the Android app turns your device into “one of the many bots of the network controlled by fraudsters to commit ad fraud,” says Guy Krief, CEO of Upstream.

The app was deleted from the Google Play Store in June, but it remains on millions of Android devices and is still available from other third-party marketplaces. There was a spike in its suspicious activity once removed, the Upstream researchers say.

Specifically, Upstream says its Secure-D platform has detected and blocked more than 14 million suspicious transaction requests from 110,000 unique devices that downloaded the ai.type keyboard.

There is currently a free version of ai.type in the Google Play Store, which was added in October. Upstream’s researchers say they have not detected any suspicious activity coming from the newer app. The premium app is not affected.

It’s one of many rogue Android apps reported in recent weeks. Only last week, researchers at ESET discovered a year-long campaign that saw 8 million installs of adware delivered through 42 apps.

It came after ESET researcher Lukas Stefanko published his report detailing the 300 million malicious Android app reports during the month of September.

Other recent rogue apps plaguing Android users include spyware and adware.

The Google Android app threat: What to do 

I contacted Google, who confirmed that the app had been removed from Google Play. However, Upstream advises anyone who has downloaded ai.type to check their phones for unusual behavior. This can include issues such as the battery depleting faster than usual, your device overheating, your data plan depleting or charges for premium digital services that you haven’t purchased. If you spot any of these indicators, it’s likely you have become a victim.

If you have already downloaded the app, you should delete it now, says Krief.

In general, Android users need to be more proactive about their security than those who use Apple’s iPhone. In order to be as safe as possible, Krief advises to only download apps from Google’s Play Store.

Meanwhile, read users’ reviews of apps–and not only the most recent ones. “Do a quick online search about the app and its developer,” he says.

You should also have active and updated anti-virus running on your device.

It seems that malicious Android apps are popping up more than ever. Recently, a lot of experts have been commenting that the Google Play Store is getting out of hand. “It is hard to keep statistics, but we are seeing an increasing number of apps available in the Play store being exposed for fraudulent activity,” Krief says.

He warns: “We are also seeing developers re-publishing apps that were caught for fraudulent behaviour, under the same name, or under a different app name.”

So it goes without saying, if you use Android, you need to take steps to secure your device–and be careful about what you download as well as the permissions you allow your apps.

Update November 1 at 07:36 ET

Updated to clarify that there is still a version of the ai.type app in the Google Play Store, but this is not affected by the same issues as the one removed by Google in June. 

How Cybercrooks Can Hack Your Online Bank Accounts.

by

This is the webpage that I got this information from

https://www.aarp.org/money/scams-fraud/info-2019/online-bank-account-security.html?cmp=EMC-DSO-NLC-WBLTR-FRD–CTRL-092719-F1-4055394&ET_CID=4055394&ET_RID=19555827&encparam=ykOEQ%2fOe%2bgiIjGMPxF3V%2bnAnNdan0aQpJu5v6HPf5oE%3d

If you think your checkbook and paper statements keep you safe, with again

You log into your banking site and immediately notice something’s wrong, horribly wrong.

Somehow, your account has been compromised and money is missing. At the risk of fearmongering, this isn’t as uncommon as you might think.

Like many Americans, you might have become a victim of bank fraud. And it’s usually tied to a password that has been stolen, guessed or tricked into sharing with cybercriminals.

“Unfortunately, most people use the same credentials for their online bank accounts as they do for social media and online shopping sites,” says Georgia Weidman, author of the book Penetration Testing: A Hands-On Introduction to Hacking. “If one of those vendors is compromised and attackers gain access to the stored credentials, they may be able to reuse them on the online banking site.”

Skepticism is your friend

“Another common attack is phishing, or basically asking the user to attack themselves,” says Weidman, who also founded Bulb Security.

The cybersecurity company is devoted to device vulnerability assessment, training and penetration testing — essentially ethical hackers for hire.

“An attacker might send you an email or text message pretending to be your bank and asking that you validate a recent purchase,” she says. “When you click on the link in the text message, it takes you to what looks exactly like your online bank account, except it is actually a clone controlled by the attacker.”

You might think you’re at capitalone.com, for example, but if you look closely, it’s captial0ne.com.

Some scammers will even call you — yes, by telephone — and pretend they’re from Microsoft, the IRS, your bank, and so on to try to persuade you to give out your personal information to (ironically) protect you.

Don’t fall for it.

“Besides, your bank or other financial institution won’t ask you to confirm these credentials in an email or by an unsolicited phone call,” says global security evangelist Tony Anscombe at ESET, also a technology security company. “When in doubt, contact your bank to see if it was really them. Chances are it wasn’t.”

Don’t bank online? You’re still at risk

And here’s a discomforting fact: Even if you don’t opt for online banking through a website or app, identity theft could lead to a crook opening an online account in your name.

What to do?

Reduce the odds of becoming a victim of bank fraud with these five tips.

1. Use strong and unique passwords

Never use the same password for all of your online activity. As Weidman cautions, if a service is hacked and your password is exposed — if your bank suffers a data breach, for instance — cybercriminals may try it on another account.

“Even if the password is similar between online accounts, hackers use software tools to try to guess the stolen credentials,” Anscombe says.

A recent study revealed the most common password was 123456, followed by 123456789 and QWERTY.

Also, don’t use your kids’ or pets’ names, phone number, date of birth, or mother’s maiden name. All of this info could be easily attainable, especially in this era of social media.

Not only should you use different passwords for all accounts — and password manager apps are a handy way to remember them all — you also can use a passphrase instead of a password, a sequence of words and other characters including numbers and symbols.

Anscombe says a passphrase can be super easy to create, such as the phrase “my red Ford Mustang is No. 1” becoming the passphrase “myr3dFoMu#1!”

2. Enable two-factor authentication

Make it harder for the bad guys to access your data by adding a second layer of defense.

Apple's two factor authentication for iCloud accounts can make their devices more secure

Cristian Dina / Alamy Stock Photo

Two-factor authentication for Apple iCloud from a desktop and mobile device

Two-factor authentication means you not only need a password, passcode or biometrics logon such as a fingerprint or facial scan to confirm only you can access your accounts, but you also receive a one-time code to your mobile phone to type in.

In other words, two-factor authentication combines something you know, your password, with something you have, your smartphone.

“Like password managers, two-factor authentication isn’t 100 percent perfect, but it puts you many steps ahead of other users who have weak or the same passwords on all their accounts,” Weidman says.

3. Install good antimalware

Just as you wouldn’t leave the front door to your home unlocked, you shouldn’t let your tech be vulnerable to attacks, whether it’s a virus or other malicious software, called malware, that sneaks onto your device or happens because you were tricked into giving out sensitive information.

Reputable antimalware that’s updated often can identify, quarantine, delete and report any suspicious activity coming into your computer or flag sensitive information going out.

“Most people don’t think of protecting their smartphone, too, which is a big problem,” Anscombe says. “Make sure you have good cybersecurity protection. And don’t fall for phony texts.”

4. Opt for fraud detection; review your statements

Some, but not all, credit-card companies and banks can push notifications to your mobile device if something looks suspicious during a purchase — such as a large amount charged or a location in a different state than your usual address.

You may be asked to confirm it was really you who made a purchase with a simple Y or N.

On a related note, be sure to review your bank statements every so often to see if anything looks odd. If so, contact your bank or credit-card company immediately.

5. Watch out for Wi-Fi hotspots

Do not conduct any financial transactions such as online banking, trading or shopping when you’re using a public computer in an airport lounge, hotel or library or when you’re using a public Wi-Fi network, say, at your favorite coffee shop.

You never know if your information is being tracked and logged — so wait until you’re on a secured internet connection at home. Or use your smartphone as a personal hotspot, which is safer than free Wi-Fi.

“And make sure no one is looking over your shoulder at a coffee shop or on an airline,” Anscombe says.

A few more suggestions to mitigate the risk of bank fraud:

  • Update your software. Cybercrooks look for vulnerabilities in operating systems or programs/apps. Set your software to automatically update, so you don’t have to remember to do so.
  • Back up regularly. It doesn’t really matter how you want to do it — a free cloud service, external hard drive or USB thumb drive. As long as you’re proactive about backing up your important files regularly, you’ll minimize any damage if attacked.
  • Lock your devices. Be sure your laptop, tablet and smartphone require a PIN or password to unlock. Otherwise you’re exposing your files to strangers if your device becomes lost or stolen. Use your fingerprint or face to authenticate you, called biometrics identification, because it’s fast, convenient and secure.

You don’t need a degree in computer engineering to protect yourself from bank fraud.

Use these tips, remain alert and rely on some smart software. You can greatly reduce the odds of becoming a victim.

Marc Saltzman has been a freelance technology journalist for 25 years. His podcast, “Tech It Out,” aims to break down geek speak into street speak.

AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free “watchdog alerts,” review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.

Filed Under: Scams

Share:

Scammers impersonating Social Security Administration (SCAM)

by

Officials said the callers fraudulently identify themselves as Social Security Administration representatives and threaten taxpayers with deactivating their Social Security number or account due to “suspicious activity.”

Posted: Aug 9, 2019 12:58 PM
Posted By: Chelsea Hunt

Share to Print

EUGENE, Ore. — The Oregon Department of Revenue is warning the public after a spike in scam calls.

Officials said the callers fraudulently identify themselves as Social Security Administration representatives and threaten taxpayers with deactivating their Social Security number or account due to “suspicious activity.”

As part of the scam, the caller may ask for personal information and bank account information.

Officials warn that a person’s caller ID may even show the real Social Security Administration number — 1-800-772-1213 — but the scammers are faking the number.

“We encourage the public to protect themselves by verifying they’re speaking with authorized representatives of the Social Security Administration if they have any questions about the legitimacy of the call,” said Department of Revenue Director Nia Ray.

If you suspect the call is a scam, hang up and call the Social Security Administration number and speak to a real representative. Officials said you should never give any part of your Social Security number, bank account information or credit card number to anyone who contacts you.

Officials said if you get one of the calls, notify the Federal Trade Commission. You can also report scams to the Office of Inspector General by calling 1-800-269-0271 or online by clicking here.

Microsoft Issues ‘Update Now’ Warning To Windows Users

by

This is from https://www.forbes.com/sites/daveywinder/2019/06/01/microsoft-begs-windows-users-to-update-now-citing-wannacry-2-security-threat/#290f5c1c60ca
uncaptioned
ASSOCIATED PRESS

Microsoft really does not have the greatest track record when it comes to those security and system fixes that are usually referred to as Patch Tuesday updates. Readers of Forbes will not need reminding how these updates have recently caused Windows to freeze or simply decided to install themselves and cause unexpected restarts. Indeed, I have had more messages from readers who are fed up with Windows updates than in relation to anything else I have covered on Forbes. Yet it is precisely these people that Microsoft is now urging to apply one particular set of updates released May 14, warning that unless they do at least a million computers might be exploited by a security threat that could be as damaging and costly as WannaCry was two years ago.

The warning, which reads almost as if Microsoft wrote it on bended knee, was posted on the Microsoft Security Response Center blog. Referring to the critical Remote Code Execution vulnerability, CVE-2019-0708, that has become better known as BlueKeep, Simon Pope, director of incident response at Microsoft, states that “Microsoft is confident that an exploit exists for this vulnerability.” What’s more, Pope says that such an exploit could “propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” An internet-scale port scanner has already determined that there are at least 923,671 internet-facing machines which are vulnerable to BlueKeep on port 3389 which is used by the Microsoft Remote Desktop feature.

It is worth reading between the lines here, especially concerning that apparent confidence that a BlueKeep exploit exists. While it is not clear if Microsoft has intelligence that suggests active malware has been weaponized in this way, what we do know is that there is proof of concept (PoC) code available already. One BlueKeep demo on GitHub will crash a system that is vulnerable but does not execute the wormable threat that Microsoft is obviously so worried about. We also know, through the information security community on Twitter, that there are denial of service (DoS) exploits available, and that security researchers have been successful in developing wormable exploit code.

While Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows 2003, Windows XP and Windows Vista all are. Despite all of those vulnerable systems being unsupported for some years, Microsoft made the patch available to users which shows just how concerned it is by the “WannaCry 2” threat. Windows 7 and Windows Server 2008 are also vulnerable.

Although I am as fed up with ongoing Windows update problems as anyone, I’m more worried about a WannaCry 2 attack taking down a myriad of business systems and all the fallout that entails. Which is why I am echoing the advice of Microsoft’s Simon Pope: “We strongly advise that all affected systems should be updated as soon as possible.”

Lowe’s warns customers of gift card scam

by

It might seem like a great deal. Getting a $50 coupon to Lowe’s Home Improvement stores in exchange for answering a few questions.

But it turns out the whole offer is a scam.

Lowe’s told Facebook users on Monday that an offer circulating the social networking site is not from Lowe’s.

“The coupon is not affiliated with Lowe’s in any way. It is a phishing scam. Please be careful,” Lowe’s said.

It appears that the false Facebook offer directs users to a site that collects personal information. While the coupon appears to be legit, it will not be accepted by Lowe’s.

The Better Business Bureau has issued five tips on how to avoid online scams:

  1. Don’t believe what you see. It’s easy to steal the colors, logos, and header of any other established organization. Scammers can also make links look like they lead to legitimate websites and emails appear to come from a different sender.
  2. Legitimate businesses do not ask for credit card numbers or banking information for coupons or giveaways. If they do ask for personal information, like an address or email, be sure there’s a link to their privacy policy.
  3. When in doubt, do a quick web search. If the giveaway is a scam, this is likely to reveal an alert or bring you to the organization’s real website, where they may have posted further information.
  4. Watch out for a reward that’s too good to be true. Businesses typically give out small discounts to entice customers. If the offer seems too good to be true (a $100 voucher or 50% discount) it may be a scam.
  5. Look for a mismatched subject line and email body. Many of these scams have an email subject line promising one thing, but the content of the email is something completely different.

Justin Boggs is a writer for the E.W. Scripps National Desk.  Follow him on Twitter @jjboggs  or on  Facebook .

This information came from https://www.abcactionnews.com/news/national/lowes-warns-customers-of-gift-card-scam

Filed Under: Scams

Share:

World Back Up Day (March 31, 2019 Sunday)

by

***** ALL LINK LISTED ON THIS PAGE ARE EXTERNAL LINKS *****

This is the link from where this information is from https://www.lifewire.com/world-backup-day-2617949

Sunday, March 31st, is World Backup Day, the day we technology folks remind you of how important it is to back up your data.

Considering our particular expertise, we tend to do this much more often than once per year, but will take this annual excuse to do it yet again!

Here’s the message to remember:

Your Data Is More Valuable Than Your Device

Hardware is cheap and getting cheaper. Do you know what’s expensive or even priceless? That term paper you spent three weeks writing, the $3,000 USD in music and movies you have on your hard drive, and the digital video of your little boy or girl’s first step.

You can get a new computer or phone, but try replacing those important files: You can’t!

So What Do You Do?

You back them up!

When you back up your data, you’re making a second copy of anything and everything that you don’t want to lose. Should something happen to the originals, you can restore the backups to your computer (or phone, tablet, etc.) with a backup service.

Technically, a backup just refers to any piece of data that exists in two places. The primary purpose of a backup is to have a recovery plan should the primary data become inaccessible, so it’s common to keep backups offsite like online or, at the very least, on a second hard drive, even another internal one.

Why You Should Back Up

There are several scenarios that could take place where having a backup of your data would be useful:

  • Your phone gets stolen, and you lose all your pictures and videos
  • An external hard drive crashes, deleting your home videos
  • You forget your laptop in a cafe and you’ve lost all your homework
  • A virus holds your data hostage until you pay to remove the restraints
  • You accidentally delete something important

Your Backup Options

We’re huge fans of online backup services. Using a cloud backup service (what they’re sometimes called) is the easiest and most economical and effective way of keeping your important data safe.

See our reviews of online backup services for a ranked, updated list, complete with prices. Some plans allow an unlimited amount of storage, some limit you to so many GBs or TBs, some support backup from multiple simultaneous computers, some are even free for a just a little storage.

Have questions about online backup or not completely sure what it is? We answer most every question we’ve ever gotten about online backup in our Online Backup FAQ.

No matter what your needs are, we’ve done all the research to help you make the right decision. Aside from the list of reviews linked above, our online backup comparison chart is really helpful if you’re curious which of our favorite cloud backup services offer a particular feature.

Here are some more online backup resources you might find helpful:

The reason online backup is so popular is because it provides an entirely separate location for the copies of your files. If your flash drive is your backup device, for example, and your laptop gets stolen with your flash drive plugged into it, the backup ends up being basically pointless.

We also keep lists of traditional backup software titles that are built not for online backup but for local backup, meaning that the files are saved to another local hard drive, or even to an FTP server or networked computer. See our free backup software tools and commercial backup software reviews for more information.

Here’s more about backing up:

Using a cloud storage service is another option for keeping your data safely backed up online. The difference between a cloud storage service and a cloud backup service is that the former usually does not let you back up data automatically and on a schedule, but instead is a place to selectively upload important files that you need to keep off of your physical device.

There are lots of cloud storage services to pick from, most of which offer a small free plan with upgrades available if you need more features or additional backup space.

Reminder of End Of Life for Windows 7

by

The end of support for Windows 7 will stop on January 20 , 2020. Your Windows  will still work as normal ;However , you will not get any update or security updates for Windows 7. Then in time you can become vulnerable to viruses and malware on the internet and also have your information stolen from your computer.

Now would be the time to update to Windows 10 before January 20, 2020. As of March 15, 2019 You can download Windows 10 for free. If you do want to update to Windows 10 I can do that for you. The cost for us to do it would be $100. This includes testing and making sure that the system is in good working order. Make sure that it can get on to the internet , the printer is working. Also we will clean out the system from junk.

You can ether call or text me at (864)494-9089

or if you like you can email us at robert@roberts-computer.com

or you can go to Microsoft site at  https://support.microsoft.com/en-us/help/4057281/windows-7-support-will-end-on-january-14-2020

Tip: For your own safety, you should never Check for Updates in Windows 10

by

Tip: For your own safety, you should never Check for Updates in Windows 10

We all know and accept that being a Windows 10 Insider will expose you to early software with potential bugs, but it turns out besides ticking the Become an Insider box there is another way to tell Microsoft you like to live on the wild side, and that is simply clicking on the Check for Updates button.

In a blog post last week Michael Fortin, Corporate Vice President of Windows revealed that clicking that button marked you out as an advanced user willing to test early versions of Windows 10 patches.

He writes:

We also release optional updates in the third and fourth weeks of the month, respectively known as “C” and “D” releases. These are validated, production-quality optional releases, primarily for commercial customers and advanced users “seeking” updates. These updates have only non-security fixes. The intent of these releases is to provide visibility into, and enable testing of, the non-security fixes that will be included in the next Update Tuesday release (we make these optional to avoid users being rebooted more than once per month). Advanced users can access the “C” and “D” releases by navigating to Settings > Update & Security > Windows Update and clicking the “Check for updates” box. The “D” release has proven popular for those “seeking” to validate the non-security content of the next “B” release.

In short with the monthly C and D patches are a proving ground for the regular and mandatory B “Patch Tuesday” releases which regular users would not normally receive unless they click Check for Updates.

And while Microsoft notes these are “validated, production-quality optional releases” we know these patches have gone wrong in the past, and have had to be pulled and re-issued.  Unless you wish to be a tester it is probably wise to let the pioneers take the arrows first.

In the end, it is wise to test any software update on a small segment of users first, but many less expert users have been told Checking for Updates makes your PC safer, not riskier. Some segment of users even Check for Updates to avoid unexpected reboots when they are doing something important. How Microsoft views this group will not be transparent to them.

With the usual Christmas meetups approaching it may be wise that, instead of telling our friends and family to keep their PCs up to date, to spread the message that it is best to leave your PC alone to do its thing and hope and pray Microsoft gets it right this time.

This is from https://mspoweruser.com/tip-for-you-own-safety-you-should-never-check-for-updates-in-windows-10/

Be aware of phone scams

by

Phone scammers posing as your utility provider may claim you
are delinquent on your bill. They also may threaten to turn off your power,
rig caller ID to make it look like the call is from your utility provider
or tell you to put the money on a prepaid debit card and ask for the
card number. Don’t believe it.

Filed Under: Scams

Share: