Windows Security Tips
Вставка
- Опубліковано 26 вер 2024
- In this video I am going to give you tips to keep your windows computer secure. security is important. So its a good idea to do whatever you can to keep your system secure.
Please Like this video and Subscribe to my channel
www.youtube.co...
My shirt from the video
www.cybercpute...
#Windows #Security #Tech
Your password method is actually what I've been doing for a year now. Glad to see someone else does that.
I'm an IT Security Professional and i can tell you the actual statistics on vunerablilities and weaknesses on a Windows operating system. Only 6% of infections come from your anti-virus/malware not stopping the infection. The other 94%(yes i said 94%) are from people NOT updating their Windows Operating System. What people don't understand is that Windows OS's are like swiss cheese; they have tons of wholes in them. And everytime you receive a Windows update for your OS, it plugs one of those holes. Sadly, Windows is written so poorly from a programmer standpoint that it's constantly finding new holes. It's like a wack-a-mole game. Everytime you plug a existing hole, i new hole appears. Your best Security advice is NOT to use Windows OS's at all!
100% correct.
What Operating System do you suggest
Yes your spot on it's a shame that most applications that I run only use windows executables
I disagree... the number of vulnerabilities are not really less than on other operatings systems. This wack-a-mole game is existant on every complex operating system.
Also antivirus/anti-malware or any other blacklist-based security system are not the solution to go, every Windows Security Professional will clearly tell you to go with whitelisting.
OP, you might check yourself. CyberCPU is presenting this video to an audience that knows only the basics about a PC and Windows is the only thing they own. So, any of your suggestions are way over the head for a general user.
Anyone else suggesting to use very friendly Linux distros is also not get getting the audience this is meant for. I would argue that using Linux for an average user is less secure than staying with Windows. The reason primarily lies in the fact that’s a whole new operating system a user needs to learn, so they will most likely will do more damage in Linux messing around with settings.
I just discovered your channel a couple of days ago and i automatically subbed.
Your content is awesome!
1:00 Setting - Accounts - Local Account
1:50 Control Panel - User Account - Change your account type - Standard
4:50 Start - Setting - Account - Sign in options - Password
9:50 Start - Create a restore point - Configure - ✅Turn on system protection - ok
15:35 Start- type Control panel - Networking and internet - Networking and Sharing Center - Change adapter settings - right click on Ethernet icon - Properties - ?!?!?
Another wonderful video that will protect thousands of people! Thank you; you do a great service for us.
top-notch video! i am studying cybersecurity and this info has been very valuable. Thanks bro! Subscribed to your channel now
Great tips! I run with a standard local account, myself, even though the UAC prompts get old. I use Windows Defender as my AV with core isolation enabled, I run EVERY download through VirusTotal and have Windows Sandbox enabled in the case of downloads that I am not 100% sure of. Also, I actually use Quad9's DNS (with DNS over HTTPS enabled in my browsers) which automatically blocks a gargantuan list of malicious domains entirely and is probably the most private DNS service. On top of that, I ensure that my adblocker (Adguard is my preference) on all of my browsers has access to a filter list to block malware domains and functions as well. Oh, and I also encrypted my storage drives with Bitlocker (TPM enabled) just for added security, though that's a bit overkill as I live in an area with an extremely low crime rate. While I do have a less complex password for my PC, because of where I live, I'm not terribly worried about it as it's not a BAD password, it's just not as ridiculous as my passwords for sites that I use (at LEAST 50 characters each, with random letters, numbers and special characters, all managed through KeePassXC).
Great set of tips. I'm 100% with you about passwords, what your remember and never write down beats something you have to write down to always reference... especially at work, where they think long complex passwords that need to be changed every X days is the way to make things secure. Yeah. Sure. I should buy stock in 3M post it notes.
So true!
A paradox re: forcing constant PW changes, is that user fatigue leads to weaker, more friendly ones, and yet also increases likelihood of failure to recall, hence Post-Its above the unattended office desk, etc. I use free Keepass for over 12 years, and its complex master PWd never changes; its auto-fill works well and I never use easy ones nowadays for anything, letting Keepass generate solid ones for me.
The reason for the "chance the pw every X days" in companies is actually something else: many hand out their passwords to their collegeues, partner or kids. To limit the number of days this password is known to more than one person (how it should ALWAYS be) without extra "tell it again", admins implemented that expiring password thing. It was a battle between admins against some careless users, who are not aware, that it is unacceptable to EVER give out a personal password to ANYone, even if THEY trust them 100%.
This can be nowadays obsolete with two factor authentication and/or biometrics (face/fingerprint), as you can't "borrow" your finger or face to a collegue when you are absent.
The official Microsoft/Windows advice now, is to turn off password expirations. Just... Completely. Microsoft has written several blogs and papers on why forcing password resets is insecure by now. The reason comes down to, "if users have to keep changing their passwords constantly, they never remember them and write them down on sticky notes, etc. where others can see them which is itself, a really bad idea."
They keep the password reset function in the operating system because people demand it and many "experts" still run on the erroneous idea that password resets are more secure. Single sign-on (SSO) is becoming more of a thing at least, which is good because at major companies, you now use only your username and password to access most services even though you still reset it every three months or so, so at least you don't have to remember multiple passwords. Less likely to write it down.
But... On my personal Windows box I have used the same password for over ten years. Just one and done. No resets. No refreshes. No anything. One and done.
Yep, fairly solid set of tips. Good stuff.
Thanks.
@CyberCPU Tech, glad you mentioned PiHole towards the end of the vid. I recently went a step further with mine and installed a recursive DNS server called UNBOUND along side PiHole. Im still in the testing it out for speed/reliability phase but for the most part its seems to be running well despite the fact its running on a pi2.
I was curious what your opinion is on PC Matic? Ive been using it for a few years now and it seems pretty good and low impact on the machine. I value your opinion. Great channel BTW
The Microsoft account thing is a double edged sword though. Apps you download from the Microsoft store have limited access like they do in iOS and Android and I presume Linux. Traditional windows apps aren't limited in this way. In order to use those versions of apps you have to have a Microsoft account.
Now, you CAN uninstall OneDrive if you want but many devices come with encryption without having to pay extra (finally!") to protect your data in the case of theft. I actually uninstalled OneDrive because I use Google Drive.
I also think that a written down, complicated password, is more secure because you're most likely to have your account attacked by somebody who doesn't have access to your PC.
I use a memorable password for the service that manages my passwords and that's it but for older people I can see how password managers might complicate life.
So clearly explained. Thanks.
Thanks for all your Windows 11 programs, I bought a new PC and would have been totally lost without your programs. I have run into an issue that seems pretty common. After changing the automatic reset point as you advised, I set a new point manually and tried running a system reset, but it failed. I found several UA-cam shows on how to fix this, most confusing. I doubt this has anything to do with the registry change so could you do a program on how to fixe system reset when it fails?
Energy of dad joke on this channel is insane
yeah, security thing is huge these days.
If your one of those persons that have or might fall for tech support scamm, you most defently do not want your info stored on your pc, but how windows 11 is and wants you to have a online account to even be able to logg into windows 11... (yes I know about the local win11 account workaround), but I still see this forced windows account loggin as a high privacy risk. since you cant easely have bogus info without changing it online on microsoft account itself,.
Not only that, streamers to, seeing theyr real life info.... some streamers dont want to share that part of theyr real life.
I forgot all about UAC so thanks for that info!
Just found tour Channel, and This is just a Big Big help. Thanks. Hope you will make more beginners videos🙏
regular updates and local accounts are the two most basic things- to do security wise on any operating system. everything else is a nice to have thing
Very great explanation
Is there a way to make specific system restore points permanent? I would like to be able to revert back to a fresh installation with custom apps installed
I have problems using System Restore when using Bitdefender Total Security. It becomes so tightly linked it stops me using recovery using S.R. I used to love it as it was so easy to do. 😞
I use pi hole + unbound for my dns 👍
Pi hole works pretty good.
6:00 - passwords
I avoid using password manager because it hard for me to trust some remote company with this.
Suggestion:
I use a password generator from site name and year, just a sequence of edits that gives me a unique password that hard to guess.
I only need to remember the script.
Been using it for years, never failed.
Those Head flourishes he does to get the beard movin is hilarious
Great video. I had switched to Linux unfortunately 2 of my work-related programs only run on Windows 11 :( So I had to buy a Windows laptop.
im new to all this. so be nice haha. but if you have a local account, doesn’t that mean that if something happens you are in danger of loosing everything you had in there?
Thanks for your tips with security. I am doing what you explain. Nice to know its good practise!!!
I just stumbled onto your videos, lots to interest. Thankyou.
In this vid you mention the possibility of changing the MS account to local account on a loaded system. I don't want to reload everything, so, do you have a video for this process please? TY
This a great common sense + (i.e. smart sense) video. Finally some good info!
I have yet to find a SSD or HDD that I cannot access plugged in to a USB as a data drive on my personal PC, or laptop. That OS is not active, so I can get into, and transfer most any data on the drive. I've done this numerous times for friends and family in the past. As for me, I don't keep anything important on my "C" drive other than applications, and my Document folder is backed up weekly to a different physical drive
I did the "System Restore Point" registry tweak a several months ago, What annoys me is after every build update (Windows Insider Dev Tier) The system restore is turned off, I know with the new build there is also a new registry settings, For some reason after every build my internal (secondary) 3 TB hard drive and my optical drive (DVD drive) disappear from "This PC" window it only shows my C: rive SSD.. I have to end up running "msdt.exe -id DeviceDiagnostic" and restart my system.. Sometimes I have to do that and go to my device manager/storage controller and uninstall my "Intel(R) Chipset SATA/PCIe RST Premium Controller" and restart my system.. I figure doing a fresh install of Windows 11 Pro, would probably fix it, but I have a lot of software and programs that I would also have to reinstall and last time I did a complete fresh install of my OS on My other computer it took me almost half the day to do updates & reinstalls.. I have tried literally every trick I can think of to stop it. Do you have any suggestions?? BTW, love your channel, I have found 99% of all your advice to be spot on.. Even techs need help (me, LOL) Thank you for sharing.. Sorry to babble on so..
Love all your videos, my question is, if you already have a computer that is already set up with a Microsoft account, is it possible to add a local account, set it as adminstrator, and then delete the original Microsoft account, will this work the same as setting up the computer as you have shown here? Im ask because i dont really want to start installing Win11 from scratch
You can just convert your Microsoft account to a local account.
Very good , what about malicious software removal tool (mrt) build in windows?
I've never used it. Is it any good?
Hey CCT! 👍 After viewing this video I checked my UAC and it was "NEVER NOTIFY". Now I don't remember if in a bumble headed move I set it that way but I promptly moved it to "ALWAYS NOTIFY".
Great stuff as always. Thanks!
This is awesome
Thanks.
I keep my important passwords (banks mostly) on an encrypted USB stick. They are long and completed, mostly, some are nonsensical statements. Only need to remember the long and complicated master password for the stick.
It is extremely difficult to set up a new Windows 10. You just click through the setup assistant but then you have to add the same user with the command prompt, make it an administrator then remove the account the assistant created. The next thing is to uninstall the Windows Store with the PowerShell or the registry because you will generate so many CPU errors that it will destroy your mass storage device by overfilling it with reports. Any time you have a kernel on the filesystem you turn on DEP in the advanced system settings because oftentimes you have no idea how many accounts go on it’s security card and by the time you learned of all of them your computer has been attacked and went down. If anything happens to your operating system just switch to Unix and start virtualizing older editions of Windows and your system will eventually come back!
Thats the first time I hear someone say it is difficult. Plus, why remove the first account at all? Also why would Windows Store generate "CPU errors" (what kind of?) and even if, why would it destroy a mass storage device? I administrate hundreds of systems for quite a few companies professionally, and never any mass storage device was overfilled (or destroyed) with reports!?
Another problem with BitLocker is Microsoft has your key. Why does anybody want MS to know it is beyond me.
That makes no sense. If your system runs Microsoft, you are always completely in their control. Same as with your computer manufacturer: if HP, Lenovo, ... whoever wants to get into your data or anything else (e.g. log all keyboard inputs), there is nothing you can do about it.
You need to trust at least your computers manufacturer, and the operating system manufacturer. There is nothing around that. Plus you also need to trust any software manufacturer that you give admin rights for installation.
Why does it matter? No one can remotely access your drive. The key is for physical access!
For the AV I use Tronscript which is like offline-Virustotal. I run it once a month just in case.
A real time AV is far more important then an off line AV.
@@CyberCPU correct
@@CyberCPU Of course, I use Tronscript to just make sure everything is all right.
I do have real time protection as well
@@petertrex Personally I never run offline scans. The purpose for offline scans it's to scan files that you've downloaded before the latest definitions were updated. That's assuming you didn't run the file after downloading it. I can't remember another time in all of my years of using a computer that I downloaded a file that I didn't need right then. 😂🤣
@@CyberCPU I guess that makes sense.. but I just want to be sure and Tronscript lets me use multiple AVs which the data base is always being updated.
Even though Windows security detects threats very well, Some can bypass it.
so I just like to have way to scan everything with multiple database. and after that, the temp files of the AVs will be wiped, so it will not cause any lags or anything.
SO it's more of mind thing rather than actually protecting my PC.
how do u deal with virus and connectingg these pcs to the internet if u needed to do updates or install software? i given a x99 system and ive wiped it but i still dont trust plugging it into my network to reinstall all the driverrs?
Very helpful for an illiterate like me, thank you!
the *_most_* secure way to sign into windows is actually with a security key.. you should do a video on that!
Great tips but what about Cloudflare DNS?
I've never used them. Are they good?
@@CyberCPU Well They claim they also filter malware websites and that it's faster. Have been using it for the past year or so and haven't had a problem. Btw great content keep it up
@@CattopyTheWeb Good to know. I use Open DNS because of its configurability. I like the fact you can filter sites based on topic or category.
Other ways to keep safe is also your network, I have firewall and security setup on my router that blocks in coming bad traffic.
All routers should do that.
90% of chances, the problem is between the keyboard and the chair.
how often will the system restore be creating a new point, every time windows boots up?
Bitdefender is just fine..
But for simple office use also Defender it's ok under local accounts..
I don't recommend bitdefender at all. I absolutely hate that AV. I've seen more issues caused with that AV than any other one I've had to deal with. That's actually saying a lot considering McAfee and their past practices.
@@CyberCPU yeah..9k..why not..I'm using Bitdefender for many years.. probably because I have R9 5900x and 64Gb RAM..😂😉👍
@@crisbalgreece lol
I'm understanding why you cannot stand Microsoft, that said, could you do a video ion how to bypass constantly requiring to sign in to local microsoft, account
CyberCPU - I cannot find SYSTEM RESTORE in REGISTRY. Using windows 10
It will take longer to crack a pure alpha password of 10 characters than 8 characters of alpha-numeric- length is what matters (that's what she said), not complexity. 12 or more characters is the goal, so nonsense passphrase is the way to go. A good alternative DNS to google is Cloudflare's 1.1.1.1 (yup, it's that cool).
Do have a virtual box tutorial?
Is antivirus needed?
windows security is the best for pc
if I use Bitlocker or Veracrypt to encrypt a PC drive, then temporary unlock the encrypted drive to view files, then lock PC without locking encrypted drive, can an average thief get the data?
Don’t use veracrypt for full disk encryption. The performance impact is huge compared to bitlocker which doesn’t really do anything noticeable. The reason for that is since it’s natively made for windows it’ll have the best optimisation.
why always cornered tables tho
Select DWORD at 32 bit, what if I have 64 bit; make any difference?
I know this comment is quite old and idk if you found an answer, but DWORD 32bit is the amount of information it can hold. Nothing to do with your machine
What do you think about Kaspersky free AV?
Not a fan. I literally just had to reload a computer because of Kaspersky last week.
@@CyberCPU What did it do? As I'm using kaspersky and a bit scared now. Have heard it has good signatures and real time protection.
@@CattopyTheWeb I'm not exactly sure of what happened but I have a theory. Unfortunately, customers need their computers back so I don't spend a lot of time in triage when an OS can't be saved. What I think happened is the customer must have downloaded a keylogger and Kaspersky attempted to remove it and by doing so corrupted all the input device drivers. The only input device that worked was the touch screen. The keyboard and mouse were non-functional. I spent at least an hour trying to reinstall drivers and removing upper and lower filters to no avail. The customer didn't have much data on the computer so we decided just to wipe it and reload it.
@@CattopyTheWeb "Real time protection" only means that before any EXE is opened it is scanned first. Like any antivirus solution using blacklists it will always however only find the viruses it knows. In current world this is not enough. Whitelisting is the way go nowadays.
@@LofoteAV’s aren’t fool proof. If someone is downloading random exes I’d ban them from using computers at our work or revoke admin privileges entirely
what is im still getting the was unable to fix some files
Forget bit locker, bios password should be enough to lock out us IT guys
Removing the battery resets it. Adding bitlocker makes it impossible to access. If you do any bios battery removal or resets to try get it resets the key for bitlocker. Now instead of their pin to get into the device you need the recovery key. Toast at that point.
2:27 You didn't ACTUALLY show us how to change to a local account! (Not talking about Standard vs Admin) ... 🤦♂
maybe i shouldn't turn off uac
I recommend leaving it on.
If memory serves me right my computer tach has mine pretty secure...
The third-party anti-virus suites provide these DNS protections against a malicious website, giving protection using many of the popular browsers. Windows Security offers a similar benefit but heavily favors the use of Edge and like it's predecessor IE, I will NOT use. With the trusting nature of DNS, which servers you use makes little difference. As they all can be easily fooled into accepting spoofs and bad data that can easily send you to a bad site. But, too each their own.
1: dont let your little brother on your pc
I jumped on my computer. But, it broke... :- /
Well that's unfortunate.
@@CyberCPU But, sincerely your info has been highly beneficial. Thanks bro!
I AM A 14 YEARS OLD GIRL AND I WANNA FEEL SAFE ON MY WINDOWS 11 LAPTOP.
You could start by not telling random people online that you are 14
What about bios password?
Not really needed. If they try to rest the key bitlocker will be removed and then require the recovery key to access.
You can only one run Antirvirus software, not multiple ones. Microsoft Defender is OK, but you might want to buy another Antivirus that is better then Defender
I've seen infected computers from every major antivirus vendor.
Not true actually. As an IT I have seen many computers with more than one AV on it. They both fight each other like feral cats though.
Could be worse. You could have a AV from a hige piece of shit company lime Norton. Now THERE is a product that needs to be burned at the stake. I always warn people away from Norton and McAfee.
If you use a MIcrosoft account, you can make it passwordless. Microsoft claims no password is more secure
🤔🤔
And you believe that BS?
"No password is more secure" LOL 🤣 That's the funniest thing I heard from Microsoft
@@CattopyTheWeb it's probably referring to Windows hello. However, even with that you still have a password.
@@CattopyTheWeb Biometrics beat passwords.
first!
and first viever :)
Congrats
No one cares.
@@Digikidthevoiceofreason i didn´t ask you
How did you know my wifi password 😐
Im sorry, dont mean to be that guy, but the system restore "hack" in RegEdit, should the value not be set to 1 as in enable? isnt 0 off and 1 on? Or is it 0 because you labeled it frequency? and if so, what is the 0 as far as how often will it create a restore point?
Love your content, great for newbies and semi pros. Lol.
keep em coming.
I have an idea for a video in the future around security, Create a python file of some other bat file to DOD wipe the drive if a file or folder gets accessed with the wrong password. Like a self destruct of the drive if unauthorized access occurs. Ive been trying to get something like this going, and either its not possible in windows, or no one has created a how to on it. Im no coder so I have no clue which scripting language to even use.....
Best security tip ever is this. DONT USE WINDOWS.
Use a Mac, or use Linux. Since they both use a Unix core they will always be more secure than Windows.
Security is mostly dependent on the user. Since Apple users have a false sense of security that their systems can't be infected, they are much more likely to click on things they shouldn't. Because of this apples are inherently less secure than Windows PCs. Linux benefits from the fact that the majority of users are enthusiasts and are much more knowledgeable of computer security.
myonly pronlem is i clik on website that i shouldn't have.....lol
That's definitely an issue.
And your awful spelling….
@@CyberCPU yep
I don't want its just to help Google and Chrome so not other web can get it before them
Hello. Im on a local account and for some reason sign in options wont open up. Do you know a solution for this? Thank you
System restore? Doesnt that also save any potential virus?
Hey I finally found something you said that I disagree with. LOL Microsoft has been doing a horrible job with updates over the last two or three years. Maybe in the home user market you haven't seen it but in the business market every update breaks either domain printing, RDS, or kerberos certificate exchange with the DC.
I used to see those problems constantly but I haven't seen a much recently. I remember a couple years ago I used to have to go out to the same businesses almost monthly to fix file and print sharing after a Windows update. Haven't seen that in a really long time.
fantastic advice, great channel, and free? please change me for your content. I feel ashamed to get it for free...
I except tips. 😉
How do you feel about the security suites that you get with your internet subscription?
Let me answer this, what security professionals of big companies will tell you: They are basically a money-ripoff. They protect you nearly from nothing. A good security practise is to use a secure configuration (e.g. not disable UAC), not by installing additional software.