# Best security protection



## crescere (Dec 28, 2016)

The computer store guy talked me into Eset security. Now my VPN either won't connect or they have IP leaks. Even programs like word slowed way down or would not load. I removed Eset and all is well.

I put in free versions of Avast and Malwarebytes, and all seems OK. I dont mind paying for the best security possible, but my computer has to be free to work. What do you all use or recommend? I respect your opinions and thank you in advance for your help.


----------



## beers (Dec 28, 2016)

What specifically are you trying to secure against?


----------



## crescere (Dec 28, 2016)

Beers I want to protect my entire computer. You name it; viruses, malware, hackers, stuff I don't even know about. I just read an article that the FBI can now hack your computer simply BECAUSE YOU USE A VPN. Check it out. Its called Rule 41.


----------



## beers (Dec 28, 2016)




----------



## crescere (Dec 28, 2016)

Beers I know you think you are being funny, but are you saying you do not use any security software? Why not be construrtive and give me some good advice? That is why I came here. Moderators like John have always been a big help. As for government hacking as of Dec 1 use of a VPN  can be automaticly considered having a guilty intent. Google it.

Can anyone else give me some recommendations for computer security that does not interfere with the operations?  Thank you to all serious contributors.


----------



## speedyink (Dec 28, 2016)

I just use Avast.  I've heard good things about Kaspersky, but I've never used it myself.


----------



## beers (Dec 29, 2016)

crescere said:


> but are you saying you do not use any security software?


That isn't what I'm saying, I'm not sure where that was implied.  I was just laughing because of this clueless statement:


crescere said:


> the FBI can now hack your computer simply BECAUSE YOU USE A VPN


----------



## Agent Smith (Dec 29, 2016)

He's referring to the articles that have been on the net about the Feds getting a hold of the VPN servers. So no, he's not tinfoil hat material. However, there are things you can do about that. I use VPN.AC and they now have double hop. So use that in a not so friendly country to the U.S. And since VPN.AC doesn't use port forwarding your IP won't be exposed. Disable WebRTC and ALWAYS clear cookies and cache. I find when I hit the clear all button in my browser Pale Moon, the HTML5 local storage goes away too which is a good thing. Then you need to disable Canvas fingerprinting in a not so, "I have no fingerprints" sort of way. In Pale Moon it's in about:config. Just search for the term canvas and make the boolean string from false to true.

Okay. Anti-virus and all that rot. Look no further than Bitdefender FREE or Immunet. They are very light weight, don't use an asinine amount of resources, plain and simple interface and are Cloud-based. It's all you need in terms of basic definition-based anti-virus. Then I would toss Ransomefree on there which has been developed by military cybersecurity experts to help guard against ransomware. Add Sandboxie to the bunch with access to the browser's profile to ease cumbersomeness and you are good to go.   I would also use NoScript with base 2nd level domains on by default and throw in there uBlock to protect against malicious ADs which there are plenty. Now there are ADs which use Webrtc to grab your IP and try to get into your router turning it into a zombie. I can't tell you how many infected routers I see try to access my WordPress blog. All go to 403 land.

Also, check out Rollback Rx. This may help if things go awry. You have a boot option on Windows start. You press the Home key and use the arrow keys and Tab key to pick a restore snap shot to restore your computer to a time period when a virus did jack up and own you. Of course, nothing beats a nice clone to an external drive every once in a while. Note: Users of Truecrypt, Veracrypt, etc shouldn't use Rollback Rx. It will mess up your boot loader.

Or scratch all this carp and use Linux Mint in VMware Player for Internet browsing. LOL


----------



## crescere (Dec 29, 2016)

Agent Smith, wow thanks for all that. I use PIA VPN, so should I drop them?  You did not mention Malwarebytes. Do you use that? Do I add the apps like ransomfree, sandbox etc. to the Pale Moon browser? (Obviously I am not as sophisticated or smart as you)

Thank you for your time and recommendations.


----------



## crescere (Dec 29, 2016)

beers said:


> That isn't what I'm saying, I'm not sure where that was implied.  I was just laughing because of this clueless statement:



Beers read up on Rule 41. It went into effect 12-1-16.


----------



## Agent Smith (Dec 30, 2016)

crescere said:


> Agent Smith, wow thanks for all that. I use PIA VPN, so should I drop them?  You did not mention Malwarebytes. Do you use that? Do I add the apps like ransomfree, sandbox etc. to the Pale Moon browser? (Obviously I am not as sophisticated or smart as you)
> 
> Thank you for your time and recommendations.




I just use the Malwarebytes scanner. RansomeFree is not a browser addon. It will run on your computer. https://ransomfree.cybereason.com/

PIA allows port forwarding and I have read some not too good things about them that say they do block this if you're not using it. I guess if you're not me and doing things you shouldn't be doing then I wouldn't worry about your VPN.


https://browserleaks.com/webrtc#webrtc-disable

It's not Sandbox, It's Sandboxie.


----------



## DMGrier (Jan 2, 2017)

I run Sophos Home, they only offer a free version to consumers and allow you to install on up to 10 computers. Sophos is one of the larger providers to enterprise AV, no complaints.

https://www.sophos.com/lp/sophos-home.aspx

When it comes to VPN's, the government has always had the ability to look over the last ten years. It was called the patriot act. The only way to truly be secure is to run your own VPN through your home server or a VPS.
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04


----------



## crescere (Jan 3, 2017)

Agent Smith said:


> I just use the Malwarebytes scanner. RansomeFree is not a browser addon. It will run on your computer. https://ransomfree.cybereason.com/
> 
> PIA allows port forwarding and I have read some not too good things about them that say they do block this if you're not using it. I guess if you're not me and doing things you shouldn't be doing then I wouldn't worry about your VPN.
> 
> ...



Agent what is port forwarding and if it is bad can I disable it?


----------



## Agent Smith (Jan 3, 2017)

Port forwarding allows a connection to be established to you, your IP address. This is great if you intend on hosting a game server, Tor, a teamspeak server, icecast server, etc. Basically a server is what I'm getting at. LOL In essence, something that _serves_. i.e, where a user can connect to YOU. You will not need this more than likely. Many who use a VPN don't need port forwarding at all and the main reason why anyone gets a VPN in the first place is to remain anonymous and have a secure connection. But with a VPN that allows this means the risk of your real IP address being exposed is there. This in its self defeats having a VPN in the first damn place. VPN.ac doesn't have a port forwarding capability so it's not possible to try and get someone's real IP.

In PIA, there is an on and off switch for port forwarding I guess. I haven't used their client in years. But I have read that even if it's off your IP can still be exposed. https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/

Apparently their new client is secure. I wouldn't risk it myself.


----------



## crescere (Jan 3, 2017)

Agent Smith said:


> He's referring to the articles that have been on the net about the Feds getting a hold of the VPN servers. So no, he's not tinfoil hat material. However, there are things you can do about that. I use VPN.AC and they now have double hop. So use that in a not so friendly country to the U.S. And since VPN.AC doesn't use port forwarding your IP won't be exposed. Disable WebRTC and ALWAYS clear cookies and cache. I find when I hit the clear all button in my browser Pale Moon, the HTML5 local storage goes away too which is a good thing. Then you need to disable Canvas fingerprinting in a not so, "I have no fingerprints" sort of way. In Pale Moon it's in about:config. Just search for the term canvas and make the boolean string from false to true.
> 
> Okay. Anti-virus and all that rot. Look no further than Bitdefender FREE or Immunet. They are very light weight, don't use an asinine amount of resources, plain and simple interface and are Cloud-based. It's all you need in terms of basic definition-based anti-virus. Then I would toss Ransomefree on there which has been developed by military cybersecurity experts to help guard against ransomware. Add Sandboxie to the bunch with access to the browser's profile to ease cumbersomeness and you are good to go.   I would also use NoScript with base 2nd level domains on by default and throw in there uBlock to protect against malicious ADs which there are plenty. Now there are ADs which use Webrtc to grab your IP and try to get into your router turning it into a zombie. I can't tell you how many infected routers I see try to access my WordPress blog. All go to 403 land.
> 
> ...




Agent, you said you see infected routers at your site. Is there a way to test for this is?


----------



## Geoff (Jan 3, 2017)

crescere said:


> Agent Smith, wow thanks for all that. I use PIA VPN, so should I drop them?  You did not mention Malwarebytes. Do you use that? Do I add the apps like ransomfree, sandbox etc. to the Pale Moon browser? (Obviously I am not as sophisticated or smart as you)
> 
> Thank you for your time and recommendations.


I also use PIA.  What do you use it for?  The FBI really doesn't need to "hack" your computer, they can get access to basically your entire life by accessing accounts in your name, social media, seeing emails/texts/messages you send to people, etc.  There's generally not very much stored locally on your computer that would be as valuable as what they can obtain from services that you are a part of.


----------



## crescere (Jan 3, 2017)

Geoff said:


> I also use PIA.  What do you use it for?  The FBI really doesn't need to "hack" your computer, they can get access to basically your entire life by accessing accounts in your name, social media, seeing emails/texts/messages you send to people, etc.  There's generally not very much stored locally on your computer that would be as valuable as what they can obtain from services that you are a part of.



Geoff, its more the fact that they CAN do this that bothers me. My favorite libertarian phrase is "I love my country, but I fear my government."   It is true that absolute power  corrupts absolutely. Just as there was TSA  abuse with scanners this too will go too far.


----------



## Geoff (Jan 4, 2017)

crescere said:


> Geoff, its more the fact that they CAN do this that bothers me. My favorite libertarian phrase is "I love my country, but I fear my government."   It is true that absolute power  corrupts absolutely. Just as there was TSA  abuse with scanners this too will go too far.


My point is, securing your home PC is such a very small part of your concern if you're worried about the government monitoring you.


----------



## Agent Smith (Jan 4, 2017)

crescere said:


> Agent, you said you see infected routers at your site. Is there a way to test for this is?




No. There's no test for this. What I see are attempted login requests to admin and the login page as well as XMLRPC requests from several IP addresses all the time every day that get blocked. All these IP addresses are legit ISPs from around the world and not hosting providers. There are many flaws with routers that allow an attacker to use your router as their own persoanlly zombie bot. So that is why I see this. The best thing you can do to make sure your router doesn't get infected is to maintain the router firmware updates and/or buy a router that isn't so vulnarable or has a third party firmware that isn't so prone to these types of attacks. I can name three third party firmware packages off the top of my head. DD-WRT, Tomato and Asus Merlin.


----------



## ian (Jan 4, 2017)

unless you have done something wrong, why would you be worried about the FBI
How many people are there working in the FBI as a percentage of the population, that would make you think that they would want to look into the affairs of innocent civilians just for the hell of it. I understand there are a lot of malicious threats and the importance of security, but from the government?
If they have just cause they will just raid your house and take everything.


----------



## crescere (Jan 4, 2017)

ian said:


> unless you have done something wrong, why would you be worried about the FBI
> How many people are there working in the FBI as a percentage of the population, that would make you think that they would want to look into the affairs of innocent civilians just for the hell of it. I understand there are a lot of malicious threats and the importance of security, but from the government?
> If they have just cause they will just raid your house and take everything.



The government authorities DO have people that do things for the hell of it just like the TSA scandels. If they do put malware into your computer it may cause connection or other problems. This is another example of go ernment ignoring privacy.


----------



## Geoff (Jan 4, 2017)

Agent Smith said:


> No. There's no test for this. What I see are attempted login requests to admin and the login page as well as XMLRPC requests from several IP addresses all the time every day that get blocked. All these IP addresses are legit ISPs from around the world and not hosting providers. There are many flaws with routers that allow an attacker to use your router as their own persoanlly zombie bot. So that is why I see this. The best thing you can do to make sure your router doesn't get infected is to maintain the router firmware updates and/or buy a router that isn't so vulnarable or has a third party firmware that isn't so prone to these types of attacks. I can name three third party firmware packages off the top of my head. DD-WRT, Tomato and Asus Merlin.


I wouldn't say that's necessarily someone trying to hack you, rather they are just bots that scan public IP's trying common ports to see if SSH/FTP/Telnet etc. send a reply, and if so they try default passwords.  This is why you don't want your home devices in the DMZ or directly connected to the modem with no firewall.



crescere said:


> The government authorities DO have people that do things for the hell of it just like the TSA scandels. If they do put malware into your computer it may cause connection or other problems. This is another example of go ernment ignoring privacy.


I highly doubt they do it just for the hell of it.  Now regular hackers and script kiddies, sure, but that's why you don't leave passwords as the default and make sure you have a decent firewall.


----------



## crescere (Jan 4, 2017)

Geoff said:


> I wouldn't say that's necessarily someone trying to hack you, rather they are just bots that scan public IP's trying common ports to see if SSH/FTP/Telnet etc. send a reply, and if so they try default passwords.  This is why you don't want your home devices in the DMZ or directly connected to the modem with no firewall.
> 
> 
> I highly doubt they do it just for the hell of it.  Now regular hackers and script kiddies, sure, but that's why you don't leave passwords as the default and make sure you have a decent firewall.



Is the Windows firewall good?


----------



## Geoff (Jan 4, 2017)

crescere said:


> Is the Windows firewall good?


I'm more talking about your network firewall.  A router that performs NAT does a great job at hiding your LAN devices, but a quality router will have an adequate firewall as well.  Basically you don't want common ports on your WAN IP to respond to a probe unless you need them to, such as hosting a server, but in that case you want to make sure you have a software firewall on those devices and have strong passwords.


----------



## Agent Smith (Jan 5, 2017)

Geoff said:


> I wouldn't say that's necessarily someone trying to hack you, rather they are just bots that scan public IP's trying common ports to see if SSH/FTP/Telnet etc. send a reply, and if so they try default passwords.  This is why you don't want your home devices in the DMZ or directly connected to the modem with no firewall.
> 
> 
> I highly doubt they do it just for the hell of it.  Now regular hackers and script kiddies, sure, but that's why you don't leave passwords as the default and make sure you have a decent firewall.




This is one of my WordPress websites, not a router. They are query XMLRPC, Admin URLs and WP-login.

Far as routers go, they are only as good as their firmware.


----------



## RollingZeroz (Jan 8, 2017)

speedyink said:


> I just use Avast.  I've heard good things about Kaspersky, but I've never used it myself.


I tried Kasperky. It's actually really nice, but that was back in 2014


----------



## ramirez (Jan 19, 2017)

Webroot security essentials, Trend Micro, Norton Internet Security......I am using ESET now and do not have any issues


----------



## Barney H.Leach (Jan 30, 2017)

Avast and Kaspersky will be a better option against the virus. To add to this, Norton security and Avira are also good. At times you can use the malware scanners too. It will be a great help. The issue with the disconnection of the VPN will be due to the slow internet connection. Check out for your internet connection and make sure that it stays stable. Hope this will help you.


----------

