1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 8.1 security question

Discussion in 'General Security' started by Nutech12, Apr 23, 2015.

Thread Status:
Not open for further replies.
  1. Nutech12

    Nutech12 Thread Starter

    Oct 27, 2003

    Just finished resetting Laptop back to Win 8 ...currently upgrading it to win 8.1

    McAfee is installed on the laptop, Do I need this...?

    What would be the best security for win 8.1... I reset it to the original factory settings, as it had so much crap on it, click on IE on one web page and have 20 others open!

    I also need to make this 'kid proof'.... with the thought that her husband told one of her kids to download a Keylogging utility so he could perhaps track her goings on, on her laptop.... even if that is possible for him to do...?!

  2. etaf

    etaf Moderator

    Oct 2, 2003
    First Name:
    windows 8 comes with windows defender , which is virus product -
    this will be a trial version - you should use the mcafee removal tool

    Mcafee Removal Tool
    I would recommend that you restart the PC and run the removal tool for a second time or even a third time - I have found instances where the removal tool needs to be run twice to fully remove all traces of Mcafee from the PC

  3. renegade600


    Jun 22, 2006
    win 8 comes with windows defender which now includes microsoft security essentials an antivirus. you should also install a companion utility such as malwarebytes. Uninstall mcafees as previous suggested.

    as far as parental controls - windows has its own


    finally installing keyloggers in another persons computers is illegal.
  4. lunarlander


    Sep 21, 2007
    You start off with listing the kinds of threats you'll encounter. First you should know the threats, then find the counter measures. Here is a list of threats:
    . virus
    . trojan
    . botnet
    . keylogger
    . rootkit
    . screen grabber
    . phishing
    . worm
    . other malware like fake antivirus
    . live hacker

    While you may not have a live hacker actively attacking your PC, it is hackers who create viruses, botnets, rootkits, and other threats listed above. So don't shrug and say I'm not important enough to get hacked. Nowadays your credit card numbers and work documents ( which everyone has ) is a source of income for criminal hackers. Look at it this way, all the threats listed above are just automated hacks. What the hacker has done is wrote a program that automates the attack methods he uses.

    Counter measures for virus are antivirus programs ( ESET, BitDefender, Avast, or Norton etc ). Antivirus counters trojans also. Generally, You are looking for best virus detection coverage. There are many antivirus programs to choose from. To help decide which one to buy go visit these 2 antivirus evaluation sites:
    It takes a bit of reading but read their reports. Then pick one that is consistently ranks among the top because the top most one will vary from season to season.

    Note that antivirus firms take a strict definition of what a virus is and is not. And do not provide coverage for other types of non-virus threats. So for example if a program replicates itself and damages Windows, then it is a virus. But programs that record your credit card numbers and user account passwords are not viruses. And your antivirus program won't even blink.

    Botnet enable a hacker's command and control centre to remotely control your PC. Your PC can then be used to send spam or attack other computers. I don’t know what will detect and remove botnet clients but a good 2 way firewall with inbound and outbound protection is part of protecting against them. Windows firewall is 2 way, but you have to enable outbound protection because it is off by default. The 2 way firewall stops the botnet from reaching outbound to contact its server. Because Windows Firewall does not prompt when it blocks outbound connections, it is hard to configure. Use of a 3rd party firewall is recommended, I suggest Comodo free. (https://www.comodo.com/home/internet-security/firewall.php)

    Keyloggers capture key presses, and can home in on usernames and passwords and credit card numbers as they are typed. The captured keystrokes are sent back to the hacker's server. Keyloggers can be countered with tools like Key Scrambler (https://www.qfxsoftware.com/applications.htm) and Zemana AntiLogger. Zemana can also stop screen grabbers. (http://www.zemana.com/product/antilogger-free/overview/) And a 2 way firewall also helps contain it like how it contains a botnet client, which forms a second level of defense.

    Rootkits are used to hide files and programs. Usually hackers will install one to hide his tools like a remote admin program. Malware may also make use of them. Rootkits can be countered by using a Standard Account ( vs all powerful admin accounts ) because they need admin privileges to install. There are also rootkit removal tools like TDSSKiller and Gmer. But they are after the fact removal tools; it is much easier to prevent them from installing by using a Standard account for your daily tasks. A Standard user account will also help against some viruses and malware, as a Standard user account cannot install programs and this protects you against things that try to infect the whole system.

    Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user. (definition from wikipedia) MalwareBytes ( a free version available) is great at removing malware, like fake antivirus programs that falsely report that you are infected and ask you to pay to have them removed.(http://www.malwarebytes.org/2/)

    Phishing is done by sending you emails with links to a website asking for your personal information, which is actually a server run by hackers. Ploys that have been tried include emails that pretend they are from your bank, the IRS, and other important sounding places. Without fail, they all ask you for your date of birth, social security number, bank account number etc. The key way to thwart this is to be able to read web site addresses on the address bar of the browser. Know that bankofamerica.getinfo.com is NOT a bank site, the site name is 'getinfo.com'. The only part of a web address that matters is the part just before the '.com'. Once you are able to read web addresses, you will know who you are dealing with and know to stop giving out information.

    Sophos claims to remove worms. But I think most antivirus programs don’t work against worms. A worm's main goal is to replicate itself onto all systems without interaction on your part. In past cases, some were so successful that it ate up all the networks' bandwidth doing replication that normal internet functions stop.

    A live hacker attacking your system is most dangerous threat. If he doesn't use any viruses or malware, then he is virtually undetectable, and good hackers strive to stay undetected. They are also known to use memory based attack tools that doesn't leave any files on the system, so no file scanner will pick it up. If she gained admin privileges through some vulnerability, then she may deploy a rootkit and install other tools which will remain hidden. Although there are rootkit scanners, they only detect ones that are popularly deployed. Hackers usually keep a tool chest of private tools that scanners can't detect. The only way to recover from a live hacker attack is to reformat and re-install Windows. Then update Everything and pray that the security vulnerability she uses to gain first entry no longer exist. For protection against hackers, it is important to harden your Windows. A hardened system with minimal attack surface configuration will present less for the hacker to manipulate. You can Google for 'hardening Windows 8' to find some guides on how to do this.

    There are also some general protection tools and configuration that stops attacks. If you have Windows 7 Pro or Ultimate or Windows 8 Pro, you can enable Software Restriction Policy which stops things from running unless they reside in \Program Files and \Windows. That would cover a lot of attacks.

    EMET is a free MS tool that stops attacks coded in a certain way, and is very good protection.(https://www.microsoft.com/en-ca/download/details.aspx?id=43714)

    Another protection mechanism is Sandboxie (free). It contains all browser based attacks into one folder and the attack tool cannot escape from it into drive C, and you can wipe that folder anytime. (http://www.sandboxie.com/) Browsers are primary target of attacks nowadays because they are used by everyone and it interfaces to the internet. Most hackers will not attempt to breech your firewall and router as they would in the past, because you use the browser to go through these and they can attack the browser to reach in. Rather than directly attacking you, they attack web sites and rig them to auto-download any of the threats listed above. This way presents most bang for the effort. So it is of utmost importance to keep up with the latest patched version of your browser. You should check for new versions at least every month.

    Most importantly, you have to patch Windows and ALL your apps. Security patches close security holes that make attacks work. Secunia's PSI is a good free tool that tells you when security patches have been released for your installed apps. Security patches treats the source vulnerability. Attackers, viruses and malware hack by attacking vulnerabilities that exist on your system. If the vulnerability is patched, then they can't do anything.(http://secunia.com/vulnerability_scanning/personal/)

    Physical security is also important, Windows 7 Ultimate and Windows 8 Pro has BitLocker which can encrypt your whole drive. And when the key is stored in a USB stick, thieves cannot boot your system. It also protects against offline attacks, which is when an attacker boots Linux off a CD to bypasses Windows security. The encrypted drive cannot be mounted by any other OS.

    If you own a laptop, then you should get a cable lock to prevent your system from getting stolen.

    After all counter measures are in place, you need to monitor for attacks. As evidenced by many large corporations, attacks most often go unnoticed for months. And so you have to monitor your event logs. MS has a Security Monitoring and Attack Detection Guide.https://technet.microsoft.com/en-ca/library/cc163158.aspx This gives you the EventIDs to filter your logs for. (Note you have to add 4096 to all EventIDs mentioned, because the guide is written for Windows XP. And Vista, Win7 and Win8 uses a higher set of EventID numbers). You need to do this every 2 weeks. Also after securing your Windows, you can create baselines to use on log-review-day to compare if configurations have been changed. One such program is Autoruns. This program lists out all the programs that run upon startup. (https://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx) Because all malware needs to run at startup to keep you infected, this tool is valuable to have. Autoruns can save configurations and can compare current configuration to the previously saved version.

    Backups are your last defense. Do backups diligently on schedule. Although criminal hackers are often after your work files and credit card numbers etc, some others will harm your system by wrecking windows functions. Most often, attackers will want to prevent you from detecting their presence by wrecking your security tools. Automated hacks will also try to stop you from visiting antivirus and antimalware sites. Sometimes Windows is wrecked so badly that a re-installation of Windows is your only choice and you will need your backups. Also currently there is a type of crypto-virus that encrypts all your valuable documents and photos and asks you for a ransom to get the decryption key. Depending on how much new data you generally make, you will want to do backups weekly or bi-monthly.

    Do not lose your Windows install DVD. You should keep all your computer discs / windows disc / program install discs and driver install discs together on a bookshelf.

    Lastly, to have the "best security", you have to read up on the latest threats and see if they affect you. Then you can take steps to mitigate the threat until patches become available. www.threatpost.com is one such site.
  5. Nutech12

    Nutech12 Thread Starter

    Oct 27, 2003
    Is it possible that someone, such as a jealous ex-husband to send his wife an email, she opens it or a link on it, then he can start monitoring what she's doing?

    Please note I ask as this may have happened to someone that I know. NOT because I am interested in doing this. :)

  6. lunarlander


    Sep 21, 2007
    The link in an email could be a link to a compromised web site that downloads malware. Or it could be rigged document ( MS Word has had security vulnerability problems, same with Adobe Reader PDF documents). Or the link may be a malicious executable. So the answer to your question is yes.

    The countermeasure to these is to patch ALL internet facing applications. These applications would include your browser like FireFox or Chrome, your browser plugins, your chat program, your email program and so on. And also programs that take input from internet downloaded files, like MS Word, Adobe PDF Reader and your music player. Sandboxie ( mentioned above) can also help with this.
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147120

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice