Why People Are Leaving Gmail for Protonmail More Than Ever Before

Why I ditched Gmail for Proton Mail

Chris Thomas

Google is the most popular email provider (Gmail) contributes  about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.

As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is

While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.

Should I, or should I not be popular?

Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?

We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.

I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.

But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.

Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive

Google’s always innocent until it’s not

Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:

  • It had likely been happening since Gmail’s launch
  • Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
  • Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
  • Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
  • What else is Google doing that we haven’t learned about?

I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.

Google paid over $26 billion in 2021 to remain the default search engine in various browsers

The surprisingly easy switch to Proton Mail

Why Proton Mail is my new favorite email provider

My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.

I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).

I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.

Among Proton’s consumer-friendly practices:

  • It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
  • It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
  • Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
  • Support for end-to-end encryption between Proton users and password protection for external emails
  • complete, constantly improving feature set, including cross-platform apps, cloud storage, and a calendar
  • Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards

A few clicks, and I never have to access my Gmail page again

Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.

They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to pm.me (because @protonmail.com is, admittedly, a bit of a mouthful).

It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!

Proton offers diverse Subscription Plans (including Free!)

You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.

Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.

The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.

But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.

Proton Mail: Encrypted Email

Proton AG

COMMUNICATION

Price: Free

4.4

Download

Sky@GeeksByTheHour.com

Geobox: A $700 Anonymous Wi-Fi Device

Geobox: A Hacking Device That Is Basically Untraceable

In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!

Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:

1. Spoof location

2. Mimic Wi-Fi access points

3. Manipulate DNS and network parameters while providing anonymity.

4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).

Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!

After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”

OR

They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.

It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!

Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.

However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.

The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!

These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!

With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.

Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.

The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes

“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”

*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*

The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!

Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.

It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!

Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.

“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.

How to Hide Your IP Address and Change Location on Coinbase

Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?

If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.

 

Quick Guide: Hide Your IP Address and Change Your Location

  • Mask Your IP Address
  • Flush DNS and Renew Your IP Address
  • Change Your Coinbase Location Settings
  • Other Methods to Hide Your IP Address and Location on Coinbase

Why Hide Your IP Address?

There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.

How to Hide Your IP Address and Location from Coinbase

  1. Mask Your IP Address
    • Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
    • We recommend using NordVPN for its ease of use and reliability.
    • Follow these steps to install and configure NordVPN:
      1. Visit NordVPN’s website and create an account.
      2. Download and install NordVPN on your devices.
      3. Connect to a VPN server from your preferred location.
  2. Flush DNS and Renew Your IP Address
    • Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
    • Renew your IP address through your device’s settings or command prompt.
    • Follow these steps for PC (Any Windows OS Computer) (please contact me directly at https://www.t.me/DigitalFoundation for one on one Consultation):

Step-by-Step Guide: Flush DNS and Renew Your IP Address

Step 1: Open Command Prompt

      • On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
      • On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.

Step 2: Run Command Prompt as Administrator

      • Right-click on Command Prompt in the search results.
      • Select “Run as administrator” from the context menu.

Step 3: Enter Commands

      • In the Command Prompt window, type the following commands one by one, pressing Enter after each:
        • ipconfig /flushdns (This command clears the DNS resolver cache.)
        • ipconfig /release (This command releases your current IP address.)
        • ipconfig /renew (This command requests a new IP address from your DHCP server.)

Step 4: Confirm Success

      • Look for confirmation messages after each command.
      • You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.

Step 5: Close Command Prompt

      • Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.

Note:

      • Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
      • These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.

Mac/Apple Flushing DNS:

 

  1. Change Your Coinbase Location Settings
    • Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
    • Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
    • Save the changes and you’re all set.

Can’t Change Your Coinbase Location Settings? Here’s What to Do

If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:

  • Connect to NordVPN and your preferred server.
  • Find the “Contact Us” or “Get in touch” page on Coinbase’s website here: https://help.coinbase.com/en-gb
  • Send a message to Coinbase support requesting a manual update of your physical location.
  • Wait for 24-48 hours for their response.

Other Methods to Hide Your IP Address and Location on Coinbase

In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan: https://browserleaks.com/webrtc

 

VPN vs. Proxy vs. Public Wi-Fi: A Comparison

Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:

 

Features/Attributes VPN Proxy Server Public Wi-Fi
IP Address Masking Yes Yes Yes
Encryption Yes (High-level) No No
Geolocation Spoofing Yes Yes Partial
Ease of Setup Easy Moderate Easy
Speed Fast (depends on service) Moderate Varies (often slow)
Security High Low Very Low
Privacy High Low to Moderate Very Low
Access to Restricted Content Yes Yes Maybe
Consistency High Moderate Low
Cost Subscription Subscription or one-time fee Free
Legality & Compliance Generally Legal, some restrictions apply Generally Legal, some restrictions apply Legal

In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.

By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.

Disclaimer:

The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.

By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.

It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.

A Browser with No Advertisements or Duplicates? Yes and Welcome to Stract (Currently Beta Mode)

In this digital age of 2024 and beyond, information and data is needed as the air we breathe, the tools we use to sift through data should uplift, not undermine, our quest for knowledge.

Yet, here we are, navigating the choppy waters of search engines like Bing and Google, only to find ourselves awash in a sea of advertisements, our privacy eroded by relentless tracking, and our quest for truth skewed by biased algorithms.

Does that seem okay to you?

These platforms, once hailed as the lighthouses of the information age, now seem more like will-o’-the-wisps leading men to their deaths in murky bogs. Radicalization through search engine commercialization is actually a real problem. For everything that Google has claimed, it is fighting against such things, the work of non-biased researchers like Cory Doctorow and Rebecca Giblin have proven that these companies can’t ever fulfill their promises… not when they rely on radicalization to help line their shareholder’s wallets.

Folks – it is jut not Google (Alpha) that does this! Today we face a plethora of Social Media “trackers” and “data miners” that commercialize every step and action that you take online within their platform for full disclosure. This article is just sharing with you that browsers such as Google (and its email product called Gmail) tracks, profits, and commercializes everything that you do in it.

Enter Stract, a new lighthouse, one built with decentralization and open-source values in mind.

Stract: A New Open Source, customizable search engine.

This innovative search engine feels like a callback to an earlier Internet age, when our networks were meant to be part of a free, open-source ecosystem.

Now, to be clear, Stract is in early “Beta” stage. This simply means that it is lacking many “normal” features that are common in modern browsers. You will not be using it for your daily browsing quite yet (I recommend Vivaldi, Brave (which offers Staking Rewards as well) and DuckDuckGo for the time being). That said, it has WONDERFUL potential.

The top ten main features of Stract include:
  1. Open Source: Stract is entirely open-source, promoting transparency and community collaboration in its development and enhancement.
  2. Customization: The platform stands out for its high degree of customizability, allowing users to tailor their search…
  3. Advanced Search Capabilities: Stract offers advanced search capabilities, including Boolean operators, filters, and facets, empowering users to refine their searches with precision and efficiency.
  4. Natural Language Processing (NLP): Leveraging cutting-edge NLP algorithms, Stract understands and interprets natural language queries, ensuring accurate search results even for complex or ambiguous queries.
  5. Personalization: Stract employs sophisticated personalization algorithms to deliver tailored search results based on user preferences, search history, and behavior, enhancing the overall search experience and relevance of results.
  6. Scalability: Built on a scalable architecture, Stract seamlessly handles large volumes of data and user queries, ensuring fast and reliable search performance even as data volumes grow.
  7. Federated Search: Stract supports federated search capabilities, enabling users to search across multiple data sources and repositories from a single interface, eliminating the need to switch between different applications or platforms.
  8. Real-time Indexing: With real-time indexing capabilities, Stract ensures that new content is immediately available for search, providing users with up-to-date and relevant information at all times.
  9. Integration Options: Stract offers seamless integration with a wide range of third-party applications, databases, and content management systems, allowing users to leverage their existing infrastructure and workflows.
  10. Analytics and Insights: Stract provides powerful analytics and insights into search behavior, user interactions, and content usage, enabling organizations to gain valuable insights and optimize their search strategies for better performance and user satisfaction.
Overall, Stract offers a comprehensive and feature-rich search solution that EMPOWERS users to find relevant information quickly and efficiently. It is also the ideal choice for individuals and organizations seeking a powerful and 100% CUSTOMIZABLE search engine for their own needs, wishes, and goals. In summary, if you are familiar with technology and don't expect a full-blown Browser experience without a few minor speed bumps, it is highly recommended to check Stract out here: https://stract.com/about

SOURCES

https://www.tandfonline.com/doi/full/10.1080/19434472.2021.1993302

https://time.com/6219423/chokepoint-capitalism-doctorow-giblin/

Machine vs. Mind: Will AI be 2024’s Most Dangerous Cyber Weapon?

In 2024, for cybersecurity, we’re entering an era where advanced AI tools and escalated social engineering tactics (especially during election years) are changing the game. To avoid potential cyber threats, businesses, governments and individuals must grasp these emerging trends.

1. Rise Of Cybersecurity AI

In 2024, AI’s role in cybersecurity will expand to encompass automated responses and predictive analytics. It’s mainly about taking preventive measures in advance….

Integrating AI into cybersecurity applications can improve threat detection and incident response. For instance, AI can identify anomalies or deviations that may indicate potential security threats. Previously unseen attacks can be detected.

With cyberattacks becoming more sophisticated, AI’s ability to analyze vast datasets and identify patterns will be pivotal. Since AI has become a major part of cyber criminals’ toolkit, AI is expected to become a mainstay in cybersecurity solutions.

2. Election Year Disinformation

Election years provide fertile ground for social engineering and disinformation campaigns, and there’s no reason to believe 2024 will be an exception. As political tensions rise, so do efforts to manipulate public opinion and undermine democratic processes.

Americans lost $10.3 billion to online scams in 2022, which also emphasizes the need for ongoing employee security awareness training that includes exercises to help identify social engineering tactics and phishing attempts. The use of open-source intelligence tools (OSINT) to root out network vulnerabilities is recommended as a preventive measure to combat threat actors.

3. Escalation Of Ransomware Attacks

Ransomware remains a formidable threat in 2024, with tactics becoming increasingly complex and negotiations more aggressive. According to Cybersecurity Ventures, damages from cybercrime are projected to exceed $10.5 trillion globally by 2025.

This alarming escalation calls for robust backup strategies, employee training, cyber insurance, negotiation expertise and incident response plans. Companies can follow the example of external performing tasks such as penetration testing, validating network integrity, identifying unauthorized activity and monitoring for suspicious behavior.

4. AI-Based Predictive Social Engineering

2024 will likely see a rise in AI-based predictive social engineering and a disturbing convergence of AI and social manipulation techniques.

Leveraging AI, cybercriminals can prey on human weaknesses such as impulsiveness, greed and curiosity to more convincingly create personalized phishing campaigns at scale. AI-facilitated social engineering attacks have been reported to the FTC.

This emerging trend underscores the need to perform AI risk assessments and to consider outsourcing expertise to a virtual AI officer who can step into the role and run AI-resistant security protocols.

5. National U.S. Data Privacy Act

The progression of data privacy regulations—beginning with the European Union’s General Data Protection Regulation (GDPR) and extending to California’s Consumer Privacy Act (CCPA)—is paving the way for establishing a national data privacy act in the U.S. called the American Data Privacy and Protection Act.

With five states’ privacy acts becoming effective in 2024 and other data breaches costing companies an average of $4.45 million, legislating a national data privacy standard is more urgent than ever.

6. Cyberattacks On Cannabis Retailers

The burgeoning cannabis industry, particularly retailers, is increasingly vulnerable to cyberattacks as they transition to digital platforms. Banks and credit card services could begin to accept electronic payments and ACH transfers from cannabis businesses—thanks to pending legislation making its way through Congress—and the gap between point of sale (PoS) systems and potential data breaches narrows significantly.

Human error and complacency are major risk factors, and the industry’s nascent adoption of digital technologies makes it an attractive target for cybercrime. Retail dispensaries must prioritize cybersecurity to protect their client data and financial transactions, as the sector’s so-called “green rush” also attracts the unwanted attention of threat actors.

7. Zero Trust Elevates To Boardroom Status

The concept of zero trust in cybersecurity, akin to the rise of anti-virus software in the 1990s, is set to become a staple topic in boardroom discussions in 2024. Gaining steady momentum, the implementation of zero trust is no longer a technical nicety but a business imperative.

Rooted in the principle of “never trust, always verify,” the widespread adoption of zero-trust architectures signifies a paradigm shift in security strategies, emphasizing continuous verification of every user and device, regardless of their location or network.

This strategic move elevates cybersecurity from a technical concern to a core business function, crucial for protecting organizational assets.

8. FEMA Cyber Insurance

To make a bold and unprecedented prediction, FEMA, the federal agency known for last-resort flood insurance, may eventually be called upon to serve as a model and backstop for cyber insurance policies not covered by commercial carriers.

With traditional insurance carriers withdrawing from high-risk regions like Florida due to severe climate events, there is a growing need for federal intervention. A FEMA initiative could potentially underwrite essential services like airports, hospitals, energy and water treatment plants as commercial insurance options become limited.

Conclusion

The increasing complexity of cyber threats underscoring the security trends of 2024 highlights the need for advanced mitigation strategies. Organizations will need to understand these trends, ensure they enable best practices and consider collaborating with outsourced cybersecurity expertise to navigate the security environment and ensure a robust, future-ready cyber defense.

How To Lock Down Your Computer

How to Quickly Lock Your Windows 11/10 PC

 

Your privacy matters. That’s why it’s good practice to lock a desktop or laptop whenever you leave it unattended. Use any of the methods below to stop other people from snooping around your PC.

Unlike signing out, locking a computer is faster, just as secure, and doesn’t require you to shut down open programs. You also get to unlock it instantly and pick up where you left off. This article will go through various ways to quickly lock Windows 11 and 10.

Lock Computer via the Start Menu

The most straightforward approach to locking your PC is simply to use the Start menu. Open it, select the User icon or your profile portrait, and choose the option labeled Lock.

Note: If the Lock option is not present, open the Control Panel, go to Hardware and Sound > Power Options > Change what the power buttons do, and activate the box next to Lock to add it.

Lock Computer with a Keyboard Shortcut

If you prefer keyboard shortcuts, an even faster way to lock a Windows computer is pressing Windows Key + L. Use it a few times, and you’ll get it hard-coded into your muscle memory.

Lock Computer with a Desktop Shortcut

If you find it challenging to use the Win + L keyboard shortcut, you can create a desktop shortcut capable of locking your PC just as quickly.

  1. Right-click a vacant area within the desktop area.
  2. Select New > Shortcut on the context menu.
  3. Copy and paste the following snippet of text into the Create Shortcut window and select Next:

rundll32.exe user32.dll,LockWorkStation

  1. Type a name for the shortcut—e.g., “Lock PC”—and select Finish.
  2. Double-click the shortcut whenever you want to lock your PC.

Lock PC via the Windows Security Screen

The Windows Security screen (a.k.a. the Ctrl + Alt + Delete screen) offers another quick way to lock Microsoft Windows. The best thing about this method is that you can use it even if Windows 11 or 10 isn’t responsive. Simply press Ctrl + Alt + Del to get the Windows Security screen to show up. Then, select Lock.

Lock Computer via Task Manager

If you ever find yourself using the Task Manager in Windows 11 or 10 and want to lock down your PC immediately, you can do that using the Task Manager itself.

  1. Right-click the Start button and select Task Manager.
  2. Select More details to expand the default Task Manager view.
  3. Switch to the Users tab.
  4. Select your Windows user account.
  5. Select the Disconnect option at the lower-right corner of the window.

Lock Computer Alongside Screen Saver

If you regularly forget to lock your PC, you can set up a screensaver to kick in automatically and lock your PC when it engages.

  1. Open the Start menu, search for screen saver, and select Turn Screen Saver On or Off to invoke the Screen Saver Settings pop-up.
  2. Open the drop-down menu under Screen saver and pick a screensaver (select Blank if you prefer to keep the computer screen dark when the screensaver is active).
  3. Specify a time in minutes within the Wait box, check the box next to On resume, display logon screen, and select OK.

Your PC will display the screensaver when left idle for the time duration. Press a key or mouse button whenever you want to exit it and get to the Lock Screen.

Lock Computer With Dynamic Lock

Dynamic Lock automatically locks the operating system if it detects a weak Bluetooth signal between your PC and another device. Although it works with any Bluetooth peripheral, using a smartphone (Android or iPhone) is the most practical.

Connect Smartphone to PC

Before activating Dynamic Lock, you must pair your smartphone with your computer.

  1. Put your phone into Bluetooth discovery mode. That’s as simple as visiting its Bluetooth options screen (e.g., Settings > Bluetooth on the iPhone).
  2. Open the Settings app on your PC (press Windows + I).
  3. Select Devices > Bluetooth & other devices.
  4. Select Add Bluetooth or other device > Bluetooth.
  5. Select your phone and go through the onscreen instructions to pair it.

Activate Dynamic Lock

It’s now just a matter of activating Dynamic Lock.

  1. Open the Settings app on your PC.
  2. Select Accounts > Sign-in Options and scroll down to the Dynamic Lock section.
  3. Check the box next to Allow Windows to automatically lock your device when you’re away.

Your PC will automatically lock itself whenever you move away from it with your iPhone or Android smartphone.

Lock Computer via Run Command

You can perform many valuable activities with Run commands in Windows, including locking your PC. Although it’s hard to justify using Run over the above methods, it’s good to know that this way exists.

  1. Press Windows Key + R or right-click the Start button and select Run.
  2. Type the following command into the Run dialog box:

rundll32.exe user32.dll,LockWorkStation

  1. Select OK, or press Enter to lock Windows.

Lock Computer via Windows Terminal

Another obscure way to lock a Windows 11/10 PC requires running a command through the Windows Terminal or Windows PowerShell consoles. Here’s how to use it:

  1. Right-click the Start button and select Windows Terminal (Windows 11) or Windows PowerShell (Windows 10).
  2. Type the following command:

rundll32.exe user32.dll,LockWorkStation

  1. Press Enter.

Tip: The above command also works on the older Command Prompt console. Open the Start menu, type cmd, and select Open to get to it.

While this command is not particularly useful for locking your PC in the moment, it can be handy to include the command in a script so that your PC locks when the script finishes.

Total Lockdown

Locking your Windows PC has no downsides and keeps intruders at bay. It’s easy to forget to do that, however, so it’s always worth taking your time to tweak your screensaver settings or set up Dynamic Lock. While you’re at it, check out how to create a passwordless login in Windows to make getting back in even faster.

 

Top 10 Cybersecurity Trends (Updated for 2023)

Top 10 Cybersecurity Trends (Updated for 2023)

Table of Contents

1) Rise of Automotive Hacking 

2) Potential of Artificial Intelligence (AI) 

3) Mobile is the New Target 

4) Cloud is Also Potentially Vulnerable 

5) Data Breaches: Prime Target

6) IoT with 5G Network: The New Era of Technology and Risks 

7) Automation and Integration 

8) Targeted Ransomware

9) State-Sponsored Cyber Warfare

10) Insider Threats

2023: The Digital Transformation realized for businesses, organizations and even governments are relying on computerized and progressively increased digital systems to manage their day-to-day activities making Cybersecurity a primary goal and priority for all Executives and Organizations of all sizes.

The 2020 pandemic  year exacerbated this fact – with up to 75% of billions of people globally transitioning from their physical office (which had the IT resources and personnel) to their “home office”. Essentially turning the entire “working from home industry” and all of the IT and HR requirements that it needs due to safeguarding data from various online attacks or any unauthorized access as the new “norm” of virtual/remote work.

Going Forward: Continuous change in technologies including the popular Dual Authorization Password apps primarily through utilizing the smart phone also implies a parallel shift and priority in Cybersecurity trends across the board in every organization as news of data breach, ransomware, malware, compromised devices/browsers and hacks unfortunately become the norms. This is simply based on adapting to the progressing volume (millions before the 2020 Pandemic worked from home, today it is billions) of remote workers. Here are the top Cybersecurity trends for 2023:

1) Rise of Automotive Hacking 

Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.

2) Potential of Artificial Intelligence (AI) 

With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection and the ChatGPT OpenAI capabilities that are literally transforming industries of anything relating to “the written word” including Copy Writing, Marketing, Advertising, Education, and many, many others are all being automated with AI. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.

3) Mobile is the New Target 

Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on two facts:

  1. Smartphones are used by more people globally today than PC’s (personal computers)
  2. The security and vulnerabilities of smartphones are far less on average than PC’s
  3. Social Media like Facebook, Instagram, and Tik Tok as well as other installed Apps of all types on smartphones/PC’s/devices are being targeted more and more each day by malicious individuals and “ransomware gangs” globally.

4) The “Cloud” i.e. Internet is Also Potentially Vulnerable 

With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks more than ever before today. Malicious actors across the globe are adapting faster than end users can act, especially in today’s ever so popular Social Media world.

5) Data Breaches: Prime target

Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.

6) IoT with 5G Network: The New Era of Technology and Risks 

With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).

The Internet of Things (IoT)  is essentially an interconnected global network where all devices are connected to each other as well as the “internet” 24×7. This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.

Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.

7) Automation and Integration 

With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.

8) Targeted Ransomware

Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focused today in 2023 including examples like the Wanna Cry attack on the National Health Service hospitals in England corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.

9) State-Sponsored Cyber Warfare

There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, key infrastructure like airlines grounding planes due to internal software compromises, etc. as top cybersecurity trends for 2023.

10) Insider Threats

Human error is still one of the primary reasons for data breaches and cyber security issues and service tickets, up to 75% of all reported in fact according to the most recent 2022 statistics. Any employee having a grudge or just a bad day at their employer or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 45 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.

Happy 2023: Top 10 Cyber Security

Top 10 Cybersecurity Trends

Table of Contents

1) Rise of Automotive Hacking 

2) Potential of Artificial Intelligence (AI) 

3) Mobile is the New Target 

4) Cloud is Also Potentially Vulnerable 

5) Data Breaches: Prime Target

6) IoT with 5G Network: The New Era of Technology and Risks 

7) Automation and Integration 

8) Targeted Ransomware

9) State-Sponsored Cyber Warfare

10) Insider Threats

The Digital Transformation for businesses, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access.

Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2023.

1) Rise of Automotive Hacking 

Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.

2) Potential of Artificial Intelligence (AI) 

With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.

3) Mobile is the New Target 

Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on 2 facts:

1. They (Smartphones) are used by more people globally today than PC’s (personal computers)

2. The security and vulnerabilities of smartphones are far less on average than PC’s

4) Cloud is Also Potentially Vulnerable 

With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks.

5) Data Breaches: Prime target

Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.

6) IoT with 5G Network: The New Era of Technology and Risks 

With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).

Read about What Is the Internet of Things (IoT) and Why It Matters? This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.

Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.

7) Automation and Integration 

With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.

8) Targeted Ransomware

Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focussed such as the Wanna Cry attack on the National Health Service hospitals in England Scotland corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.

9) State-Sponsored Cyber Warfare

There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, political and industrial secrets to top cybersecurity trends for 2023.

10) Insider Threats

Human error is still one of the primary reasons for the data breach. Any bad day or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 34 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.

All Windows 10 & 11 Users At Risk: SeriousSAM has No Cure Yet!

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.

The vulnerability —  SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.

Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges.

SeriousSAM vulnerability, tracked as CVE-2021-36934, exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows ‘read’ permissions to the built-in user’s group that contains all local users.

As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has ‘User’ access, they can use a tool such as Mimikatz to gain access to the Registry or SAM, steal the hashes and convert them to passwords. Invading Domain users that way will give attackers elevated privileges on the network.

Because there is no official patch available yet from Microsoft, the best way to protect your environment from SeriousSAM vulnerability is to implement hardening measures.

Mitigating SeriousSAM

According to Sky Houston, CTO at GeeksByTheHour, there are three optional hardening measures:

  1. Delete all users from the built-in users’ group — this is a good place to start from, but won’t protect you if Administrator credentials are stolen.
  2. Restrict SAM files and Registry permissions — allow access only for Administrators. This will, again, only solve part of the problem, as if an attacker steals Admin credentials, you will still be vulnerable to this vulnerability.
  3. Don’t allow the storage of passwords and credentials for network authentication — By implementing this rule, there will be no hash stored in the SAM or registry, thereby mitigating this vulnerability completely.

When using GPOs for implementation, make sure the following UI Path is Enabled:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials for network authentication

Despite the fact that the last recommendation offers a good solution for SeriousSAM, it may negatively impact your production if not properly tested before it is pushed. When this setting is enabled, applications that use scheduled tasks and need to store users’ hashes locally will fail.

The Best Antivirus for Windows 10 Today (2023) (Is Windows Defender Good Enough?)

The Best Antivirus for Windows Today In 2023: Is Windows Defender Good Enough?

 

Windows Defender was originally known as Microsoft Security Essentials back in the Windows 7 days when it was offered as a separate download, but now it’s built right into Windows and it’s enabled by default. Many people have been trained to believe that you should always install a third-party antivirus, but that isn’t the best solution for today’s security problems, like ransomware.
If improving Security for your end device is your overall goal and you have a PC (aka Windows-OS device) then you must download and install WINPATROL. There is a FREE limited edition, but if you care for what comes in to your device then for a week's worth of coffee it is HIGHLY SUGGESTED you pay for the Upgrade. I have the paid version on every devices that runs on Windows since Windows 7 came out and it is THE BEST BARGAIN IN PC SECURITY. https://www.bleepingcomputer.com/download/winpatrol/
So, What Is the Best Antivirus Program In 2023?

 

We definitely recommend you read the entire article so you fully understand why we recommend a combination of Windows Defender and Malwarebytes, but since we know that tons of people will just scroll down and skim, here is our recommendation for how to keep your system secure:
  • Keep the Built-in Windows Defender for traditional antivirus – but today in 2023, malicious hackers require you to adapt and focus on Ransomware, zero-day attacks, keyloggers, and malware (such as Keyloggers that can copy and use every key stroke on your device for their own purposes) that require the 1-2-3 Defense listed below.
  • Use Malwarebytes for Anti-Malware and Anti-Exploit – all of the huge malware outbreaks these days are using zero-day flaws in your browser to install ransomware to take over your PC, and only Malwarebytes provides really excellent protection against this with their unique anti-exploit system. There’s no bloatware and it won’t slow you down.

Editor’s Note: This doesn’t even mention the fact that Malwarebytes, the company, is staffed by some really great people that we really respect. Every time we talk to them, they are excited about the mission of cleaning up the internet. It’s not often that we give an official How-To Geek recommendation, but this is our favorite product by far, and something we use ourselves.

A One-Two-Three Punch Equals a Knockout for anyone trying to cause harm: Registry/Windows Defense (WinPatrol), Antivirus (Windows Defender) and Anti-Malware (MalwareBytes)
1. You need antivirus software on your computer, no matter how “carefully” you browse. Being smart isn’t enough to protect you from threats, and security software can help act as another line of defense.

2. However, antivirus itself is no longer adequate security on its own. We recommend you use a good antivirus program and a good anti-malware program. Together, they will protect you from most of the biggest threats on the internet today: viruses, spyware, ransomware, and even potentially unwanted programs (PUPs)—among many others.

3. So which ones should you use, and do you need to pay money for them? Let’s start with the first part of that unified threesome combo: antivirus.

Is Windows Defender Good Enough On Its Own? NO IT IS NOT!

When you install Windows 10 or Windows 11 (not recommended as of this time), you will have an antivirus program already running. Windows Defender comes built-in to Windows 10, and automatically scans programs you open, downloads new definitions from Windows Update, and provides an interface you can use for in-depth scans. Best of all, it doesn’t slow down your system, and mostly stays out of your way—which we can’t say about most other antivirus programs.

For a short while, Microsoft’s antivirus fell behind the others when it came to comparative antivirus software tests—way behind. It was bad enough that we recommended something else, but it’s since bounced back, and now provides very good protection.

So in short, yes: Windows Defender is good enough (as long as you couple it with a good anti-malware program, as we mentioned above—more on that in a minute).

But Is Windows Defender the Best Antivirus? What About Other Programs?

If you look at that antivirus comparison we linked to above, you’ll notice that Windows Defender, while good, does not get the highest ranks in terms of raw protection scores. So why not use something else?

First, let’s look at those scores. AV-TEST found that it still caught 99.9% of the “widespread and prevalent malware” in April 2017, along with 98.8% percent of the zero-day attacks. Avira, one of AV-TEST’s top rated antivirus programs, has the exact same scores for April—but slightly higher scores in past months, so its overall rating is (for some reason) much higher. But Windows Defender isn’t nearly as crippled as AV-TEST’s 4.5-out-of-6 rating would have you believe.

Furthermore, security is about more than raw protection scores. Other antivirus programs may occasionally do a bit better in monthly tests, but they also come with a lot of bloat, like browser extensions that actually make you less safe, registry cleaners that are terrible and unnecesary, loads of unsafe junkware, and even the ability to track your browsing habits so they can make money. Furthermore, the way they hook themselves into your browser and operating system often causes more problems than it solves. Something that protects you against viruses but opens you up to other vectors of attack is not good security.

Just look at all the extra garbage Avast tries to install alongside its antivirus.

Windows Defender does not do any of these things—it does one thing well, for free, and without getting in your way. Plus, Windows 10 already includes the various other protections introduced in Windows 8, like the SmartScreen filter that should prevent you from downloading and running malware, whatever antivirus you use. Chrome and Firefox, similarly, include Google’s Safe Browsing, which blocks many malware downloads.

If you hate Windows Defender for some reason and want to use another antivirus, you can use Avira. It has a free version that works fairly well, a pro version with a few extra features, and it provides great protection scores and only has the occasional popup ad (but it does have popup ads, which are annoying). The biggest problem is that you need to be sure to uninstall the browser extension it tries to force on you, which makes it hard to recommend to non-technical people.

Antivirus Isn’t Enough: Use Malwarebytes, Too

Antivirus is important, but today, it is far more important that you use a good anti-exploit program to protect your web browser and plug-ins, which are the most targeted by attackers. Malwarebytes is the program we recommend here.

Unlike traditional antivirus programs, Malwarebytes is good at finding “potentially unwanted programs” (PUPs) and other junkware. As of version 3.0, it also contains an anti-exploit feature, which aims to block common exploits in programs, even if they are zero-day attacks that have never seen before—like those nasty Flash zero-day attacks. It also contains anti-ransomware, to block extortion attacks like CryptoLocker. The latest version of Malwarebytes combines these three tools into one easy-to-use package for $40 per year.

Malwarebytes claims to be able to replace your traditional antivirus entirely, but we disagree with this. It uses completely different strategies for protecting you: antivirus will block or quarantine harmful programs that find their way to your computer, while Malwarebytes attempts to stop harmful software from ever reaching your computer in the first place. Since it doesn’t interfere with traditional antivirus programs, we recommend you run both programs for the best protection.

Update: The Premium version of Malwarebytes now registers itself as the system’s security program by default. In other words, it will handle all your anti-malware scanning and Windows Defender won’t run in the background. You can still run both at once if you like. Here’s how: In Malwarebytes, open Settings, click the “Security” tab, and disable the “Always register Malwarebytes in the Windows Security Center” option. With this option disabled, Malwarebytes won’t register itself as the system’s security application and both Malwarebytes and Windows Defender will run at the same time.

Note that you can get some of Malwarebytes’ features for free, but with caveats. For example, the free version of Malwarebytes program will only scan for malware and PUPs on-demand—it won’t scan in the background like the premium version does. In addition, it doesn’t contain the anti-exploit or anti-ransomware features of the premium version.

You can only get all three features in the full $40 version of Malwarebytes, which we recommend. But if you’re willing to forego anti-ransomware and always-on malware scanning, the free versions of Malwarebytes and Anti-Exploit are better than nothing, and you should definitely use them.

There you have it: with a combination of a good antivirus program, Malwarebytes, and some common sense, you’ll be pretty well protected. Just remember that antivirus is only one of the standard computer security practices you should be following. Good digital hygiene isn’t a replacement for antivirus, but it is essential to making sure your antivirus can do its job.