How to maximally secure a PC with Win 7?

[file3456]

I can go on and on about security with computers, networks and websites as it's my forte. Maybe when I'm up to it I'll write some other stuff. Perhaps one security vulnerability most people don't even think of beyond Windows security and all of its updates is your router or modem. Without getting into all the details, I'll just spell out some things that need to be done as it pertains to a router or modem.

1) Always stay abreast of any and all router or modem firmware updates. If there's a new router or modem update, I'd advise you to install it as soon as possible. You can find the updates from the manufacture or firmware website you use like Asus Merlin (which I use) or DD-WRT which are two popular third-party router firmware pieces of software. You may be interested in Asus Merlin or DD-WRT. If your router supports it, do check them out. They will greatly enhance your network security.

2) Change the router's or modem's default username and password. Do NOT keep the default credentials.

3) Turn off UpnP in the router or modem. UPnP stands for Universal Plug and Play, but to those in the security know will rightfully say Universal Plug and Prey.

4) DO NOT use port forwarding unless you absolutely, positively need to. And no, you DO NOT need port forwarding on to use a P2P client like uTorrent, QBittorrent, etc. Take it for me, I've used P2P software before and NEVER in some 14 years had to EVER port forward and still have the ability to be a seed. That's simply due to something called peer exchange. Read about it first before you argue with me. And if you do want to argue with me, post at least three well worded paragraphs, act like you have a command of the English language, and cite your sources. Then I'll rebuttal with video and/or photographic evidence proving port forwarding is not needed to be a seed. It WILL be required if you host the seed all on your own however since you never created a DHT (Distributed Hash Table) from the jump. What is PEX: Peer exchange - Wikipedia Here's some basic reading martial on the subject, though, I wouldn't open up UPnP at all as already mentioned. Plus, I get terrific speed without port forwarding or the use of UPnP and that's with a VPN! And guess what? This VPN does not allow port forwarding which it's suppose to do in order to help mitigate your true IP from being exposed. VPNs that do use port forwarding and then tell you they have some crap implemented to mitigate IP exposure are lying. You simply can't do it. Port forwarding is either off or on in a VPN. That's it. How to Optimize QBittorrent Speeds - Appuals.com

 

[file3456]

Think I'm wrong about the port forwarding issue? I can tell you right now that if I was a hacker, saw your IP in the swarm, I'd check it against Shodan and find the open port. Now I can bust out a popular Github script to take over your router and from there access your computer/s, smart devices and any camera you may have on your network.

That's just one scenario. The other is either using Nmap to DDoS you with a certain script that may or may not work on your modem or router or pay for a so-called stress tester account using cryptocurrency (in a very clever way I might add) and DDoS your router/modem to hell.

So you see here from my examples, my warning about using port forwarding and UPnP is based in fact. Though, to DDoS an IP doesn't really require an open port on their end. I DDoSed myself and I never had open ports at all. But the router hack and turning your router into a zombie botnet is a possible issue if you don't follow the four points I laid out above. I own a website and see my fair share of hack/spam shenanigans coming from legit ISPs and not cloud or hoster IPs only to get 403ed (blocked) due to my security. This is because people had their router/modem owned and now wonder where their Internet speed has gone. "My Internet service provider sucks! Waaaa." Well, have you considered that perhaps your router has maybe got infected and is now part of a hacker's arsenal all at your expense? Not saying this is true in all cases for Internet performance issues, but could be one. So taking care of a computer's security issues is one thing, the router and modem is another. To keep this short, I'll refrain from IoT device security. LOL I will tell you it may take an act of Congress to get companies to actually secure their IoT crap. In fact, so lax is the security in many of these things that many thousands of IoT devices were used in the largest DDoS in the world I do believe and I think CloudFlare blocked it. I can't remember now. But here's a quick article on the issue.

IoT botnets responsible for more powerful DDoS attacks - Bitdefender

Here's another. IoT and DDoS: Cyberattacks on the Rise | A10 Networks

Here's another nice write up. Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

Still think smart TVs, smart refrigerators are great? LOL Act of Congress folks... This goes for router manufacture implemented security as well!

 

[Snick]

Once again F22 Simpilot
Great explanation & advice!
Snick

 

[Govi]

0patch.com is a worthwhile way to get Microsoft's security patches for Win 7. If you want to understand what it is, search in the Updates forum on this site on the term 0patch. Search the whole site, too, afterward, to see some people's experience with 0patch. Mine has been good thus far (a month at this point).

 

[inspiron7]

Which version of Firefox is safer,the default one or ESR?

 

[file3456]

There's no such thing as a safe browser. It all depends on what you do with it and the features it allows.

I'd run the browser (which ever you use) in Sandboxie. But you need to read about it and understand how it works. This is what I use and have been using for at least five years now.

 

[inspiron7]

How do I configure Thunderbird for maximum safety?

Also how do I turn off UPnP in my Technicolor TC7200.20 modem?

And where can I find a firmware update for this modem?

 

[file3456]

Go to page 19 of your manual here.

Then go to page 37 here.

Disable ipsec, PPNP, remote config management, you can chose to use or not use multicast. Read here. Disable FTP, TFTP, Kerb88, leave NetBios on if you use network shares and/or network printing. After NetBios, disable all the rest. If you use Ooma or some other VOIP phone through the Internet, you may or may not need SIP on.

This resource tell you how to update your firmware, but the firmware download page on Technicolor's website was coded by a potato and I don't see a simple download link anywhere on their potato website. You may want to contact them.

To secure the actual hell out of Thunderbird, keep it updated, and read what I said here. I didn't write all that for my health. Read, read and read some more and go out and seek the knowledge and learn. Did I mention that part about reading? FFS, I even quoted you.

 

[inspiron7]

Go to page 19 of your manual here.

Then go to page 37 here.

Disable ipsec, PPNP, remote config management, you can chose to use or not use multicast. Read here. Disable FTP, TFTP, Kerb88, leave NetBios on if you use network shares and/or network printing. After NetBios, disable all the rest. If you use Ooma or some other VOIP phone through the Internet, you may or may not need SIP on.

This resource tell you how to update your firmware, but the firmware download page on Technicolor's website was coded by a potato and I don't see a simple download link anywhere on their potato website. You may want to contact them.

To secure the actual hell out of Thunderbird, keep it updated, and read what I said here. I didn't write all that for my health. Read, read and read some more and go out and seek the knowledge and learn. Did I mention that part about reading? FFS, I even quoted you.

Thank you very much!

 

[inspiron7]

I forgot to ask , is it safe to use Facebook in Firefox ?
I mean could someone steal my info ,password etc?
I am asking this because I am using Win 7.

If it is not safe to use it in Firefox,then is there some an another desktop program/application for Facebook for Win7?
Or is there some tweak to make using Facebook in Firefox safer?

 

[Alejandro85]

I forgot to ask , is it safe to use Facebook in Firefox ?

Once again, in security THE first question you must ask is, safe against what?

I mean could someone steal my info ,password etc?
I am asking this because I am using Win 7.

That can happen every single time, with every browser, theoretically.
In real life, to someone to get your password or break into your account would require control over your browser and that would require a serious compromise of your computer. Be sure to use known-safe plugins with a trusted browser and you'll be fine. Also, ensure to keep your computer clean from viruses and untrusted software. Keeping control over who has physical access to the computer will also close another potential source of problems.
All of that is irrelevant of Win7, all OSs have the very same security basics.

Of course, let's not forget that Facebook in itself sells all your info you load into their website, if you count that as a menace. The vast majority of times it's not that someone steal your data, but they just collect, publish and sell everything they can.
The very same thing is often the case with computer compromises. More often than not it's not the case that "someone broken into" your PC, but that the user made some mistake allowing viruses to run. Don't worry too much about Firefox/Win7 or any other browser/OS, focus on your security practices, that's what, in practice, makes the most difference.

 

[file3456]

I forgot to ask , is it safe to use Facebook in Firefox ?
I mean could someone steal my info ,password etc?
I am asking this because I am using Win 7.

If it is not safe to use it in Firefox,then is there some an another desktop program/application for Facebook for Win7?
Or is there some tweak to make using Facebook in Firefox safer?

You should use 2FA (Two Factor Authentication) in Facebook and other accounts that allow it. DO NOT use SMS for 2FA codes if you can help it. Also, I wouldn't use email 2FA either. If that's all a website offers then it's better than nothing. What is two-factor authentication and how does it work on Facebook? | Facebook Help Center | Facebook

I recommend Authy for 2FA. You can install their App on your phone/tablet and the program in your computer. I recommend you do both. Make sure you remember your Authy Backups password. Once you install Authy on your phone/tablet and computer's, go into the Authy App in your phone or tablet and turn off the ability to add more accounts. This feature is only available in the App. If you want to add Authy to another device you'll have to temporally turn on the feature to add more accounts. Once done turn it back off again.

If you use Twitter, use 2FA in there as well.

Security is cumbersome, but if you know what you're doing then you'll be a lot safer.

Go to your play store on the phone or tablet and install Authy. Install Authy on the computer from here: Download - Authy

DO NOT FORGET your backups password! Learn to use a password safe. I use Keepass, but you'll have to backup its database manually and know how to use it. If you're not computer savvy then either Lastpass or Dashlane would be more appropriate.

DO NOT FORGET your backups password.

 

[file3456]

When I had Facebook I never friend anyone I didn't know. Also, my posts were only viewable to friends and not the public unless I chose to mark my post to be so. Back then, when I marked one post top be public, all of my following posts were public as well. So you have to make sure that's not the case.

Stay away from OAuth. OAuth is allowing to use Facebook, Twitter and the rest of the crap to easily sign in to other accounts like eBay or what ever. DO be lazy and just use a username and password. OAuth is a hack nightmare.

Read all about it: OAuth - Wikipedia'

List of moron providers: List of OAuth providers - Wikipedia

It's not complete because I know eBay allows OAuth.
https://en.wikipedia.org/wiki/List_of_OAuth_providers

 

[file3456]

I have never used it, but a Yubikey I hear is pretty decent.

YubiKey For Mobile Devices | Yubico

Yubico Authenticator App for Desktop and Mobile | Yubico

I don't like anything NFC (Near Field Communication) I feel that it is rife for a hack like RFID. It's why there are RFID proof wallets now a days.

Amazon.com

Fakespot | Rfid Passport Holder Leather Rfid Blocking Passport Case Cover Holder Fake Review and Counterfeit Analysis

Since 2007, passports have had RFID.

 

[inspiron7]

I have never used it, but a Yubikey I hear is pretty decent.

YubiKey For Mobile Devices | Yubico

Yubico Authenticator App for Desktop and Mobile | Yubico

I don't like anything NFC (Near Field Communication) I feel that it is rife for a hack like RFID. It's why there are RFID proof wallets now a days.

Amazon.com

Fakespot | Rfid Passport Holder Leather Rfid Blocking Passport Case Cover Holder Fake Review and Counterfeit Analysis

Since 2007, passports have had RFID.

Thank you very much!

 

[inspiron7]

Which is the best hardware health diagnostics software for Win 7?

 

[michael diemer]

I'm not sure the OP is still interested, but this thread raises some important issues. There have been many helpful responses. The point has been made that Windows 7 is simply not secure anymore, and anyone using it as their daily driver is asking for trouble. This is most certainly true. The most anyone should be doing with windows 7 at this point is keeping it as an archive, or for that one thing they need Windows for. but it should be kept offline by default.

The OP has stated that Windows 10 does not work on their computer. The suggestion was made to try Linux. This is really the solution. Linux today is easier than ever. you would have to be totally clueless not to be able to use it. This is the road I have taken. I use Linux as my daily driver, for surfing the net, email etc. Because my computer is old, I use lightweight Linux systems. There are Linux systems for 10 year old computers, and even 15 year old computers,which will rejuvenate old machines. My 2009 Gateway desktop is lightening fast with Bodhi Linux on one SSD and Ubuntu 16 on the other. I maintain Windows 7 on an old HDD or "spinner," monthly updating MSE, Vivaldi ( a lightweight but powerful browser), and running Wise Cleaner (like CCleaner but less obnoxious).

So, there are two very compelling reasons for the OP to abandon Windows 7 (except as an archive, if desired), avoid Windows 10 as it is too much for their system, and switch to Linux. One, Windows 7 is no longer safe, and cannot really be kept safe. Two, their computer is older and not suited for Windows 10. This situation is made for Linux. Just be using Linux, you are avoiding the vast majority of malware, since the vast majority of it targets Windows users. you still have to practice safe habits, of course, But using Linux will give you much piece of mind, knowing you are safer by default. also, your data is not being mined nearly as much, and your privacy respected.

 

[inspiron7]

I'm not sure the OP is still interested, but this thread raises some important issues. There have been many helpful responses. The point has been made that Windows 7 is simply not secure anymore, and anyone using it as their daily driver is asking for trouble. This is most certainly true. The most anyone should be doing with windows 7 at this point is keeping it as an archive, or for that one thing they need Windows for. but it should be kept offline by default.

The OP has stated that Windows 10 does not work on their computer. The suggestion was made to try Linux. This is really the solution. Linux today is easier than ever. you would have to be totally clueless not to be able to use it. This is the road I have taken. I use Linux as my daily driver, for surfing the net, email etc. Because my computer is old, I use lightweight Linux systems. There are Linux systems for 10 year old computers, and even 15 year old computers,which will rejuvenate old machines. My 2009 Gateway desktop is lightening fast with Bodhi Linux on one SSD and Ubuntu 16 on the other. I maintain Windows 7 on an old HDD or "spinner," monthly updating MSE, Vivaldi ( a lightweight but powerful browser), and running Wise Cleaner (like CCleaner but less obnoxious).

So, there are two very compelling reasons for the OP to abandon Windows 7 (except as an archive, if desired), avoid Windows 10 as it is too much for their system, and switch to Linux. One, Windows 7 is no longer safe, and cannot really be kept safe. Two, their computer is older and not suited for Windows 10. This situation is made for Linux. Just be using Linux, you are avoiding the vast majority of malware, since the vast majority of it targets Windows users. you still have to practice safe habits, of course, But using Linux will give you much piece of mind, knowing you are safer by default. also, your data is not being mined nearly as much, and your privacy respected.

Thank you very much!

But can I play Windows games on Linux,and which Linux distro is best for gaming?

And is Win 7 still not secure,even if I have the latest security updates for it?

 

[file3456]

But can I play Windows games on Linux

Only in Wine and only if it's compatible with Wine. YMMV

The fallacy that you somehow can't use Windows 7 is just that, a fallacy. I use Windows 7 now, and have been since around 2010 and I even turned off UAC and run as Admin. No hacker crap, no viruses, none of that. The main reason for that is that I know what the attack vectors are and don't browse the Internet like a moron and use programs that are moronic. To top that off, I only use a handful of updates so you'd think I'd be pry for some "hacker" wearing a Time Warner owned Guy Fawkes mask. Nope!

I do know how much telemetry pours out of Windows 10. I ran it in VMware Workstation Player and monitored the NIC with a packet sniffer. It's absolutely abhorrent. I never saw any of this stuff in a Windows 7 or XP install in VMware Workstation Player. Just some minor time checking, local Internet stuff, etc.

Right now I'm checking out something called Windows 10 AME and so far they really cut down on the crap in that and there is very little telemetry. There's some though and I'll let them know as soon as my testing is concluded. But overall at least 99% of the telemetry is gone. Now Windows 10 AME may not be for everyone, it all depends on what you want to use it for. It does completely strip out the Windows update facility so that may be a turn off for many who pay homage to the patch Tuesday God. I don't. As I already stated I only use but a handful of updates now. And again, no hacking crap, malware, etc. I even use scanners every once in a while that many people never heard of. I sound like a broken record, but I just know someone will say some asinine clown crap like, "well, you probably have malware and don't know it." Trust me. I block over 861 million IPs in Peerblock with my custom lists I make, monitor my NIC, and every once in a while monitor things with Disk Pulse. Including the use of very niche malware scanning programs. On top of that, all browsers run in the now free and open source Sandboxie, and I scan ALL downloads at Virus Total. I stay abreast of what auto starts and all the rest. On top of that, I make periodic full 1:1 disk clones should disaster ever strike which has yet to happen. In a nutshell, I control MY PC and know how to do it. So I guess for those that don't know anything about computers you'd probably want to use Linux or Windows 10 and use critical updates when available. I don't because they seem to lack QC (Quality Control) and can and will mess your computer up. Not always, but the potential is there. Read my signature below. I just roll differently over the vast amount of computer users. You know that old show House?, I'm like that guy only with computers. LOL I have yet to watch Mr. Robot. Didn't seem interesting to me. A show on CBS called Intelligence peaked my interest back then though, but it only ran for one season I believe.

In summary. If you're a gamer you'll want Windows 10 (you may need Directx 12). If you just use a computer for small home & office related tasks, check out Linux Mint and the Twister OS UI. Better yet, buy two HDDs and install Windows 10 to one and Linux to another. If you want to game, boot Windows 10, everything else use your Linux install. For me that would be a PITA so I don't do that. You'd want two HDDs because partitions can just go poof like magician's flash paper or give you issues. Plus, if you're running Steam, Epic Games, Battle.net and all the rest, it WILL consume a huge amount of disk space.

Now beyond the aforementioned Windows 10 AME, you can strip Windows 10 down with nLite. Go on YouTube and you'll see some tutorials on doing it and you can weigh what you feel needs to be uninstalled and not uninstalled and all the rest.

Here people complain about the NSA, yet seemingly don't care about Windows 10 or their phone, etc. Go figure. Have a router? I bet it has an open port now you don't know about that can be taken over by a hacker to effectively turn YOU into a zombie bot net. Don't segregate your IoT devices like cameras, Echo, the thermostat, the damn coffee pot in a vLAN? You're in for a big surprise. Like an OS, you need to secure your router. I wrote about that here. (Note. I don't allow many VPNs and a VPS, etc to connect to my website. Not even Tor). I talked about the NSA, read my piece about that here.

Anyway, I should write a book on this stuff because I could go on, and on, and on ad nauseam about this stuff. LOL

 

[file3456]

Oh, if you want a to go absolute paranoid mode with Linux, check out Qubes. But you need hardware that gives you as many features as possible given by the OS.