8/4/2020 Update: A major security hole was found in Secure Boot. A lot of software needs to be updated.

Windows 10 is installed in over 800 million devices but a fraction of those are running with increased security offered in this operating system.

In this tutorial we will show you how to enable Secure Boot and TPM to increase the security of Windows 10.

What is Secure Boot?

Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).  This prevents it from starting the computer from malware, ransomware, etc.

What is a Trusted Platform Module (TPM) ?

TPM is a hardware chip that is either part of the motherboard or added on later.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM.

Enabling Secure Boot

Always backup your computer before making major modifications. Write down your current settings. Microsoft has some tips on enabling Secure Boot.  Each computer is different, so your screen options will vary.

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.
2. Make sure your computer Boot Mode is set for UEFI, not Legacy
3. You may need to set Windows OS Configuration – Windows 10 WHQL Support to UEFI before you can see Secure Boot – It is called CSM for some BIOSes
   

4. Look for an option called Secure Boot – In MSI motherboards, it is located in Settings\Advanced\Windows OS Configuration Secure Boot

Set Secure Boot Mode – Custom

Select Key Management

Set Provision Factory Default Keys to Enabled

The Intel GOP driver was then installed.

After it is enabled, the Secure Boot Variable fields will get set and now you can go to the previous screen and actually Enable Secure Boot!

Compatibility Issues with Secure Boot

Some drivers will not install correctly when you are running with Secure Boot enabled.  Temporarily turn it off, install the driver, then re-enable.

MAKE SURE the driver is from a trustworthy source!

Make sure you have updated the TPM chip to the latest version to avoid TPM-FAIL. This primarily affects TPM modules with STMicroelectronics chips and Intel Platform Trust Technology (PTT). Infineon Chips are fine.

Enabling a TPM in Windows 10

Some PCs and motherboards come with TPM already installed.  In most cases, you need to figure out if your motherboard has a socket for a TPM. These are specific to hardware, you cannot put a MSI TPM board into a Asus motherboard.  If so buy one, turn off your PC, and install it.  Try to buy the TPM directly from the manufacturer, not from a random seller on Amazon or eBay.  Laughingly, our TPM board was made in China.  It could have been hacked during assembly! (So much for true security)

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.

2. Look for an option called Trusted Computing- In MSI motherboards, it is located in Settings\Security\Trusted Computing

Set Security Device Support to Enabled – Set Device Select to Auto

Save the settings and restart your computer.  Re-Enter your PC’s BIOS select the same option

You should see additional options now that the TPM was found.

Restart the PC and enter Windows.  If the installation was successful, you should see these additional notes in the Windows Security – Device Security Screen.

Congratulations!

8/18/2024: iOS Devices can support DNS over HTTPS through this simple provision file addition.

8/1/2020: Netgear has major issues with many of its wireless routers.  Update now. Some will never be updated, if you have one of these obsolete routers, buy a new one.

7/23/2020: C-Data networking (Cdata, OptiLink, BLIY) equipment has multiple back doors. – The company says these are counterfeit versions.

1/22/2020: SIM Swap compromises using your smartphone to get text messages to authenticate with websites. Avoid using text messages to do rescue logins.  A new paper from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.  Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

1/20/2020: Virtually all Cablemodems have the Cable Haunt critical vulnerability. Call you cable operator an ask them to upate your cablemodem’s software now. You cannot do it on your own.

12/10/2019: Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

10/1/2019: iOS 13 has a handy feature to stop unwanted calls.  You can set the phone to send unknown callers straight to voicemail! (Those not in your contacts) – Settings – Phone – Silence Unknown Callers

5/12/2019: Thrangrycat Attacks Cisco Switches, Firewall and routers.  Update and patch now

3/19/2019: Windows 10 is loading more and more crap.  These scripts let you uninstall the junkware and reclaim privacy.

2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page!  Update your Android software right away.  If your phone no longer gets updates, please consider buying a new one.

1/2019: Marvell’s Wi-Fi chip is used in millions of devices.  Unfortunately, it has a major security flaw. Look for updates soon.  Devices that have no way to get updated are worrisome.

12/2018: Marriott – Starwood Hotels got hacked, leaking a ton of data. Change your credit card if you booked there.

10/4/2018: Bloomberg reports that China has infiltrated major tech companies by compromising servers from their Chinese factories.  Never trust your hardware!

8/24/2018: HP Inkjet printers with Fax capability have a Faxploit exploit where someone could fax you a special page and take over your entire network. Patch now.

6/11/2018: The FBI has asked users to reboot your wireless router in an effort to prevent infection from the VPNFilter malware.   You should do more than this, write down its settings, reset it to default settings, and updated it to the latest software.

Always update the software for your router to the latest version.  If no update has occurred in the last 6 months, BUY a new one!  Affected devices include: (Expanded List)

Asus Devices:

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti Devices:

NSM2 (new)
PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)

4/24/2018: Windows Defender System Guard is now installed by the latest Windows 10 Updates. Make sure you are up to date.

3/21/2018: 1.1.1.1 is a free DNS Domain Name Service that helps hide the sites you goto. Cloudflare runs it and promises no logging.

3/15/2018: ID Thieves are using the IRS and filing fake tax returns. Remember that the IRS never calls or sends email to you.  They use old fashion US mail. Sign up for an IRS PIN if possible.

2/8/2018: Lenovo PCs with fingerprint readers need to be updated. Lenovo laptops with certain Broadcom Wi-Fi chips also need an update

1/12/2018: Laptops for Business use may have Intel AMT. You need to configure it or else your open to Intel AMT attacks.

1/5/2018: Meltdown and Spectre are 2 new processor chip bugs that affect most modern computers, smartphones, and tablets.  They will need software updates to mitigate this bad bug. More Details – Older system without updates are dangerous to continue to use. Time to buy new hardware.

11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites.  Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)

11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update.  It works well and should be used by all Windows 10 users.

10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.

10/6/2017: Kaspersky has been implicated in stealing data from the NSA.  Uninstall any of their antivirus software right away.  It is now banned in the US government. Best Buy has stopped selling it.

9/8/2017: In September 2017, Equifax got hacked affecting 143 Million customers. (Almost everyone!) Equifax is offering complimentary identity theft protection. – Do more! Setup a Credit Freeze.

9/1/2017: Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

5/12/2017: Wanna Cry ransomware is spreading fast.  It exploits a Microsoft bug that was patched in March 2017.  It is more infectious because it can spread throughout a local network.

WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot after getting infected.

A basic lesson in patching right away and stop running old Operating systems.  Microsoft took the unusual step to put out a Windows XP, 8 , Windows Server 2003 patch to help stop this. If you use any of these OS’s, upgrade to Windows 10 now.

4/12/2017: 2 easy ways to increase your security and not have to constantly update are:

• Uninstall Adobe Flash
• Uninstall Adobe Reader

4/4/2017: Google Project Zero has found a major flaw in a WiFi chip that is used on many Android and iPhones. Hackers can run malware on devices. Apple iOS 10.3.1 and newer fixes the bug. Android patches are rolling out soon. Make sure you update your device. Any phone that does not get security updates any more, should be recycled and replaced.

3/16/2017: Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..

2/16/2017: Apricorn makes a secure USB flash drives that require a pin code to be entered before they function.  No software or drivers required, so it works with any operating system. Dust and water resistant durable aluminium housing

2/2/2017: Laser Printers are vulnerable to security issues. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are all affected.

2/1/2017: Netgear has updated firmware for many routers that fixes a major security hole.

1/30/2017: Security minded people use VPNs to secure their communications. Many Android VPN clients have privacy and security risks.  Be careful which you use.

12/12/2016: 26 different low cost Android devices on the MTK platform have Trojan horses built in.

12/8/2016: Keyless Car Entry: Security minded folks would never buy a car that has this feature. The National Insurance Crime Bureau has a post on how a Mystery Device is used to relay your key fob’s signal to steal cars.  It is best to wrap your key fob in foil or some RF blocking shield when you are away from the vehicle.

11/30/2016: Gooligan Malware has infected over 1million Android phones, most of which downloaded apps outside the official Google Play store.

11/15/2016: Some Cheap cell phones made in China have spyware that sends all your texts to China. This includes the $50 BLU R1 HD sold by amazon! Update the firmware of this device NOW.

10/2/2016: D-Link DWR-932B  and Quanta 4G LTE QDH routers have major security holes- Upgrade it to the latest firmware. Details

9/22/2016: Do you run a website? If so make sure you test it for security vulnerabilities. Tinfoil Security has a nice free 90 day trial.

9/21/2016: Yahoo finally admits to a biggest breach ever. It happened back in 2014 of 500 million accounts. Change your passwords, never enter ‘real’ information into security questions. Use a Yahoo Account Key instead of a password.

9/18/2016: The Rowhammer memory vulnerability is getting important everyday. See if your hardware is vulnerable using Memtest86.

7/29/2016: No More Ransom.org (Kaspersky Lab in collaboration with Europol, the Dutch National Police and Intel Security) has a new site to help vicitims.  It has a page with Decryption Tools. Beware of this company though.

7/12/2016: Kanguru makes a fast USB 3.0 flash drive with physical write protect switch and a digitally signed secure firmware to protect against Badusb.  One of the first to do this. Get item to put a Linux Live CD like Ubuntu on and keep it from getting modified by malware.

5/20/2016: ID Ransomware helps you figure out which ransomware you are effected by, so you can look for remedies other than paying. Bleeping Computer has a Support forum for Ransomware

• ESET has a decryptor for TeslaCrypt infections

2/24/2016: MouseJack is a new security vulnerability that allows a malware to be remotely downloaded onto a computer via a hijacked wireless mouse or keyboard connection. A hacker could remotely type in commands or move your mouse. Update the firmware on your wireless mouse/keyboard if possible, otherwise use a wired mouse – keyboard.

Logitech Update – Worked for us, but required several tries.

2/5/2016: Netgear Wireless routers do not automatically add passwords to hard drives that are plugged into them, leaving them accessible to anyone on the Internet. Make sure you change the default password. Hackers can use Shodan to find you quickly.

1/19/2016: The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Most networking companies’ stop updating them after a year or two. How to setup a Secure Wireless Router was updated.

11/17/2015: Several tutorials have updated lists of secure instant messaging apps. Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

• Silent Circle
• Redphone
• OSTel
• Chat Secure
• Signal (Formerly Textsecure)

7/24/2015: First of its kind. 1.4 Million 2013-2015 model year Chrysler, Dodge, Jeep Vehicles are vulnerable to remote hacking that can cause the vehicle to be controlled remotely. Get the special USB drive and update your car now.

4/28/2014: A new Internet Explorer Vulnerability that has no patch, is being actively exploited by malware. US Computer Emergency Readiness Team suggests people stop using Internet Explorer. Windows XP users need to use an alternative browser like Chrome or Firefox.

If you have to run Internet Explorer, you should install the Enhanced Mitigation Experience Toolkit or unregister the VGX.dll as mention in Microsoft’s Security Bulletin

4/10/2014: Heartbleed Security Hole. Servers that use certain versions of OpenSSL software to create secure connections are vulnerable to a major bug. Lastpass has a page that can help you test websites for this bug. Flippie.io has one too.

4/7/2014: Users should change their passwords for the following sites due to the Heartbleed Internet Security Bug: fitbit.com, github.com, rememberthemilk.com, yahoo.com. Cnet has a nice list.

2/1/2014: If you own an Asus or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm. How to setup a Secure Wireless Router was updated.

Online banking and online trading have been gaining market share every year. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their online banking and online trading safe and secure. In this article, we will help you bank and trade more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online banking and online trading when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Google Chrome, and Google Chrome.

4. Make sure you are accessing the online banking or trading website is using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the bank or brokerage takes transactions over the phone.

5. When creating an account at the online bank or brokerage, we recommend you use a unique password as it is far safer in case the website gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

6. Sign up for alerts from your bank or brokerage by email or text message. This will allow you to respond to any fraud rapidly. Also carefully check each month’s statement for erroneous or fraudulent transactions. Consider checking your outstanding transactions every couple of weeks via the company’s website.

7. Two factor authentication is available from many banks and brokerage houses. Bank of America, Citi, Schwab, Fidelity Investments, and several other companies have this available, so check with your representative. This technique forces the use of both a password and a number generated by the hardware security token in your position, both are needed in order to log in. Clearly if criminals got a hold of your password, they would not be able to login.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

8. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9.Internet Explorer Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. You can perform your online banking and trading within the virtual machine to increase security.

10. When banking or trading on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

11. Explicitly logout after you are finished.  Do not just close the browser.  This helps terminate your session officially.

Things Not To Do

1. Do not bank or trade when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do these safeguards make sense?

Security has become an ever more important part of using a personal computer. Increasingly, the daily headlines include news of companies and websites getting hacked. It is important to learn how to properly secure your wireless Internet as well as secure your personal computer.

This article focuses on how to secure your wireless network router so that you do not become part of the statistics. The wireless router typically includes a firewall that defines the perimeter of your network. Think of this as a fence, walling off your network from the Internet. Having a vulnerable wireless network allows criminals to ppossibly steal your data as well as Internet access. You could also become responsible for illegal downloading if your wireless Internet was compromised.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Government Spying via Compromised Wi-Fi Routers

WikiLeaks has confirmed that insecure wireless routers were hacked and users spied probably by the CIA.  If you own a router on the list, update its software immediately or buy a new one.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes.

Wirless Routers are a big Security Hole

The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers in late 2015. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Few routers automatically update their software, like Windows does. Most networking companies’ stop updating them after a year or two (They have no financial incentive), resulting in a major security risk.

Hackers can take control of insecure wireless routers to snoop on all your Internet traffic, initial denial of services attacks on others, or steal your financial information.

Cable or DSL Modem Direct Connection

Some high speed Internet connections allow you to directly connect your computer to the modem.  We recommend installing a network router in this situation to help protect the computer from external traffic. Install a wireless router and turn off the wireless capability if you do not need it.

Hardwired Ethernet Network

Secure wireless is an oxymoron! Using a hardwired Ethernet connection is much more secure than wireless Internet, a must for those looking for the maximum protection. Unfortunately, this is type of access is not possible for some devices (iPad, iPhone, etc.) and is far from convenient. Most users who demand the utmost in security and performance lay Ethernet networking in their homes and businesses. They may still run a wireless network, but limit access on that network to just a couple devices.

What is the most secure Wireless Router?

Wireless router hardware is available from many major manufacturers, including Apple, Cisco – Linksys, D-Link, or Netgear. We suggest avoiding smaller companies because they may be slow to update the software (firmware) and patch security holes. Unfortunately, even the large comes stop upgrade software on their routers after a year or two, you then should buy a NEW router. Fewer notify users of new software availability.

Manufacturer’s models differ in wireless range, speed, wireless standard support (Wireless-AC), and special features. Always make sure to update to the latest firmware available; bug fixes, security fixes, and enhancements were possibly added.

More Advanced Routers

The best routers are more robust routers targeted towards small business. They have more advanced security and are updated more often. If you are not technical, forget about buying one.

• pfsense – Makes a solid security appliance. Their 2 port model is more affordable at $299, $374 with 802.11N. You need to be somewhat technical to setup Virtual LANs.
• Ubiquiti Networks – Makes a great low cost multi port router, EdgeRouter X, for under $50. Add their UniFi AP AC Lite access points ($90) and you have one of the best and cost effective Wireless setups. Again not for beginners. Great Setup Guide

Cheap 3 Router secure Wireless Setup for IOT

Here is a good setup if you are concerned about security, are not a network expert, and need to have a guest network or have Internet of Things devices. (IE Nest Cam, Nest Smoke Detector, etc)  This configuration prevents these devices from snooping or intercepting your normal traffic. Using a typical Wireless router’s Guest network will NOT accomplish the same thing.

Kudos to Steve Gibson of Security Now. Buy or re-use a cheap old router that does not have to have wireless capabilities. We will be connecting them in a Y configuration. Connect this Router 1 to your Cable / DSL Modem.

Wireless Router 2 and Wireless Router 3 are both plugged into Router 1.

• Use Wireless Router 2 for all your computer, tablet, smartphone needs.
• Connect Wireless Router 3 with all your IOT or Internet of Things devices, like security systems, cameras, thermostat, etc.
• IOT devices should use a different DNS Server than your standard one.

Optimizing Wireless Routers for Maximum Range

• Physical Location – Where you place the wireless router is very important.
  • Position the wireless router to most central or optimal location for best coverage of your wireless network, and least amount of leakage to unwanted places like your neighbors or passersby on the street. This may be high up on a wall and may not be in the room the Internet connection is located in. Keep the wireless router away from microwave ovens and cordless phones.
  • If you have sufficient wireless coverage and your wireless router supports it, you could also Reduce your wireless router’s transmitter power so it doesn’t send the signal beyond your home.
  • Run a utility such as inSSIDer that helps you adjust your wireless router’s channel configuration to prevent interfering with surrounding wireless wifi networks. Wifi Analyzer for Android, Wi-Fi Finder iOS also works. Most routers are preset to channel 6, causing more collisions.
  • Antennas – Low cost 3^rd party add on antennas extend range without the need to buy a new wireless router; free antennas can also extend range. Some antenna’s omnidirectional, while others are directional, allowing you to focus a wireless signal. Replace the cheap antenna that came with your wireless router, to significantly increase performance.
  • Add an electrical power timer to turn off the wireless router when not in use or at night. This saves money and offers added security.

Wireless Network Router Settings

Wireless routers need to be configured properly to ensure proper operation as well as maximum security. Although wireless routers from different vendors include differing configuration options, most include these configuration settings. We have included screenshots for a variety of popular wireless routers, but can never cover every single wireless router available. We recommend disconnecting your cable or DSL modem while your router is being configured as some routers take a while to boot up and present an unfiltered connection while loading up.

Before you make any changes to your wireless router, always note how it was configured before the changes were done, so you can undo changes.

Access the administrator configuration for your wireless router by either running the software that was included with it or by accessing it directly from a web browser. For instance, Linksys router web interface for their wireless routers can be accessed when entering the following URL into your browser: https://192.168.1.1/

Administrator Password

• Password entered to gain access to the wireless router hardware. The administrator password MUST be changed from factory default to something difficult and long. Many people never change the factory password and leave themselves wide open to getting hacked. See our article on generating secure passwords for tips.
• Router Default Passwords can show you passwords for routers left unchanged from default
• Disable remote router access or Remote management so no one can change your settings from outside your network. On Linksys routers, it is located on the Administration tab – Management.
• Enable Logs so that you can go back and see where problems arose.

Cisco Linksys Wireless Security Settings

Cisco Linksys Dual Band 2.4Ghz 5Ghz Wireless Security Settings

DLink Wireless Security Settings

Wireless Encryption

• It is best to use WPA2-Personal security mode, AES encryption (do not select TKIP), a long Pre-Shared Key. Recommendation: Long (40+ characters) and include symbols, and upper and lower case. You will have to enter this password on each wireless device.
• Do not use WEP or WPA encryption as they are easily hacked. WEP encryption can be broken in under a minute. If you have hardware that does not support WPA2 encryption, replace the hardware.
• Always use encryption and NEVER have an open Wi-Fi access point without a password.

Mac Address Filtering

• This should be Disabled. This ensures that only authorized Wireless devices’ Mac Address (the serial number of the networking devices) are allowed to access the wireless router. Enabling it does not make it anymore secure against hackers. They can spoof Mac Addresses.

SSID

• Name – Change the default name. Do not use your address or a personal name. It is important to have a unique name so that when you’re away from home, your devices do not automatically try to logon to other wireless networks with the same name. This will also make you less susceptible to attacks using precomputing tables based on default names. Make sure you do not use names like: linksys, netgear, attwifi, 2wire####.
• To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it.  This prevents early Windows 10 installs from sharing it and Google from indexing it.
• Broadcast – Should be enabled to present easy access and prevent devices beaconing for it when it is out of range. Hiding it does not make it anymore secure against hackers.

UPNP – Disable this feature.  Very Important! It makes your network much more vulnerable. Although adding devices will require manual action. You could also enable Universal plug and play only when adding a new device.

Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier.  It makes your network much more vulnerable to external hacking. A flaw allows a remote attacker to recover the WPS PIN and, with it, the router’s WPA/WPA2 password in a few hours was uncovered in December 2011. Checkout our WPS article on this.

Some older Linksys routers have SecureEasySetup (SES), which can be disabled to increase security.

Bands – More advanced wireless routers operate on multiple frequencies at the same time.

• 2.4 GHz – This is the typical Wi-Fi frequency used by most wireless routers.
• 5 GHz – More advanced routers support this frequency. Your computer or Wi-Fi device needs to also support the 5 GHz frequency option, so an extra network adapter may be required. Utilizing only this frequency helps prevent your network from being probed by less sophisticated hackers. *Note* 5 GHz performance transfer rate decreases dramatically the farther the device is from the router. Buy a new router if this is the case.

DHCP

• DHCP is used to handout Internet IP Addresses to your local network devices. Be sure to set a limit to the number of DHCP addresses given out by your router. This number should correspond to the actual number of devices you own. Occasionally, login to your router and audit the number of DHCP addresses given out, to look for nearby Internet leeches. RogueScanner is a free tool that will help you find rogue wireless access points and devices.

DNS

Set the DNS (Domain Name Server) that the router uses to either your ISP’s DNS Server or better yet, to Google’s high performance DNS: 8.8.8.8

Leaving the field empty could lead to DNS spoofing.

Wireless Routers with Guest Network 

This is an IMPORTANT feature to look for in a new Wi-Fi router. If your wireless router is capable of setting up a separate network for your Guests and Internet of things (IOT – Cameras, Doorbells, etc) devices, you need to ensure that it is set up properly to prevent access to your main network. Keep in mind that some older guest networks (Linksys, Cisco) simply have a password but do not utilize wireless encryption such as WPA2. Buy a new router if this is the case.

Use a different password for this network and give this out to your guests.  Also place the following types of devices on this network, not your main network.

• Security Cameras
• Wireless Thermostats and Smoke detectors (IE Nest)
• Internet of things devices (Toys, Cars, Appliances, etc)
• Cars

Isolating Guest Network Access

If you have a D-Link wireless router, be sure that the Enable Routing Between Zones option is not checked. This will prevent access by a guest network client, onto your main network.

If you have an Asus wireless router, be sure that the Access Intranet option is set to Disable. This will prevent access by a guest network client onto your main network.

• Some Asus routers have Set AP Isolated in their Wireless-Professional Menu. Setting this to Yes for the 2.4Ghz Band will also increase security by preventing guest network clients from accessing each other.
• Advanced Asus Router users: If you are running 3rd party Asus Merlin firmware adding this rule to a firewall-start file will prevent guest network users from being able to access each others:
  • wl -i wl0.1 ap_isolate 1

Known Wireless Router Issues

If you own an AsusRT-N66U or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm.

Additional Security

• Options such as Radius Authentication may be supported by the wireless router. This is more for corporate or small business security. ZeroShell allows you to set up a RADIUS server inside a virtual machine.

Third Party Wireless Router Firmware

• 3^rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware. This many also be more secure than your original firmware.
  • Why? – Need a particular special feature. Often only for power users.
  • What features would be available? – Stability, security, configurability
  • Wireless Router Compatibility – Check website to see if your wireless router is supported by 3^rd party firmware

• Tomato – Popular 3^rd party replacement firmware for many wireless routers.

• DD-WRT – Popular open-source 3^rd party replacement firmware for many wireless routers. This firmware enables you to adjust the transmit power of the router to help boost range.
• Asuswrt-Merlin – This 3rd party alternative firmware is focused on Asus routers.

Buffalo  makes wireless routers with DD-WRT pre-installed. This allows them to reduce the amount of software (firmware) they have to write, and concentrate their efforts more on hardware. If you are afraid of accidentally damaging your wireless router by installing 3^rd party firmware consider purchasing a Buffalo High Performance wireless router.

• Do It Yourself (DIY) Wireless Router – allows for advance features , good if you have extra computers, higher performance needs, QoS, IP filtering, traffic stats, special network configurations that are not mainstream.
  • Smoothwall – Popular 3^rd party Linux based router software. Runs on any Pentium-class PC with at least 128 MB of RAM. Snort Intrusion Detection System support is also available, so you do not have to run Snort in a separate installation.

Testing Wireless Router Security

Testing wireless router security is important to see how secure your wireless router really is. Here are some sites that help test your wireless router’s security. You can adjust your configuration to close any vulnerabilities they find.

• Rapid7 – Has penetration testing software
• Shields Up – Tests your network with tools from Steve Gibson of GRC.
• HackerWatch – Tests your network with tools from McAfee.
• HackerTarget – Multiple tests on your network
• Arachni – Security scanning framework

By applying special settings to your wireless router, you can significantly increase the security of your wireless network to prevent theft and secure our privacy.

Also keep you wireless router’s software up to date and buy a new one every couple years, if there has not been an software update recently.

This concludes our How to setup a Secure Wireless Network Router  article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless network Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Passwords are one of the biggest security problems on the Internet, possibly even more so than Malware. Poorly chosen passwords and security questions are making online accounts easily hackable by cyber-criminals.

1. Check to see if you have a compromised account
2. See if a password you used has been hacked

Everyone knows it’s important to create and use complex passwords, ones that do not include:

• Words from the dictionary of any language
• Personal information such as names of your kids, pets, addresses, etc.
• The same password for more than one site
• Ones that are written down

Few people follow this type of policy. If you are guilty of one or more of the above, you are at risk of getting hacked. Hackers are able to use brute force attacks to test over 200,000 passwords per hour. As technology improves, they will be able to test passwords even faster. In this article we will help you create, store, and easily use secure passwords.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Better Usernames

We suggest users first start with a non-obvious username. Don’t use your first name or first name + last name as your username throughout your online accounts. Make up a name or alias. Include numbers and/or upper and lowercase letters. Better yet, use a different username on every site. The password managers recommended below will automatically remember all your logins.

What is a good password?

1. Characters, numbers, symbols, length, complexity

A good password has alphabetical characters of both upper and lower case, numbers, symbols. The password should be at least 12 characters in length. Length is more important than complexity. Computers have gotten so fast that they are able to password crack shorter passwords in no time especially with high speed GPUs. Keep in mind that some online services have limits as to what characters are valid and how long a password can be.

Examples of good passwords include: 9F1%6!Q(&3mdIOe39 or f7aX3z&a8L2;’\]

These are pretty hard to remember, aren’t they? We will include suggestions on how to create strong and easy to remember passwords below.

2. What passwords not to use

There should be no words from the dictionary of any language, present in your password. No personal information should be in your password including birthdays, names, addresses, phone numbers, etc. Develop a mnemonic system for remembering complex passwords.

Examples of bad passwords include: 12345 or john or 123elm or password

If you have to use one of these passwords, at least harden them with some extra symbols and length.

Examples of better passwords include: 12345!!!!???? or !!!!john!!!! or $$$$123elm$$$$ or %%password!! or {[password]}

Not only are the passwords only slightly more difficult to remember, but the security is enhanced by orders of magnitude.

3. Every website you visit should have a different password. The average Internet user has over 25 password protected accounts. If you only use one password, you would be in danger of losing your entire universe, if only one site got hacked and they stored passwords in plain text.

Examples of better passwords include: 12345!!!!????ebay or 12345!!!!????gmail

Another way to create an easy to remember but secure password is to come up with a memorable sentence or phrase and use the first character of each word. Append onto the end of each site’s password, the name of each website and a symbol and a number.

Example sentence: Jack and Jill went up the hill to fetch a pail of water

Website: gmail.com

Password: JaJwuthtfapowgmail!1

4. How often to change your password

Passwords should be changed every so often, especially if you think it has been compromised. Changing a password too often causes major logistical problems. Some companies require password changes every XX weeks.  This causes more harm than good. Works will then reuse old passwords or slight variants of them. The focus should be on changing the most important and most used passwords every couple months. US-CERT has additional password tips.

5. Avoid sites that are not making security a priority. See the posts on Plain text Offenders.

How to create secure passwords

Read the National Institute on Standards and Technology’s 2017 password guidelines.

1. Manually creating passwords

You will basically pick numbers, characters, and symbols at random and keep doing so until you have created a fairly long password. The upside is that it is easy to do, but the downside is that you will probably not pick very random passwords.

2. Web pages that create secure passwords

There are several websites that help you generate secure passwords. Keep in mind that having to visit a website every time you need to generate a password, becomes inconvenient really fast.

• GRC has a password haystack page that helps compute how long it would take to hack a given password.
• GRC also has a page that generates high-security passwords.
• PC Tools helps you generate secure passwords with customizable criteria

3. Software Utilities

Several free software programs can also help you generate secure passwords. Most of these programs also store the passwords, so they’ll be covered in the section below.

4. Password testers

It is best to test your password’s security with the hacking tools the expert hackers use. Windows-based password hacking utilities include: John the Ripper password cracker, Cain and Abel (Windows only)

5. Password recovery questions or security questions

We recommend that users enter secure passwords in these fields and not the true answer. Hackers can and have mined social media including Facebook to extract answers to these questions. You can alternately put in the correct answer and then consistently append a word to it.

6. Need to register and generate a password to see content?

BugMeNot.com is a database of usernames and passwords for sites that require logging in to see content.

7. If you use Steam, turn on Steam Guard so you need to respond to an email or use a mobile code every time you login to Steam from a new computer. Blizzard has an addon two factor authentication app to protect their gaming logins for iOS, and they also have a hardware authenticator for sale.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

Many sites give alternate methods of logging in, if you do not have your second factor available. Commonly these are using your social security number or birthday, data that could be publically found.  This helps negates the advantage of two factor.

In the end, using Two Factor authentication is better than not using it.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

8. There are password cracking utilities from companies like Elcomsoft that can break the encryption on many programs and even smartphones. Keep this in mind when assessing the security of a product.

9. If you are buying a new notebook, consider buying one with a hardware security module built-in. The new Intel Ultrabook lightweight notebook specification includes support for a IPT Identity Protection Technology hardware security module or Trusted Platform Module (TPM) that can enhance security by requiring both a password and this hardware key to access certain websites.

How to store and use secure passwords

1. Do not store your passwords in a simple Word or text document. Also, do not write your passwords on a piece of paper or Post-it note. Obviously, your passwords could be easily stolen this way. Storing password in a browser is also a no-no. They have been hacked easily. If you really need to write down your passwords, only write down parts of your passwords and or login, and leave the rest blank.

2. The best place to generate and store passwords is a password wallet utility program.  Our goal is to find a Multi-platform PC, Mac, iOS and Android compatible program that can create  secure passwords, save the passwords, and automatically fill forms with the secure passwords. Here are some examples:

• Lastpass – A password manager that works on Windows, Mac, Apple iOS, Linux, WebOS, Windows phone, Symbian, Android, and Blackberry. Stores data on the web for access anywhere and at anytime. Automatic form filling, one click login. Supports Yubikey, multi-factor authentication including Google two step authentication. Free for mobile users starting in August 2015. Make sure you have Password Iterations set higher than 1. Downside: Mobile version costs money, data is stored on their servers. A two factor authentication system using SMS text messages is not secure.
• KeePass – Open source password manager with auto type capabilities. Available for Windows.  Unofficial versions for Apple iOS, Android, Mac, Linux. Be sure to select the options to:
  • Lock workspace after KeePass inactivity
  • Lock workspace after global user inactivity
  • Lock workspace when minimizing main window
  • Lock workspace when locking the computer or switching the user
  • Lock workspace when the computer is about to be suspended
  • Lock workspace when the remote control mode changes
  • Downside: Password database is stored locally, no online synchronization.
• 1Password -A $49.99 password and identity manager that automatically save and fill website logins. Supports Apple iOS, Android, Mac, and Windows.
  Downside: Cost, Can’t retrieve master password.
• Passpack – Free version supports up to 100 logins. Windows only. Supports most browsers. Supports yubikey. Uses Adobe Air. Allows sharing of logins.
  Downside: Adobe AIR only. (No iOS support)
• Password Safe – Open source password manager for Windows.
  Downside: Windows only.
• Roboform – A password and wallet manager for Mac and Windows that is complete with 1-Click form filling. One identity is Free, Unlimited Logins, Identities, Bookmarks, Safenotes and more cost $29.95.
  Roboform everywhere supports Apple iOS devices, Windows phone, symbian, Palm, Android, and Blackberry. It costs $9.95 for the first year. $19.99/year thereafter.
  Downside: Cost, occasionally pops up when not needed, smartphone apps can’t fill forms, remote access doesn’t allow editing form-fill data.
• Clipperz – Free Online password manager from an Italian company.
  Downside: Web based, requires connection.
• SafePad – Is a notepad with password protection

Our recommendation is to use one of the password managers above for most of your passwords, while remembering a couple important passwords through memorization. Your e-mail, online banking, and online trading passwords should not be stored within these password managers.

Important: If you use a password manager and use its convenient form filler, DO NOT enable automatic form filling. You could be brought to a malicious page and have all your information automatically entered on it, before you realized it.

3. Never send your password via email, over a social network like Facebook, or via phone.

4. Do not forget to backup your Google account with Google Takeout

We have covered many ways for you to create, store, and use secure passwords. If more people utilized the techniques covered above, fewer password intrusions would occur.

Here are some resources for free internet security software from major vendors. Most of the software is free for home users, while businesses need to purchase a license. We divide the free software into different categories including internet security suites, antivirus, antispyware, and intrusion detection and prevention.

Internet Security Software Downside – Spying on You

Any internet security program needs to watch the sites you visit for malicious activity, this includes secure sites (https://)  To watch your secure browsing activity, security suites need to replace the security certificates with their own, performing a man in the middle (MITM) attack essentially.

Hopefully this snooping is all in the name of security, not in stealing your credit card, banking information, or identity. You can read more about Avast.

Kaspersky Anti-Virus is often free after rebate but no longer recommended.

1. ISP Provided Free Security Software

Subscribers to certain internet service providers get access to free commercial internet security software. There’s no need to pay a dime for top notch security software.

Century link – Free F-Secure suite.

Charter – Charter security suite.

Comcast – Norton Internet for Mac and PC.

Cox – Free McAfee internet security software.

Optimum – Free CA Internet Security Suite.

Road Runner – Free CA Internet Security Suite.

Verizon – Charges $5.99/mo for internet security software, select one of the free options below instead.

2. Free Internet Security Suite

There are very few Free internet security suites. Most users pick and choose programs from the various categories below to create their own free Internet security suite.

agnitum – Outpost Internet Security Suite is one of the few free suites.

comodo.com – Free Internet Security Suite

3. Free Antivirus  Download

Free PC Antivirus Download that both scans and repairs files. Automatic update virus signatures updating is a must, as is scheduled virus scans.

free.avg.com – AVG Free version.

avast.com – avas!! Free Antivirus includes Web reputation feedback.

avira.com – Avira Antivirus Personal – We like this one.

bitdefender.com – Bitdefender Free Edition – on demand scanner. not automatic, so we recommend only using this for single purpose scans, i.e. when you are trying to remove an infection.

clamwin.com Clamwin – Free & Open source

Microsoft Defender.

Panda Cloud Antivirus  – Free, lightweight.

pctools.com – PC Tools Free Antivirus

PC Magazine Best antivirus article.

Sophos – Free PC and Mac Antivirus

Virus removal tools:

AVG Rescue CD – Bootable CD

Hiren’s BootCD – Older antivirus versions

McAfee Labs Stinger

Sophos Anti-Rootkit

Beware of fake Antivirus Software especially those from popup Ads, spam advertisements, and bad Google search results. When in doubt use one of the links above. ‘Scareware‘ that performs fake antivirus scans and make you pay for phony fixes has exploded.

4. Free PC Firewall Software

PC Firewall Software is built into Windows 7 and Vista but power users may want more control, so consider installing one of the following.

comodo.com – Free Firewall & Anti-virus, plus proactive security

Glasswire – New modern firewall

pctools.com – PC Tools Firewall Plus

agnitum – Outpost Internet Security Suite is one of the few free suites.

5. Free Antispyware Software

These utilities are mainly useful when you have been infected with malware and need to ensure that you have remove all traces of it.

Ad-aware – Also one of the first antispyware apps. Free for personal home use.

ComboFix is free software that helps remove virulent malware.  It can be run from the Windows Recovery Console.

Emsisoft Anti-Malware – German antimalware

F-Secure has a free bootable Rescue CD that allows you to fix a computer that no longer starts up correctly.

Malwarebytes – Designed to clean out all types of malicious malware.

Spybot – One of the first anti-spyware apps that has faded in popularity.

SUPERAntiSpyware.com – Detect and remove Spyware, Adware and Remove Malware, Trojans, and more.

ThreatFire AntiVirus – Actively defends against new threats.

6. Free Anti-Phishing Toolbars

Most anti-virus or internet security software provides anti-phishing support built-in. If your security software does not include this feature, consider installing on of these toolbars.

Traffic Light – From bitdefender, unobtrusive web threat control

Netcraft Anti-Phishing Toolbar – Community based anti phishing toolbar.

7. Intrusion prevention and detection

Intrusion prevention and detection software is designed to watch network traffic and prevent attacks on your network. This software is typically targeted towards small to mid-sized businesses.

snort.org – Open source network intrusion prevention and detection system (IDS/IPS)

Syslog watcher – Syslog Watcher can collect, parse, store and analyze syslogs. Not really an intrusion prevention, however users can examine router and firewall logs looking for intrusions.

Kiwi Syslog Server – Receive and manage syslog messages from network devices.

8. Anti-Virus Review Sites that compare security software

Techradar.com – Reviews security software.

AV-comparatives.org – Independent comparatives of Anti-Virus software

PC Magazine – Online review site with security software reviews.

Virus Bulletin – Independent anti-virus software test lab

Virus total scanner – Scan files, you submit, online using multiple virus engines. This process is slow because you have to upload the files to their servers.
Jotti’s Malware Scan – Scan files, you submit, online using multiple virus engines
NoVirusThanks – Threat analysis APIs, tools to prevent virus

OPSWAT Metascan – Scan files, you submit, online using multiple virus engines

9. Malware Analyzers – Analyze the behavior of files you upload:

Anlyz

Any Run
Threatexpert
Norman
Comodo Instant Analysis

10. Misc Security Software

SuRun is very configurable implementation of Run as Administrator.

There are many free alternatives in Internet security software for the PC. Hopefully the lists of programs above satisfy your needs for internet security software.

Firefox is one of the most popular web browser for Windows and other platforms. This makes it a large target for malware and cybercrime. We will focus on securing Firefox, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Firefox and recommend users to upgrade to the latest version of Firefox. We also recommend running under Windows 7, 8 or 10, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Firefox includes the following security oriented features:

• Instant Web ID
• Do not Track
• Private Browsing
• Clear Recent History
• Customized Security Setting

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Firefox Add-ons to UNINSTALL

Software that enhances Firefox can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Firefox to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Firefox through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

• Adobe Reader or Adobe Acrobat – This is a major source of internet threats, so consider using an alternative PDF reader such as Foxit Reader, or PDF-XChange.
• Flash Player – This animation enhancement plug-in is widely used but full of security holes, leading to many updates. If you need Flash, you will have to update it constantly.
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – We recommend removing it from your system unless you really need it. This software is another possible time bomb waiting for exploitation.

Hardening Firefox’s Settings

Firefox can be secured even more with several key changes to the browser’s settings.  We have selected all the Critical settings for Firefox.

1. Prevent Firefox from saving passwords

Firefox can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

1. Launch Firefox
2. Click on the Tools Menu
3. Select Options
4. Select Security Tab
5. Make sure Remember password for sites and Use master password are not checked
6. Click Saved Passwords
7. Click Remove All to remove saved passwords

2. Mark Valuable Data Inaccessible to Firefox

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Firefox. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

3. Allow Firefox to update itself

Firefox automatically tries to update itself, which is a good thing, but it asks whether it is ok to install a newer version. Be sure allow Firefox to update itself tot he latest version available, so that you have all the latest security fixes.

4. Prevent Firefox from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They were first supported in Firefox 4. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem.

Helpful Firefox Add-ins

NoScript – Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting. Make Sure you go into the Options – Whitelist – And remove all sites from it, so you start from scratch without trusting anyone.

HTTPS Everywhere – Automatically makes Firefox try to use https secure connections whenever available.

Simple URL Extender – Replaces short URLs with the originals so you can see where links actually link to. Essential for Twitter.

URLs List – Shows the URLs of all the tabs of a webpage.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

Cocoon – All-in-one plugin that tunnels your traffic through a SSL-encrypted proxy for privacy and security.

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Firefox already includes the SmartScreen Filter that detects dangerous websites and warns you. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Firefox to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Firefox from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Firefox Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Firefox, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins.

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Firefox settings, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Optional Software from Microsoft and Other Third Party Developers is a crucial part of adding computer security to your Windows based PC. We recommend a minimal set of crucial network security software add-ons that we feel all users should install. Here are several extremely useful free security oriented software utilities from Microsoft, that are not bundled with the operating system. These programs add additional security for Windows and are free to download.

Before you make any changes to your system, always back it up.

Google Docs can replace Microsoft Word and Excel. Doing so helps prevent many of the security holes in Microsoft Office including Flash based bugs.

Windows Firewall Control customizes Windows 10’s built in firewall. You can control outbound traffic if you set it to Medium filtering or High.

Microsoft Security Essentials – For Windows 7. Free anti-virus software from Microsoft that is a no-brainer for everyone. Microsoft Security Essentials can also be used by small business on up to 10 PCs! It includes automatic updates and is easy to use. Newer versions of Windows include Windows Defender.

Microsoft Baseline Security Analyzer – Scans your system for security problems, missing or obsolete Windows components and patches. This is oriented towards small and medium sized businesses but can also be used by consumers. For Windows 7 and server operating systems.

Windows Defender Offline formerly known as Microsoft Standalone System Sweeper Tool – A bootable software tool that can find root kits and other hard to find malware (like rootkits) that normal anti-virus and anti-spyware software can’t. This creates a bootable CD/DVD or USB drive that needs to be booted from. Only run this tool when you believe you have been infected or every three months or so.

3rd parties have a similar Rescue Bootable CDs:

• AVG Rescue CD
• Avira Rescue System
• BitDefender Rescue CD
• Comodo Rescue Disk
• F-Secure Rescue CD
• Kaspersky Rescue Disk no longer recommended – Russian Government Ties
• Trend Micro Rescue Disk

Microsoft Log Parser – is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.

Top Security Suites

If you prefer to purchase Internet security suite, a recent PC World review listed the top 3 security suites as:

• G Data Internet Security
• Norton Internet Security
• Bitdefender Internet Security

Free and Useful third-party software tools

These are several critical tools that every user should have installed on their system to increase security. These tools are not made by Microsoft but are a critical part of any free security software suite.

Foxit Reader – PDF files are a widely used means of breaking into a computer. A 3rd party PDF-reading utility that has far fewer security holes than industry standard Adobe Reader. Malicious PDF files that are emailed, are one of the fastest growing infection vectors for malware. We recommend removing Adobe Reader or Adobe Acrobat Reader and using this instead.

PC Decrapifer – Quickly uninstalls unnecessary or trial software loaded by PC companies. This is a good program to run after you have purchased a brand new PC. No need to run this on an existing Windows PC.

Sumo – Scans your system for obsolete software. Older versions of software may possess security risks that must be fixed. If you find yourself updating a lot of software you do not use, uninstall the program. Older versions of software may no longer be updated, forcing users to pay for newer ones. Using old unsupported software may put you at a security risk. Secunia’s PSI was discontinued.

GlassWire is a free firewall and network monitor tool for Windows.

NoVirusThanks has several useful free PC utilities including SysHardener and OSArmor

Zone alarm Free – A free firewall program that has been in existence for many years. It adds many capabilities and easy to access filters, over the one built into Windows 7.

Truecrypt – Free open-source software that encrypts critical files, folders, or entire drives. Utilizes extremely secure encryption algorithms. Store your most sensitive data within Truecrypt encrypted containers. Consider encrypting your entire drive if you own a laptop.

Truecrypt’s founders have walked away from its project around 2014 and say “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”. Forked versions of Truecrypt are now available as is a security audit on the code itself.

Veracrypt is based on Truecrypt 7.1a and should be what you switch to.

Revo UnInstaller – Uninstaller utility, only for use when the regular uninstaller fails to function.

CCleaner – This utility goes way beyond Windows 7’s disk cleanup tool. It helps remove unnecessary files to free up disk space, and to securely erase free space and deleted files. No need to ever pay for a utility that claims to speed up your machine or clean your registry. Supports 32-bit or 64-bit. Also cleans up files from many popular third party applications.

Malwarebytes Anti-Malware – was free software that helps you remove malware, not defend against it. With version 3 they started charging. They also have a free Malwarebytes AdwCleaner.  Consider installing this program if you are unable to remove malware using the software utilities listed above. If Malwarebytes did not help to remove the infection, try SuperAntiSpyware Portable. Copy it to a CD or USB flashdrive, boot your computer into safe mode, then run the program. F-Secure has a free bootable Rescue CD that allows you to fix a computer that no longer starts up correctly.

NoBot – An anti-bot software scanner that does not need to be installed.

WinPatrol – Takes snapshots of your critical system files and resources. The program then alerts you to any changes that may occur due to malware or installing software.

Retina Network Community – Lets you test your server and hosting for security vulnerabilities.

Heimdal Security Software Free – Helps update software to prevent security holes.

By applying several free Windows security utilities, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our Free Security How to: Computer Security and Computer Protection on a Windows computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure Wireless Network, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Google Chrome is one of the most popular web browser for Windows, Mac, and Linux. This makes it a large target for malware and cybercrime. We will focus on securing Google Chrome, and will significantly increase the browser’s security through add-ins and special hardening settings. We also recommend running under Windows 10 or Windows 7, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

The #1 Tip for Chrome Security

Keep it updated.  Google fixes bugs quickly and updates an internal Flash plug regularly. When you start Chrome, you should select from the Chrome menu – Settings – About – If it shows a newer version, download it and relaunch before doing ANY browsing.

Why Chrome?

Chrome is a much newer browser than Firefox or Internet Explorer.  It is not saddled with all the baggage of IE, where a change needs to be regression tested with many parts of Windows.  Firefox has been around for a while and is also slowed down with lots of historical code.

A recent security test from Accuvant Labs found Chrome more secure, primarily due to its Sandbox technology.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Google Chrome includes the following security oriented features:

• Safe Browsing
• Sandboxing
• Auto-updates
• Built in PDF viewer
• Built in Adobe Flash – Kept up to date by Chrome

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Google Chrome Add-ons

Software that enhances Google Chrome can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Google Chrome to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Google Chrome through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

• Adobe Flash is built in to Chrome. A pdf viewer is also built in. We recommend Disabling it
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Flash Player in the list of plug-ins. You may see more than one Flash Player listed.
  • Select Disable for each Flash Player listed
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – Is disable by default on newer version of Chrome.  We recommend removing it from your system unless you really need it.
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Silverlight in the list of plug-ins.
  • Select Disable for each one listed

Hardening Google Chrome’s Settings

Google Chrome can be secured even more with several key changes to the browser’s settings. We have selected all the Critical settings for Google Chrome.

1. Prevent Google Chrome from saving passwords

Google Chrome can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

1. Launch Google Chrome
2. Click on the Dashes Icon on the far right
3. Select Options
4. Select Personal Stuff on the left hand column
5. Make sure Never save password is checked
6. Click Manage Saved Passwords
7. Click and remove all saved passwords

2. Mark Valuable Data Inaccessible to Google Chrome

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Google Chrome. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

3. Allow Google Chrome to update itself

Google Chrome automatically tries to update itself, which is a good thing, but if it asks whether it is ok to restart the browser to use the new version, be sure to say yes right away.

4. Google Chrome secure website warnings

Google Chrome displays warning icons when you visit a website that has possibly dangerous information on it. Look for the following icons right next to the https:// in the browser.

The site uses SSL, but Google Chrome has detected insecure content on the page. Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

5. Sandbox Google Chrome plugins

Google Chrome has an option to for plugins to be run in a safe sandbox. Make the following change to enable this feature. Note: Files and folders marked with the everyone permission, will only be accessible.

1. Press Start menu
   
2. Right click on Google Chrome
3. Select Properties
4. Add the following text to the Target field, right after “chrome.exe ” –safe-plugins. Make sure there is a space after .exe.
   
5. Click OK

6. Prevent Chrome from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They are supported in the latest Chrome. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem by adding the following when launching Chrome:

--disable-accelerated-compositing

7. Enable Server Certificate Revocation Checking

Note: This was removed in later versions of Chrome

Most browsers do not have a setting enabled by default to check Security certificates to see if they have been revoked. It is important to do this, otherwise you could be access a sign with a stolen certificate and it appears to work fine.

1. Click on the Dashes Icon on the far right
2. Select Settings
3. Select Show advanced Settings.. at the bottom
4. Scroll down to HTTPS/SSL and Check Check for server certificate revocation

8. Check for Compromised Digital Certificates

The NSA has a PDF that describes a way to help Windows defend against Compromised Certificates.

You can also run the RCC program to check for untrusted root certificates.

Helpful Google Chrome Add-ins

Docs PDF/PowerPoint Viewer – Automatically previews pdfs, powerpoint presentations, and other documents in Google Docs Viewer. No need to download pdf files to your computer and potentially have a bug in Acrobat cause a security problem.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

ScriptNo – A ‘NoScript-like’ extension for a safer and faster Chrome. Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting.

KB SSL Enforcer – Automatic security, browse encrypted using HTTPS secure connections whenever possible, automatically.

Flashblock – Blocks Flash so it won’t get in your way

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Google Chrome can warn you if it detects that the site you’re trying to visit is suspected of phishing or containing malware. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Google Chrome to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Google Chrome from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Google Chrome Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. You can manually install Google Chrome. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins. You can manually install Google Chrome.

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Google Chrome settings and adding add-ons, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Linux is a great operating system to supplement your existing environment. We suggest using it on a bootable piece of media to perform your more important online tasks, such as online trading and online banking.

How to use Linux for secure computing

1. Installing a Clean Linux OS with no modifications, program add-ons, etc, helps prevent keyloggers, spyware, and other malware from being installed. Burning Linux Live CD to a write only media such as a CD/DVD or a Kanguru USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

2. Ubuntu Linux is a user-friendly Linux distribution and a good bet for most Linux newbies and novices. Try it on USB drive or burn it to a CD, there is no need to install the operating system on to a hard disk. We recommend you use an LTS or long term support version of Ubuntu so that there is long term stability to your Linux choice. (10.04 LTS is a good choice) The other popular Linux distribution is known as Fedora, it is more data center, server-oriented. If you are reading this, Ubuntu is the way to go.

3. Unetbootin is a useful utility that creates a bootable live USB drive or flash drive from Linux distributions, such as Ubuntu, Fedora, etc. It even downloads the Linux distribution automatically.   This program run on Windows, Mac OS X, and Linux, but the resulting USB drives are bootable only on PCs.

4. Backtrack is a specialized Linux distribution for penetration testing. It is filled with useful tools to test the security of computers and networks. You can use Unetbootin to install it on a USB drive. Backtrack is designed for security experts, it is not easy to learn.

5. Tails is a preconfigured Linux distribution full of security essentials. It includes the Iceweasel browser, which utilizes the Tor network for anonomys browsing. HTTPS Everywhere, Adblock Plus, and NoScript are preloaded, to increase security and block ads.

6. If you cannot make a Linux Boot Disk, use a Chromebook.  It runs a custom version of Linux and does not run software, like Flash or Java. Login using guest and you will use the chromebook with no installed chrome web apps. After you log out, all traces of your activity are erased.

Use the Chromebook only for your banking, no email or web browsing!

Tor is only as secure as its exit nodes. If a hacker creates an exit node, they can ease-drop on all communications.

Claws email client with OpenPGP is included for secure email. LUKS is utilized for automatic file encryption.

Does this make you want to try Linux? Have you used a Live CD?