Tutorial Ultimate Security/Privacy Guide

Discussion in 'Microsoft Windows' started by Bear, Nov 13, 2018 with 9 replies and 876 views.

  1. Bear

    Bear Member

    Messages:
    2,833
    Ratings:
    1,246
    [​IMG]

    Hello everyone! I am not very active on this Se7enSins anymore, but I check in every now and then. I decided to create this small guide for those want to keep their computer safe. Please note that in no way am I an expert in this field. I just enjoy the topic of cybersecurity and like to participate in cybersecurity forums and subreddits. Do your own research and feel free to discuss, private message me, or even post your own security setup.

    ULTIMATE SECURITY/PRIVACY GUIDE (Last updated on November 13th, 2018)

    Anti-Virus

    Your anti-virus program is what makes or breaks your security setup. It is your first line of defense against viruses, malware, and other malicious attacks on your system. Avoid programs like Avast which caused many users to get the "Blue Screen of Death" after an anniversary update (Techdows), AVG which sells your data (PCMag), and companies like IObit which stole Malwarebytes' database in 2009 (ComputerWorld). Below is my top three picks with a few alternatives for the best Anti-Virus program.

    Microsoft Windows Defender (Free)
    • Go with Microsoft Windows Defender if you're not looking to spend any money. It is free and built right into Windows 10. It scores really well on anti-virus testing (AV-Test, AV-Comparitives), lightweight, and easy to use.
    Emsisoft Anti-Malware ($29.99)
    • Want to spend a little money for protection? Go with Emsisoft Anti-Malware! Scores relatively well on anti-virus testing (AV-Comparatives), super lightweight, and does not push any unnecessary paid features (e.g. Avast: Avast SecureLine VPN, Avast Cleanup Premium, Avast Driver Updater, Avast Secure Browser...). Emsisoft was also found to block "state-sponsored" malware in 2015 (Emsisoft Blog). For privacy minded individuals, Emsisoft is based in New Zealand and has an amazing privacy policy.
    Kaspersky Anti-Virus ($39.95)
    • Kaspersky is tricky, but I still recommend it. It is more expensive than my other recommendations, but scores almost perfectly in every anti-virus test (AV-Test, AV-Comparatives). It pushes some unnecessary features, but not to the extent of Avast. It has been reported over the past couple years of links between Kaspersky and Russian Intelligence (Bloomberg). Despite this, Kaspersky denies all claims and has made efforts to be more transparent (Kaspersky Transparency).
    Alternatives:
    F-Secure Anti-Virus

    Second Opinion Scanner
    A second opinion scanner is not completely necessary, but I highly recommend one. No anti-virus software is perfect and a second opinion scanner would insure nothing made it through.

    Emsisoft Emergency Kit (Free)*
    HitmanPro ($24.95)
    Zemana Anti-Malware (Free)**
    VirusTotal (Free)

    *Do not use if already using Emsisoft as main anti-virus
    **Offers optional paid plans

    VPN
    A Virtual Private Network (VPN) is also not completely necessary to keep your system secure, but highly recommended. A VPN will encrypt all of your network traffic, keeping it hidden from your ISP, hackers, or anyone else. There are many use cases of VPN's. Many people use VPN's to circumvent censorship in certain countries, connect to public Wi-Fi securely, or to keep their data private. Avoid free VPN's that log your data (thebestvpn), and avoid VPN's that comply with authorities (BleepingComputer). Also, research UKUSA (Wikipedia), and make an educated decision on which VPN is best for you. Many great VPN's exist, it comes down to preference in the end.

    NordVPN ($11.95/month)
    • Based out of Panama, NordVPN is more expensive than my other recommendations, but rightfully so. It is highly praised by many outlets (PCMag, RechRadar, PCWorld), the info sec community, and the users themselves (PCMag). They also have a warrant canary on their "About Us" page and a manifesto that promises to keep the internet free and to be as transparent as possible (NordVPN About Us).
    ProtonVPN (Free)*
    • ProtonVPN is free, but you will most likely need to shell out a couple dollars to have the best possible experience. ProtonVPN is also praised by several outlets (PCMag, TechRadar, gHacks) and the info sec community. The most appealing side of ProtonVPN is that it is based in Switzerland. Switzerland has very strong privacy laws (Switzerland FADP), if not the best in the world. If you're not already convinced, ProtonVPN offers Secure Core servers which are 1000m below the surface in a former Swiss fallout shelter. Their servers in Iceland and data center in Sweden are also underground. Lastly, a warrant canary is posted on their website. (ProtonVPN Transparency Report)
    Private Internet Access ($6.95/month)
    • Probably the most common and recommend VPN is Private Internet Access. The price for PIA is great and like NordVPN and ProtonVPN; is also praised by many outlets (PCMag, PCWorld, Tom's Guide). PIA's no logging policy was tested in a court case in 2016 when the FBI sent a subpoena to PIA. All they could provide was some irrelevant IP's and that was it (TorrentFreak). One controversial issue with PIA is that it is based in the United States which is one of the Five Eyes countries. Read more on UKUSA (Wikipedia) if you think this has implications for you or not. PIA does not have a warrant canary anywhere on their website and instead justify why in a blog post (PIA Blog).
    *Offers optional paid plans

    Alternatives:
    TunnelBear
    MullvadVPN
    Any VPN listed on privacytools.io

    Email
    These email services are more directed towards those who want to increase their privacy more than those who want to improve their security. Unless you are using Yahoo, which has been breached on multiple occasions (Wikipedia), or AOL, which scans your emails for data for which it then sells (CNBC); switch immediately. If you are using Gmail, Outlook, or iCloud; you are fine security wise. For those who want to increase their privacy, consider these email services.

    ProtonMail (Free)*
    • From the same developers of ProtonVPN, ProtonMail was created before ProtonVPN in 2014. Since they're the same company, it is the same Swiss based company with strong Swiss privacy laws (Switzerland FADP), same secure server and data center locations, and the same warrant canary (ProtonMail Transparency Report). What makes ProtonMail different than your standard email service is that ProtonMail is open source ( [Click here to view the link]) and has end-to-end encryption which means all emails are encrypted. No one can view your emails, not even ProtonMail themselves.
    Tutanota (Free)*
    • Derived from Latin, Tutanota means "secure message," and is an email service that is similar to ProtonMail. Based in Germany with only 5 employees, Tutanota is an email service that also offers full encryption and is backed by German privacy laws (Tutanota Blog). Tutanota is also open source ( [Click here to view the link]) and has a warrant canary posted on their website (Tutanota Transparency Report).
    msgsafe.io (Free)*
    • A relatively new and work in progress email service is msgsafe.io. Msgsafe.io is a service that I like to revisit every so often and see the progress that is being made. Like ProtonMail and Tutanota, msgsafe.io also promises end-to-end encryption, but also offer additional features like encrypted voice & video, and encrypted chat. Unlike ProtonMail and Tutanota, msgsafe.io is not open source and not a product that I would fully switch to as of right now. With that said, their privacy policy (msgsafe.io) is great and the projects' future looks bright.
    Zoho (Free)
    • Unlike the previous email services, Zoho is not just an email service. Instead Zoho is a software corporation that develops an array of tools and services for people and companies. I decided to include this Indian based corporation as their email service was reportedly unbreakable for the NSA (TheVerge). If you already enjoy the other tools and services offered by Zoho, feel free to stay at home.
    *Offers optional paid plans

    Alternatives:
    Any email service listed on privacytools.io

    Password Manager

    A password manager is completely necessary nowadays. With the amount of accounts and passwords needed for every web service and application; you need a password manager to help organize and create unique passwords for everything. Imagine only having to remember one password?

    Bitwarden (Free)*
    Dashlane (Free)*
    1Password (Free)*
    KeePass (Free)

    *Offers optional paid plans

    Alternatives
    Buttercup

    2FA
    *Coming Soon

    Web Browser

    *Coming Soon

    Browser Add-ons/Extensions
    *Coming Soon

    Other
    Bitlocker (Free)*

    *Windows 10 Pro, Enterprise, Education editions only

    Closing Words
    Hope you all enjoyed this security/privacy guide! There is more to come! Peace :thumbsup:
    - Bear

    Credits:
    MalwareTips
    ThatOnePrivacySite
    PCMag
    gHacks
    privacytools.io
    r/privacytoolsIO
     
    • Like Like x 3
    • Informative Informative x 1
  2. Unbound 7s

    Unbound 7s 0x50676f573

    Messages:
    1,434
    Ratings:
    447
    Interesting topic you have here. I noticed that you mentioned password managers. I have never used one as I remember all mine or just reset them occasionally incase of hijacks or "hits", though I question just how safe is a password managers? As bad privacy can be intrusioned now a days, is it really safe having all the passwords in one area?
     
    • Like Like x 1
  3. afterjo

    afterjo Enthusiast

    Messages:
    528
    Ratings:
    72
    Web browser:

    Cliqz, Brave, Tor.

    Cliqz and Tor is firefox based, Brave is chome based. Both Cliqz and Breave include everything you need (adblock, privacy tools, etc.)

    For everyday pleb, cliqz and brave are good. Brave is still requires improvements, but cliqz is very good.

    VPN:
    For regular internet use, not downloading, you can use Tor browser with adblock installed. So it's always free.

    Antivirus:
    Eset32 antivirus. you can get unlimited amount of demo keys, there are many websites, a bit of inconvenience, but antivirus is worth. Never had a virus in about 8 years of use.
     
    • Like Like x 1
  4. OP
    Bear

    Bear Member

    Messages:
    2,833
    Ratings:
    1,246
    Yes, it is completely safe to have all your passwords in one place! However, it depends on the password manager and several other factors. All you have to do is create one master password which gives you access to your vault. As long as your master password is strong and your account has 2-factor authentication, you should be safe! Like it said before, it also depends on which password manager you use. Bitwarden for example is the password manager I use. It is open source, all your data is encrypted and stored on the Microsoft Azure Cloud, and it just had a third-party security audit with no major issues found. I recommend password managers as it makes life do much easier and its more secure.

    I was planning on including Brave and Tor for the web browser section! I do not know much of Cliqz, but thanks for showing me it. As for ESET, I was planning on including it as one of the alternatives; but I decided not to as I haven't heard much about it recently. Cheers!
     
  5. Slim Shady

    Slim Shady N1NJA $TYL3 Retired

    Messages:
    2,533
    Ratings:
    4,034
    thanks for posting this detailed guide. :thumbsup:
     
    • Like Like x 1
  6. markophillips

    markophillips Newbie

    Messages:
    1
    Ratings:
    0
    Thanks for sharing this guide, I have seen that online privacy guide is also mentioned, Actually, I have fount pretty similar guide:
     
  7. Nokia

    Nokia [[email protected] ~]$ Lifetime

    Messages:
    2,119
    Ratings:
    2,550
    Well, you've almost got it. Speaking from experience in the security field, this really isn't true. Your anti-virus program should be the last line of defence from an attack.
    Your first is simple, you. Human error is always the weakest link in security. Could possibly be you clicking the wrong link, maybe it was an accident, maybe it wasn't a link or download at all, maybe you got duped by a social engineering scheme. Regardless, anti-virus is only as good as the people who made it and the exploits that have already been made public and added to a database for it to detect; and while the best anti-virus software might be great at picking up these known exploits, new exploits are discovered every day and used by people like me against people I get paid to do recon and assessments on.
    Check here for what's new on the CVE list today for example.
    It's pretty easy to throw some shellcode into a polymorphic host file and fool just about every anti-virus on the market 99.9% of the time, and it will never know what hit it. Top that off with some privilege escalation exploits and your anti-virus is absolutely useless once I or any other PT targets you. All I have to do is find a way for you to take the bait. It's always best to practice good opsec as your first line of defense against any malicious sources.
    Not trying to knock your post down at all, just throwing some additional information in the thread.
     
    • Informative Informative x 1
  8. ViceDrops

    ViceDrops Newbie

    Messages:
    11
    Ratings:
    8
  9. sarahjo

    sarahjo Enthusiast

    Messages:
    35
    Ratings:
    1
    Very nice thread and I would say the role of a VPN has become really important in today's scenario, given how our data is not secure anymore. Although you are not protected 100% but prevention is better than cure. Now I am a VPN user for a long time now and it has served me well because of features like tunneling and kills switch. They really do protect your online activities but not every VPN should be your go-to choice. I am using Nord after reading the PCMags Best VPN review but made my final decision after reading the full review here.
    So, I would strongly recommend the use of a VPN, however, be smart in choosing the right service.
     
  10. afterjo

    afterjo Enthusiast

    Messages:
    528
    Ratings:
    72
    VPN don't guarantee privacy. It o ly makes connection encrypted.
     

Share This Page