Security Experts: Updating Software Best Way To Stay Safe Online

[Guest]

Google conducted a study to find out what security experts, as well as non-experts, think are the best security practices to keep them safe online. Both groups agreed on having strong passwords, but disagree on the top solution to fight against malware.

Security Experts: Updating Software Best Way To Stay Safe Online : Read more

 

[jimmysmitty]

I kind of feel a "no duh" moment here.

Of course updating software helps to keep you safe in 99% of cases. Unless you are Java and release a new version that opens a massive hole so bad that you tell everyone to roll back.

But normally a patch is there to fix exploits/holes in the software/OS.

 

[clonazepam]

I use Webroot's SecureAnywhere. I don't know how good or bad it is, so I assume that means its at least decent. There's many features and one that sticks out as uncommon to me is that its install folder name and the executable are randomly generated during the install.

Threat protection is performed "in the cloud" and needs no updates. Good, bad, indifferent?

 

[jimmysmitty]

Cloud based scanning is not bad but if a virus kills your web access you need something local that can at least take manual updates.

I have not looked at anything beyond Windows Defender (same as MSE in 8/8.1) since it came out.

 

[codo]

Some people are weary of updates but I've always updated everything I could whenever I could and have no trouble.

 

[whassup]

Just keep your Windows, Browser, PDF readers, MS Office and Antivirus always updated you will be secure even if you are on the adventurous side.

For the past 3 years my PC never get infected and I am a click happy user who visits whatever sites that I need the information or file. I just keeps all of my Internet related apps updated that includes Windows 8.1 Pro, Avast Free 2015 (PUP scan enabled), Chrome, MS Office and PDF reader. I also do regular malware scans using Avast as well as Malwarebytes Anti Malware, Adwcleaner just to ensure nothing is penetrated on to my system.

 

[zodiacfml]

Haven't used a password manager, if Google can manage to make and maintain one then I'd try it.

 

[JonnyDough]

You think? It's not just "experts". It's any person in information technology...

 

[Tanyac]

This reads like a weak attempt to placate those that are concerned about the Windows 10 forced auto updates.

There are as many reasons not to trust auto updates, especially given the advertising, malware and personal information collection, and complete lack of control over your "own" system, as there are to support auto updates.

Best security. Disconnect from the internet. Better yet, Turn off your computer, go and have a BBQ with your neighbors and reconnect with the community.

 

[alidan]

Some people are weary of updates but I've always updated everything I could whenever I could and have no trouble.

i have had one to many updates break things in the past to ever want to update beyond a something i own isn't working basis, i hate that google autoupdates and there is nothing i can do to stop it... take a look at the bookmark manager they tried to force on everyone a few updates ago... there will come a time they remove the traditional bookmarks and i am forced to leave chrome because of that crap.

also... i have had online accounts hacked/bruteforced and i have had full system crashes with no hope of recovery... the idea of using a password manager is something i will never bring myself to accept... the idea of a program that handles all my passwords and has them as long and complicated as possible, only to either have the program crap out on me and never be able to get access to any of my accounts again is bad enough, but than you go a step further and if someone hacked the site if it wanst a local password manager... not a chance in hell... and 2 step verification only works when you have a cellphone... i don't, and paying a few hundred dollars a year for just for 2 step is out of the question.

 

[alidan]

This reads like a weak attempt to placate those that are concerned about the Windows 10 forced auto updates.

There are as many reasons not to trust auto updates, especially given the advertising, malware and personal information collection, and complete lack of control over your "own" system, as there are to support auto updates.

Best security. Disconnect from the internet. Better yet, Turn off your computer, go and have a BBQ with your neighbors and reconnect with the community.

i did not know windows 10 forced updates... ill have to look into blocking all microsoft domains from either a software level or hardware... i refused to update the os unless something is broken as windows updates have failed on me so many times where a format was required i just cant bring myself to updating unless its absolutely impossible to live without.

 

[cats_Paw]

Having a brain is the best security online....

 

[whassup]

This reads like a weak attempt to placate those that are concerned about the Windows 10 forced auto updates.

There are as many reasons not to trust auto updates, especially given the advertising, malware and personal information collection, and complete lack of control over your "own" system, as there are to support auto updates.

Best security. Disconnect from the internet. Better yet, Turn off your computer, go and have a BBQ with your neighbors and reconnect with the community.

i did not know windows 10 forced updates... ill have to look into blocking all microsoft domains from either a software level or hardware... i refused to update the os unless something is broken as windows updates have failed on me so many times where a format was required i just cant bring myself to updating unless its absolutely impossible to live without.

Really strange not a Single windows update caused me any kind of problem. I can't imagine my PC not running up to date Windows. Its really weird that some people complain Windows update.

 

[gergguy]

Changing passwords frequently has no effect on security (unless you have given your password to others). The only thing it does is drive IT guys crazy because people can't remember their passwords

 

[Onus]

I don't visit "questionable" sites (e.g. pron, warez) and I stay out of the vapor ("cloud" for the less-informed, where all information, sooner or later, will become public). I use complex passwords, different passwords, but I have not selected a password manager; I may get one so I can make passwords a little longer. I use AV, and the PAID version of MalwareBytes, which has real-time blocking and notification. I install OS and most application updates.

 

[jimmysmitty]

This reads like a weak attempt to placate those that are concerned about the Windows 10 forced auto updates.

There are as many reasons not to trust auto updates, especially given the advertising, malware and personal information collection, and complete lack of control over your "own" system, as there are to support auto updates.

Best security. Disconnect from the internet. Better yet, Turn off your computer, go and have a BBQ with your neighbors and reconnect with the community.

i did not know windows 10 forced updates... ill have to look into blocking all microsoft domains from either a software level or hardware... i refused to update the os unless something is broken as windows updates have failed on me so many times where a format was required i just cant bring myself to updating unless its absolutely impossible to live without.

There is very little to no information about this. I assume it is security updates, to patch holes and exploits, not all updates.

 

[hawkwindeb]

"I try to remember my passwords because no one can hack my mind."

all your base are belong to us... We have already hacked your mind and know what your are thinking...

 

[DRosencraft]

Mixed bag here. I would caution first that "experts" often make mistakes and bad assumptions too, so it's no surprise their recommendations are sometimes flawed. They're just less likely to be outright wrong than a layman.

Updates, I'd say 90% of the time, are to address security concerns. Therefore it's highly counterproductive to simply ignore updates and patches. I've only had two updates in the last 10 years that have caused any problems, and both situations were my fault. I do think the user should have control, because often times I've had updates start running while I'm doing something and suddenly I'm thinking I broke something.

Anti-virus software is like a trusty backup. It should neither be your first or only security step, but it should be a part of the package.

Passwords have gotten a bad rep. Few hackers actually use passwords anymore to access systems the way movies have painted the use over the years. Hackers are sitting there pooling through password option to guess your password. All you need is an uncommon, not easily guessed, password. Putting your passwords in a manager is like taking all your money from every bank or credit card or whatever you have, and sticking it in one bank. That bank falls, there goes all your money. Same with password managers; you've taken several fail points and made just one. Changing it all the time is also of minimal benefit. Somone steals your password once, at a single instant. It doens't matter if you changed your passwrod this morning, or 7 years ago.

Finally, and this one kills me, the "only visit websites you know" thing is pure stupidity. Facebook, Twitter, heck, even Tom's would have never made it anywhere if no one ever went to any website they had never went to before or were somehow so close to the developers of that they felt comfortable going there. It is a foolish notion and highly impractical. Obviously avoid known bad sites, but you're going to find yourself in a little bubble if you bar any website you've never visited. It's like avoiding any restaurant you've never been to because you're afraid of food poisoning.

 

[Afrospinach]

Another thing is the divide between what is and isn't a strong password. People think 8 random digits is strong - even the password strength detectors on some websites, whereas apparently something like "IlikewaFFlesalot" is better than "%Hdf*#$r&*" purely because of the length and...a heck of a lot easier to remember.

 

[Alec Mowat]

I use Webroot's SecureAnywhere. I don't know how good or bad it is, so I assume that means its at least decent. There's many features and one that sticks out as uncommon to me is that its install folder name and the executable are randomly generated during the install.

Threat protection is performed "in the cloud" and needs no updates. Good, bad, indifferent?

It's OK, but it becomes difficult to manage false positives. There is also no exclude directory option, so it can be a bit of a resource hog at times.

 

[WyomingKnott]

Personally, I avoid password managers like the plague. In my completely uneducated opinion, half of them are malware in the first place and the other half are actively being attacked by hordes of bad guys slavering over a chance to get my passwords.

I'm so paranoid that my passwords are in an encrypted database on my Palm V. No network connectivity, period. Yes, I realize that I am just plain wrong. But I was taught to be very paranoid about security, and putting all my passwords into something on-line triggers that training to kick in.

One of the most lovely password tools I've seen is one where you have a root password. You type in your root password and the URL of the site and out comes a totally garbage-looking hash. Unique password for each site. It's a great idea, and if it ran on my Palm I'd use it.

It's just too single-point-of-failure for me. I never agreed with "put all your eggs in one basket, and guard the hell out of that basket."

 

[JackNaylorPE]

There is very little to no information about this. I assume it is security updates, to patch holes and exploits, not all updates.

See the thread here:

http://www.tomshardware.com/forum/id-2739394/install-windows-present-form.html#16344208

As for the security issue, some vendors are just getting a bit too intrusive. For example, we use Secunia to check that software is up to date on the network machines. Unfortunately, Bit Defender and Secunia do not get along.

And just like there should be a way to turn off Windows Update, there should be a way to **completely disable** the AV program for troubleshooting purposes. When I turn off the cable modem, I am not really worried about an intrusion, but having the AV program disabled would allow me to troubleshoot why I can't open a file.

Putting a cover on an electrical outlet is a prudent safety measure; but making it so that they are not removable by a knowledgeable electrician is not wise.

 

[Tanyac]

This reads like a weak attempt to placate those that are concerned about the Windows 10 forced auto updates.

There are as many reasons not to trust auto updates, especially given the advertising, malware and personal information collection, and complete lack of control over your "own" system, as there are to support auto updates.

Best security. Disconnect from the internet. Better yet, Turn off your computer, go and have a BBQ with your neighbors and reconnect with the community.

i did not know windows 10 forced updates... ill have to look into blocking all microsoft domains from either a software level or hardware... i refused to update the os unless something is broken as windows updates have failed on me so many times where a format was required i just cant bring myself to updating unless its absolutely impossible to live without.

There is very little to no information about this. I assume it is security updates, to patch holes and exploits, not all updates.

Well, I think we can all agree now, that there is plenty of information about this. It includes even things like third party drivers, and if you have been following the news, more than one update has already caused significant problems.

As to another post, if you've never had a problem with Windows update you've been lucky. I have had to pull dozens of updates. Microsoft themselves have had to pull many updates this year alone because they caused problems on peoples systems. If you've never had a problem - consider yourself extremely lucky.