Tuesday, September 22, 2015

Mac OS X Isn’t Safe Anymore: The Crapware / Malware Epidemic Has Begun


OS X users like to make fun of Windows users as the only ones that have a malware problem. But that’s simply not true anymore, and the problem has increased dramatically in the last few months. Join us as we expose the truth about what’s really going on, and hopefully warn people about the impending doom.
Since it is actually Unix under the hood, OS X has some native protection against the worst types of viruses. But the problem these days isn’t viruses that completely break your computer, it’s spyware, crapware, and adware that sneaks onto your computer, hijacks your browser, inserts ads, and tracks what you are looking at. And much of it is legal, because you get tricked into clicking the wrong thing during an installer.

And now download sites, fake ads for software on search engines, and sketchy applications are bundling adware and crapware into installers for legitimate software. You can’t just assume you are safe anymore because you’re on OS X. You need to be careful what you download and what you click.
If you don’t think this is a big deal, think again. These pieces of adware insert themselves directly into the browser, and they are analyzing and running even on secure sites like your bank, credit card site, and email, sending back data to their servers. They aren’t using an HTTPS hijacking proxy quite yet from what we can tell during our research, but it’s only a matter of time, and they might already be doing it and we haven’t found the proof yet.
Since we are primarily Mac users ourselves here at How-To Geek, we’re really hoping that Apple takes a different tactic with this problem than Microsoft has with Windows and doesn’t allow these scam artists to destroy their platform.

Bundled Crapware for OS X is Getting Worse Every Day

This fake VLC installer is serving up insidious malware, one of the worst that we’ve come across.
It wasn’t that long ago that you could install almost anything for OS X from almost any website, and you didn’t really have to worry about what you clicked on. That’s just not true anymore, and while things are better than they are on Windows, it’s only a matter of time at this point.

You still have a safe source for software with the Mac App Store, but the problem is that not all vendors sell their software through the App Store, and many of them are selling older versions there and have the latest version on their own website. If you do stick to the App Store, you have nothing to worry about. We’d love to see Apple fix some of the App Store issues and make everybody use it.
Just like on Windows, you don’t have to look any further than CNET Downloads to find bundled crapware… even for Mac. That’s right, they’ve gone cross-platform with this nonsense. And they’ve made it worse, because you either have an Install button, or a Close button. There’s not even a Decline anymore! When you click Close, the installer shuts down entirely. So you either have bundled crapware that hijacks your browser, or you don’t get to install that app.
They are like the Old Faithful of bundled crapware. You can always count on them.
The one in the screenshot installs Spigot and a bunch of other nonsense that redirects your browser to Yahoo, installs a bunch of unwanted plugins, and generally makes the flying spaghetti monster cry. It’s amazing how much money Yahoo must be sinking into these things to hijack your browser to their search engine… when it’s not even theirs. Yahoo Search is really just a rebranded version of Bing. Oh well.
Oh my! On the next screen, the installer finally allows you to Decline something again! Maybe the thing in the screenshot is so bad even CNET Downloads doesn’t want to force it on you. Not a good sign.
Seriously, you should think twice before using anything that bundles itself.
Of course, it’s not just CNET Downloads doing the bundling — we found a number of other apps being distributed on freeware download sites that are doing their own bundling. For instance, YTD that loads HTTPS-hijacking adware for Windows has a Mac version. And they are also bundling Spigot. Want to torrent something? Why don’t you go download uTorrent from their website? Seems like people love using that. Ohhh.
Somebody must have forgotten to turn off the spigot on the crapware hose.
The problem gets much, much worse when you try to search for freeware using your favorite search engine. It’s worth noting here that Google has just recently starting trying to ban bundled crapware from their results and ads, but sadly Yahoo and Bing don’t have the same level of awesome. In fact, they are just terrible.
If you are an average, regular user and you search Yahoo for “vlc download,” you would be presented with something that looks like the next screenshot. And every single thing on the page is actually a link to a bundled crapware installer for VLC, and almost all of them are cross-platform and work on OS X. And the text that says “ad” is almost invisible.
Yahoo! It’s them there crapware that what people be talkin bout! Yeehaw!
When an unsuspecting user tries to use one of these installers, they will be presented with a screen similar to this one… which installs the InstallMac awfulness that hijacks everything and puts adware into your system — it’s terrible. And, of course, the next screen tries to get you to install something else that you don’t need. And then something else. It’s so much crapware.
I bet the VLC folks are so tired of seeing scammers do this to their great software.
We’ve found a lot more software that’s being served up this way, with a ton of installers from almost every bundled crapware installer company. Here’s an install wrapper for OpenOffice bundled with a really lousy piece of adware that just takes over your browser. Yeah, we searched Yahoo again for OpenOffice, and clicked on what we actually thought was the real site because their “ad” text was so small that we couldn’t tell the difference. And this is what came up.
This thing claims to be a “better online experience” for videos. But it injects ads everywhere.
It’s about to become an epidemic for Mac users. So what do we have to look forward to?

Adware and Malware on OS X is Almost as Awful as on Windows

Every couple of minutes your browser does this and the only option is to quit.
When you do manage to get infected with something, most of the adware, malware, and spyware on OS X is going to try to infect your browser somehow, hijacking your New Tab, search, and home pages, injecting ads into pages, and randomly popping up obnoxious tech support alerts. Most of it won’t wipe your hard drive or anything really terrible… but based on the increasing sophistication that we’re seeing, it’s only a matter of time.
Many of these browser hijackers will insert ads that pop up messages that cannot be dismissed no matter what you do, as you can see in the screenshot above. And they’ll randomly show up all the time while you’re browsing, and you have to CMD + Q to close the app out entirely to get rid of them. Essentially, your browser becomes completely useless.
The simplest adware will install itself into your browser as an extension, and reset all of your pages to go through their awful, terrible search engine. And by that we mostly mean Yahoo… but there are a ton of others like searchmoose, search-quick, and searchbenny that use their own fake search engines. A few of them will redirect you to Bing, but never directly. It’s always through an intermediary like Trovi.
Most of the ads that get injected will try to trick you into installing even more ads using fake Java plugin messages, or messages that tell you to install a codec or a new version of Flash. All of these are fake, of course, and will just install even more crapware and malware on your computer. Every now and then one of them will try to serve up a piece of Windows adware, but for the most part they are smart enough to know you’re a Mac user and serve up the appropriate piece of crapware.
Searchbenny is really Trovi which is really Bing. That isn’t a real Java message, it’s fake.
A lot of the adware will redirect your search engine to a fake search engine that looks a lot like Google or Bing, but all of the results are nothing but ads.
And then it will randomly start talking to you. Literally. It plays audio ads through your speakers. We heard an ad for Northrup Grumman. How crazy is that? (We’re quite certain that they don’t know about this.)
Auto-playing audio ads in the background? Sprinkles are for winners.
We just showed off some of the annoying adware, but much of the bundled crapware is pretty lousy stuff as well, and almost every single crapware bundler that we found, and almost every single adware ad tried to get us to install MacKeeper. We don’t know much about it, although we do plan to look into how it works because these tactics are questionable.
8 out of 10 shady crapware installers recommend it!
The biggest trend that we’ve noticed in adware is that almost all of it tries to redirect your browser and search engine to Yahoo. Somebody over there at Yahoo needs to get fired.

Digging Deeper: How Some of This Malware Actually Works

Would you like this on every shopping page you visit?
The simple adware works the way most adware does, by installing itself into Safari’s extensions, which is pretty easy to uninstall. The problem is that only a few pieces of adware worked this way in our research.
When GoldenBoy grows up, he becomes a supervillain.
All of the search engine hijacking, home page redirecting, and extensions injecting ads are one thing. The bigger problem is the serious malware, which installs itself deep into the operating system, and the average person would never be able to remove it. There’s no uninstaller, there’s no Startup item, there’s no plugins in your browser, extensions, or anything else that appears to be installed.
What there are, however, are really awful ads injected into everything you do, making your computer slower than dirt. Your search engine will be hijacked, and it’s possible that your browser will be routed through a proxy. This is outright malware, it’s not just adware anymore, even if you accidentally forgot to uncheck a box somewhere. It works the same way the Trovi malware does on Windows, by injecting itself into processes.
These more serious pieces of malware install themselves as a daemon, or service, that runs in the background and behind the scenes. You can find these things in the /Library/LaunchAgents or /Library/LaunchDaemons folder, which will have some really weird looking items that just don’t belong. This folder could also be used for real things from real applications, so don’t go cleaning out this folder entirely or anything.
All three entries launch the same process in different ways so it stays running.
An examination of the plist file will show you where the actual malware resides, which is usually in a completely separate folder.
That folder appears to be randomly named.
When you head into that folder and examine the Version.plist file, you’ll get some more information about what’s actually going on. This thing is called Search-Quick and it supports hijacking Chrome and Safari, as well as the Webkit nightly build for some reason.
That really long string that ends in .com? Somebody should shut that domain name down.
Examining further comes up with something curious… the person who wrote this malware wanted to give special thanks to his mom.
Somebody should find his mom and let her know what he’s been up to.
Once the malware is launched by OS X as a daemon, it then uses a little-known piece of functionality in OS X that allows one process to inject itself into another process. You can see how it works by opening a terminal and running the agent executable directly. What’s actually going on is that it will attach itself to your web browser and load itself as a hidden extension. In the screenshot below you can see that it activated for process ID 544, which was Google Chrome. It’ll do the same to Safari if it is open.
Based on lsof output it appears that this malware is using low-level dyld library injection to hijack your browser.
This means that adware or malware is running inside of your web browser, injecting itself into every page that you visit. It doesn’t matter if you are visiting a secure banking site or not, they are already inside. One of the side effects of this malware is that your entire computer will be extremely slow, all the time, no matter what you’re doing.
For some tips on removing adware and malware in OS X, you can read the Apple support document, or just wait for our upcoming articles on the subject. We’ll be doing a lot more research into all of these things.

So What Does This All Mean, and How Do You Protect Yourself?

The trusty App Store is your best bet for most things.
Even though we’ve shown that malware, adware, crapware, and spyware is getting increasingly worse on OS X, that doesn’t mean that you necessarily need to worry or go out and install Linux or do something drastic. OS X is still not being targeted as much as Windows is, and there are still some security measures in place that make it more difficult for malware to get through.
The safest thing that you can do is use the Mac App Store to install your applications whenever possible. These applications have been verified by Apple and should be just fine to use, and definitely won’t come with any bundled crapware or adware.
Restrict Apps that Aren’t From the App Store
This won’t entirely fix the problem, but you can configure OS X to automatically restrict any executables that don’t come from the App Store. This won’t apply to applications already installed on your computer, no matter where they come from. It will simply apply to new downloads.
Head to System Preferences -> Security & Privacy, click the Lock icon at the bottom, and then flip the setting over to Mac App Store instead of the default.

Once you do this, trying to run anything that isn’t in the App Store will automatically show a block message. You can choose to still open it if you right-click and choose Open and then choose Open again, but by default everything is blocked.

This doesn’t solve the issue of applications that you do want to install having bundled crapware that requires opting out by default. But it is a great security setting for your relatives.
When you do need to install an application from elsewhere, make sure it’s really a trusted source, and not a fake site serving up open source freeware with a bundleware wrapper.

You should also consider disabling your browser plugins — for Chrome and Firefox, that’s pretty easy, for Safari it’s a little more complicated. The biggest thing you can do is disable your Java plugin, because it’s pretty rare for you to need that, and because Java was responsible for 91% of attacks in 2013. This will reduce your likelihood of being targeted with a zero-day attack.
It might even be time to start considering an antivirus for OS X, at least if you like to install a lot of software from sources outside of the App Store. If you don’t, it’s probably not quite as big of a deal, but we’re getting closer to the point where it will be needed. What we’re not sure quite yet is what antivirus for Mac is even worthwhile and blocks this type of stuff — on Windows, most antivirus doesn’t block bundled crapware and adware at all, because they are legal since you had to agree during the install process. So don’t just go pay for some antivirus right now. Just keep it in mind for the future.
Other than that, just be careful what you click on, and don’t trust error messages that pop up in your web browser window. If you see something that says your computer is infected and pops up a message, hold down that CMD + Q shortcut key combination to close out of everything immediately.
There’s no better time for Windows users to switch to Mac. With this much crapware and adware being developed, they’ll feel right at home! (We’re joking, of course.)

5 Ways To Free Up Disk Space on Your OS X Mac

5 Ways To Free Up Disk Space on Your OS X Mac

free-up-disk-space-on-macbook
It’s 2015, shouldn’t we stop worrying about disk space? Nope, not at all! A modern MacBook might have a solid-state drive with just 64 GB of space. You’ll want as much space for your important data as you can get.
You can likely free up quite a bit of space by pruning away files and applications you don’t care about. Not everything here is obvious — did you know that each user account on a Mac has multiple Trash cans?

Find and Remove Duplicate Files

One of the trickiest things that can take up lots of drive space are duplicate files littering up your computer — this is especially true if you’ve been using the computer for a long time. Luckily there are great apps like Gemini that can be used to find and remove duplicate files with a really slick and easy interface.
You can buy it on the App Store if you want — Apple had this one as their Editors’ Choice, but you’re probably better off getting it from their website, because they have a free trial available there.

There are a lot of other choices on the App Store and elsewhere, but we’ve used this one and had good results.

Empty Your Trash Cans

The Trash on a Mac is equivalent to the Recycle Bin on Windows. Rather than delete files form within the Finder, it’s sent to your Trash so you can restore it later if you change your mind. To completely remove these files and free up the space they require, you’ll have to empty your Trash. But Macs can actually have multiple trash cans, so you may need to empty several.
To empty your user account’s main trash can, Ctrl+click or right-click the Trash icon at the bottom-right corner of the dock and select Empty Trash. This will delete all the files you sent to the trash from the Finder.
empty-trash-on-a-mac
iPhoto, iMovie, and Mail all have their own trash cans. If you’ve deleted media files from within these applications, you’ll need to empty their trash cans, too. For example, if you use iPhoto to manage your pictures and delete them in iPhoto, you’ll have to clear the iPhoto trash to remove them from your hard drive. To do this, just Ctrl+click or right-click the Trash option in that specific application and select Empty Trash.
empty-delete-photos-from-iphoto-trash

Uninstall Applications

The applications you have installed on your Mac are taking up space, of course. You should uninstall them if you don’t need them — just open a Finder window, select Applications in the sidebar, and drag-and-drop the application’s icon to the trash can on your dock.
To find out which applications are using up the most space, open a Finder window and select Applications. Click the “Show items in a list” icon on the toolbar and then click the Size heading to sort your installed applications by size.
view-size-of-installed-applications-on-mac

Clear Temporary Files

Your Mac’s hard drive probably has temporary files you don’t need. These files often take up disk space for no good reason. Mac OS X tries to automatically remove temporary files, but a dedicated application will likely find more files to clean up. Cleaning temporary files won’t necessarily speed up your Mac, but it will free up some of that precious disk space.
There are many temporary-file cleaning tools available for Mac. CCleaner, the most popular temporary-file-deleting tool among Windows geeks, now even has a version for Mac. Download the free CCleaner for Mac and run it to clear some of those useless files, just like you can on Windows.
clean-temporary-files-on-a-mac-with-ccleaner
Bear in mind that clearing your browser cache isn’t necessarily a good idea. These caches contain files from web pages so your browser can load the web pages faster in the future. Your web browser will automatically start rebuilding the cache as you browse, and it will just slow down web page load times as your browser’s cache grows again. Each browser limits its cache to a maximum amount of disk space, anyway.

Analyze Disk Space

To free up disk space, it’s helpful to know exactly what is using disk space on your Mac. A hard disk analysis tool like Disk Inventory X will scan your Mac’s hard disk and display which folders and files are using up the most space. You can then delete these space hogs to free up space.
If you care about these files, you may want to move them to external media — for example, if you have large video files, you may want to store them on an external hard drive rather than on your Mac.
Bear in mind that you don’t want to delete any important system files. Your personal files are located under /Users/name, and these are the files you’ll want to focus on.
analyze-disk-space-used-by-files-on-mac-os-x

Remove Language Files

Mac applications come with language files for every language they support. You can switch your Mac’s system language and start using the applications in that language immediately. However, you probably just use a single language on your Mac, so those language files are just using hundreds of megabytes of space for no good reason. If you’re trying to squeeze as many files as you can onto that 64 GB MacBook Air, that extra storage space can be useful.
To remove those language files, you can use Monolingual. This is only necessary if you really want the space — those language files aren’t slowing you down, so keeping them is no problem if you have a big hard disk with more than enough free space.
remove-language-files-with-monolingual-on-a-mac

Clean Up Your Mac the Easy Way

If you don’t feel like spending all that time to find and clean things up, you can use CleanMyMac 3 to get rid of temporary files, clean up extra language files, uninstall applications, get rid of extra files left behind by application uninstallations, find and get rid of big attachments stored in Mail, and a whole lot more.
It’s basically all the cleaning applications in a single place, with the exception of finding duplicate files, which you’ll still want to use Gemini for. Luckily it’s the same vendor that makes Gemini and you can get them both as a bundle.
And of course, there’s a free trial that shows where your free space has gone and lets you clean up some of it for free.
CleanMyMac
They have a single button to clean up everything, but we’d recommend going into the details to make sure.
Note: before running any cleaning tool, you should make sure that all of your important data is backed up, just in case.

Be sure to also remove other files you don’t need. For example, you can delete downloaded .dmg files after you’ve installed the applications inside them. Like program installers on Windows, they’re useless after the program is installed. Check your Downloads folder in the Finder and delete any downloaded files you don’t need anymore.

How to Clean Install Windows 10

How to Clean Install Windows 10

windows 10 pc
The Windows 10 upgrade process drags old files, settings, and programs from your previous Windows system to your new one. Microsoft allows you to get an entirely fresh system by performing a clean install, but the activation process can be a bit confusing.
This is also useful if you’ve purchased a new Windows 10 PC and it includes manufacturer-installed bloatware you don’t want. Or, you may need to perform a clean install on a computer without an existing Windows system after installing a new hard drive.
Note that you won’t be eligible for the free “Windows DVD Player” app offered to users of Windows Media Center if you perform a clean install. However, you can always install VLC to get DVD playback or use one of the more fully featured Windows Media Center alternatives.

There’s an alternative to clean-installing. You can use the Reset feature to reset your Windows 10 system back to its fresh state.
If you installed Windows 10 yourself, this should give you a fresh Windows system. If you purchased a computer that came with Windows 10, this will likely bring back the bloatware that came with your Windows 10 PC. (There should be a way to prevent Windows 10’s Reset function from reinstalling the bloatware, but we’ll need to get our hands on a PC that comes with Windows 10 before we can find out how.)
Note that this may not be the perfect solution — while it should give you a perfectly like-new Windows system, some people have reported that it won’t fix some system corruption issues, in which case you’d want to perform a real clean install.
To reset your Windows 10 PC, open the Settings app, select Update & security, select Recovery, and click the “Get started” button under Reset this PC. Select “Remove everything.” This will wipe all your files, so be sure you have backups.

For the Free Upgrade: Have You Upgraded and Activated Your Windows 10 System?

If you want to perform a clean install of Windows 10 and haven’t upgraded to Windows 10 yet on your Windows 7 or 8.1 PC, you have some extra work to do. You’ll need to take advantage of Microsoft’s upgrade offer before performing a clean install. (Obviously, if you have a PC that came with Windows 10 or you’ve purchased your own Windows 10 license, this isn’t necessary.)
When you upgrade a Windows 7 or 8.1 system to Windows 10, the installer confirms that you have a “genuine Windows” system installed and activates your computer for use with Windows 10. Note that you don’t actually get a Windows 10 product key — instead, your computer’s hardware is registered with Microsoft’s servers. When you install Windows 10 on that PC again in the future, it will check in with Microsoft’s servers, confirm it’s installed on a registered PC, and automatically activate itself.
If you don’t take advantage of the upgrade process first, this registration will never happen. There’s no way to enter a Windows 7 or 8.1 key into the Windows 10 installer, nor is there some sort of web form that will give you a Windows 10 key if you provide your Windows 7 or 8.1 key. Sorry — you’ll have to upgrade to Windows 10 before you can perform a clean install.
If you need to upgrade, you can download Microsoft’s Windows 10 media creation tool and tell it to “Upgrade this PC now.” It will automatically upgrade you to Windows 10 if your PC is running a genuine version of Windows 7 or Windows 8.1.

Once you’re done, confirm that Windows 10 is activated before performing a clean install. You can check this by opening Settings, selecting Update & Security, and selecting Activation.
Verify that you see “Windows is activated” here. Also, note the edition of Windows 10 you have installed — either Windows 10 Home or Windows 10 Pro. Most people will receive the Home edition as part of the free upgrade, but you’ll get Windows 10 Pro if you previously had a Professional edition of Windows 7 or 8.1 installed.
If Windows 10 isn’t activated, don’t try to perform a clean install until it is.

Download Windows 10 and Create Installation Media


Even if your Windows system has already been upgraded with the “Get Windows 10” reservation process, you’ll need to download Windows installation media to install Windows 10 from scratch.
Download the Windows 10 media creation tool from Microsoft. This tool will download the correct Windows 10 installation files for your system, and it also has built-in functions to create USB installation media or burn an installer DVD. Select the “Create installation media for another PC” option to create installation media.

Be sure to select the correct type of installation media for the copy of Windows 10 that’s licensed for your PC — Windows 10 Home or Professional. You should also choose your language and select whether you want the 32-bit or 64-bit version of Windows here — most people will want the 64-bit version. However, you can create installation media that includes both the 32-bit and 64-bit version, and the installer will automatically select the most appropriate one when you use it to install Windows on a computer.

Install Windows 10 from the installation media like you would any other operating system. Restart your computer with the USB drive or DVD inserted and boot from that device. This may require you change a setting in the BIOS, access a boot menu, or use the “Use a device” option in the advanced startup options on a modern Windows 8 or 10 device that includes UEFI firmware instead of the traditional BIOS.
Select “Install Now” once the Windows installer starts. When you reach a screen asking for your Windows 10 product key, click the Skip button. You won’t actually have a Windows 10 product key if you took advantage of the free upgrade offer.
If you do have a Windows 10 product key, enter it here.

Go through the setup process normally until you see the “Which type of installation do you want?” screen. Select the “Custom” option to ensure you’re performing a clean install and not an upgrade install.
Partition your system drive however you like. If you just have a single Windows partition, you can tell the installer to overwrite it. If you have many partitions, you could delete them all and tell Windows 10 to install itself in the unallocated space.


You’ll be asked for the product key after the process is finished. Just click “Do this later” to skip this part and continue the setup process.
After you log into your new, clean-installed Windows 10 system, it should automatically activate itself after you connect to the Internet. If you took advantage of the free upgrade offer, it does this by checking your computer’s hardware and then checking in with Microsoft, verifying that your hardware configuration is authorized to use Windows 10.
When we reinstalled Windows 10 Pro on our computer, it activated immediately. But, if Microsoft’s activation servers are overloaded, so it may take some time before your system activates. You can open the Settings app, select Update & security, and select Activation to check your activation status. If it’s not activated, you may see information here that can help you activate.

Some people report having to reboot several times, while others have just waited. The following command can force an activation to occur if it’s not happening automatically after going through the steps above. First, open an Administrator Command Prompt by right-clicking the Start button or pressing Windows Key + X and selecting Command Prompt (Admin). Type the following command and press Enter:
slmgr.vbs /ato
Many people report having to run this command several times. if you see an error message, try rebooting and running it again, wait and run it again, or just wait and let Windows activate automatically. Microsoft’s servers may be overloaded at the moment you’re trying to activate.


Microsoft’s free upgrade offer depends on your PC’s hardware so it may not activate properly if you’ve swapped out hardware inside your PC. You may need to call Microsoft and complete the phone activation process, explaining what happened, if you changed the PC’s hardware after taking advantage of the offer. The phone support line can give you an activation code that will allow you to activate Windows 10, even if it won’t activate automatically. However, you may have to provide additional information.
Note that the free Windows 10 upgrade (as well as OEM copies of Windows and pre-installed copies of Windows 10) can’t actually be transferred to a separate PC. They’re tied to a single PC’s hardware.

Password Manager and How to Get Started

Why You Should Use a Password Manager and How to Get Started

key-in-lock
The majority of people use very weak passwords and reuse them on different websites. How are you supposed to use strong, unique passwords on all the websites you use? The solution is a password manager.
Password managers store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password – the master password is the only one you have to remember.

Don’t Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.
To prevent password leaks from being so damaging, you need to use unique passwords on every website. These should also be strong passwords – long, unpredictable passwords that contain numbers and symbols.
Web geeks have hundreds of accounts to keep track of, while even the average person likely has tens of different passwords. Remembering such strong passwords is nearly impossible without resorting to some sort of trick. The ideal trick is a password manager that generates secure, random passwords for you and remembers them so you don’t have to.
lastpass-sign-in

What Using a Password Manager is Like

A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords.
When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, you type your master password into the password manager, which automatically fills the appropriate login information into the website. (If you’re already logged into your password manager, it will automatically fill the data for you). You don’t have to think about what email address, username, and password you used for the website – your password manager does the dirty work for you.
If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.
lastpass-filling-password

Why Browser-Based Password Managers Aren’t Ideal

Web browsers – Chrome, Firefox, Internet Explorer, and others – all have integrated password managers. Each browser’s built-in password manager can’t compete with dedicated password managers. For one thing, Chrome and Internet Explorer store your passwords on your computer in an unencrypted form. People could access the password files on your computer and view them, unless you encrypt your computer’s hard drive.
Mozilla Firefox has a “master password” feature that allows you to encrypt your saved passwords with a single “master” password, storing them on your computer in an encrypted format. However, Firefox’s password manager isn’t the ideal solution, either. The interface doesn’t help you generate random passwords and it lacks various features, such as cross-platform syncing (Firefox can’t sync to iOS devices).
20-web-generate_strong_password-PC_png
Dashlane has a strong password generator built right in
A dedicated password manager will store your passwords in an encrypted form, help you generate secure random passwords, offer a more powerful interface, and allow you to easily access your passwords across all the different computers, smartphones, and tablets you use.

Password Managers to Use

Dashlane probably has the slickest interface of any password manager
A variety of password managers are available, but three stand out as the best options. Each is a solid option, and which you prefer will depend on what’s more important to you:
Dashlane: This password manager is a little newer, but what they lack in name recognition they make up for with great features and slick apps for almost every platform — Windows, OS X, iPhone, iPad, and Android. They have extensions for every browser, features like a security dashboard that analyzes your passwords, and they even have an automatic password changer that can change your passwords for you without having to deal with it yourself.
One of the best features of Dashlane is that it’s completely free to use on a single device. If you want to sync your passwords between devices, you’ll need to upgrade to premium. But you can test it out for free.
And when it comes to security, Dashlane has another advantage, because you have the choice to keep all of your passwords locally on your computer, rather than in a cloud. So you have the benefit of something like KeePass, but with a better interface. If you do choose to sync your passwords using the cloud, they are AES encrypted.
LastPass: This is a cloud-based password manager with extensions, mobile apps, and even desktop apps for all the browsers and operating systems you could want. It’s extremely powerful and even offers a variety of two-factor authentication options so you can ensure no one else can log into your password vault. We’ve covered LastPass’s many security options in great detail. LastPass stores your passwords on LastPass’s servers in an encrypted form – the LastPass extension or app locally decrypts and encrypts them when you log in, so LastPass couldn’t see your passwords if they wanted to. For more information about LastPass, read our guide to getting started with LastPass.
KeePass: LastPass isn’t for everyone. Some people just aren’t comfortable with a cloud-based password manager, and that’s fine. KeePass is a popular desktop application for managing your passwords, but there are also browser extensions and mobile apps for KeePass. KeePass stores your passwords on your computer so you remain in control of them — it’s even open-source, so you could audit its code if you wanted to. The downside is that you’re responsible for your passwords, and you’ll have to sync them between your devices manually. Some people use a syncing solution like Dropbox to sync the KeePass database between their devices. For more information, check out our introduction to KeePass.

Getting Started with Your Password Manager

The first big decision you will need to make with a password manager is choosing your master password. This master password controls access to your entire password manager database, so you should make it particularly strong – it’s the only password you’ll need to remember, after all. You may want to write down the password and store it somewhere safe after choosing it, just in case – for example, if you’re really serious, you could store your master password in a vault at the bank. You can change this password later, but only if you remember it – if you lose your master password, you won’t be able to view your saved passwords. This is essential, as it ensures no one else can view your secure password database without the master password.
After installing a password manager, you will likely want to start changing your website passwords to more secure ones. LastPass offers the LastPass Security Challenge, which identifies the weak and duplicate passwords you should focus on changing. Dashlane has a Security Dashboard built right in, that will help you figure out which passwords might need to be changed.
10-app-security_score-PC_PNG

Password managers also allow you to store other types of data in a secure form – everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.
Password managers can even help against phishing, as they fill account information into websites based on their web address (URL). if you think you’re on your bank’s website and your password manager doesn’t automatically fill your login information, it’s possible that you’re on a phishing website with a different URL.

How to Use the Built-in Windows Defender Antivirus on Windows 10

Windows 10 has built-in real-time antivirus, just as Windows 8 did. It automatically runs in the background, ensuring all Windows users have a baseline level of antivirus protection. Windows 10 won’t complain at you to install an antivirus, as Windows 7 did.
If you’ve used Microsoft Security Essentials on Windows 7 or previous versions of Windows, this is the same basic product. It was renamed to “Windows Defender” in Windows 8 and integrated into Windows itself.

Like other anti-malware applications, Windows Defender automatically runs in the background, scanning files when they’re accessed and before you open them.
You don’t really have to think about Windows Defender at all. It will only pop up and inform you when it finds malware. It won’t even ask you what you want to do with the malicious software it finds — it will clean it up and quarantine the files automatically. You’ll see a “Malware detected” notification saying “Windows Defender is taking action to clean detected malware” or “Detected threats are being cleaned.” It’ll appear in the notification center, too.

Antivirus definition updates will automatically arrive through Windows Update and be installed like any other system update. These types of updates don’t require rebooting your computer. You don’t need to worry about updating Windows Defender.

Configuration and Exclusions

Windows Defender settings are now integrated into Windows 10’s new Settings app. To access it, open the Start menu and select Settings. Choose the “Update & security” category and select Windows Defender.
By default, Windows Defender automatically enables real-time protection, cloud-based protection, and sample submission. Real-time protection ensures Windows Defender automatically finds malware by scanning your system in real time. You could disable this for a short period of time if necessary for performance reasons, but Windows Defender will automatically re-enable real-time protection to keep you safe later. Cloud-based protection and sample submission allow Windows Defender to share information about threats and the actual malware files it detects with Microsoft.


You can also set Exclusions from here — scroll down and select “Add an exclusion.” Exclusions can be specific files, folders, file types, and processes. If the antivirus is dramatically slowing down a certain application you know is safe by scanning it, this can speed things up again. Be careful to use exclusions sparingly and smartly — these reduce your PC’s security because they tell Windows Defender not to look in certain places.

Manual Scans

Scroll down to the Version info section at the bottom of the Windows Defender pane in the Settings window and click “Use Windows Defender” to access the Windows Defender desktop app interface. If you’ve used Microsoft Security Essentials before, you’ll immediately recognize this. (We can probably expect Microsoft to move more of the options here to the Windows Defender pane in the Settings app over time.)
From this window, you can initiate a quick scan, full system scan, or a custom scan of specific folders. For example, you could connect an external hard drive to your computer and perform a Custom scan to scan that entire drive for malware.
You shouldn’t have to regularly perform manual antivirus scans. Windows Defender scans everything in the background anyway, and there’s even a scheduled task in Windows that automatically scans your computer on a regular basis. This feature is mostly useful for scanning external media and network locations.

Viewing Quarantined Malware

If Windows Defender informs you that it’s blocked malware, you can view the blocked malware from the Windows Defender desktop app. Click the “use Windows Defender” link in the Settings app to access Windows Defender, and then click over to the History tab. Click “View details” to view detected malware. You can see the name of the malware and when it was found and quarantined.
From here, you can remove the malware to delete it entirely from your PC or allow the supposedly malicious file to run. You should only do this if you’re absolutely sure the detected malware is a false positive. If you’re not absolutely, 100 percent sure, don’t allow it to run.

What if You Install Another Antivirus?

Windows 10 will automatically disable Windows Defender if you install another anti-malware program. It won’t continue performing real-time scans, so it won’t interfere with your other antivirus. Try to open the Windows Defender settings pane with another antivirus installed and you’ll find every option grayed out. Click the “Use Windows Defender” link and you’ll be informed Windows Defender has been disabled. Windows Defender will pop-up and say “This app has been turned off and isn’t monitoring your computer.”
If you uninstall the other antivirus, Windows Defender will kick into gear once again and take over, providing antivirus protection.


Whichever antivirus product you prefer, it’s good that every single new Windows installation going forward will come with built-in antivirus protection. The Malicious Software Removal Tool Microsoft occasionally delivers through Windows Update is no substitute for a proper anti-malware application.