Security Plans

Why I wrote This 

 I wrote this initially as an email to a friend who'd experienced identity theft and who has a Windows 7 computer.


First a few Thoughts

Security has become a big part of our lives and our psyches, unfortunately. I have spent countless hours on it over the years. A few thoughts below, and then I tried to construct a list of everything we do to protect ourselves. There might be more but this is off the top of my head.
Hacking doesn't really get prevented by antivirus. Much hacking is in the cloud rather than on your computer. Of course yes you do want an antivirus but there's more you can do. 

Below are things we currently do. Note that it looks like a lot but all this took us several months to set up. We literally sat down every Saturday and did ONE THING on a very long list. Now that it's all in place, we hold a bi-annual security meeting to decide if there's anything more we need to do or change.

Hard drive and Cloud


  1. First things first: you could very well be running malware bots on your machine without knowing it. You might want to read this article, and then if you suspect this (for example, if your computer's been running slow), then follow the instructions.
  2. A free third party a/v is probably fine as long as you're allowing it to keep updating its virus definitions. Also when it wants to update to a new version, always do that. Some of the free A/V's don't download virus definitions unless you explicitly ask them to. Or you may need to jigger a setting. 
  3. In the past I've always been big on free third party anti-virus and other helper programs for windows, but since Windows 10, I've changed my mind. The built-in Windows Defender is good, and doesn't require any babysitting. 
  4. While you have avast running, Windows has Defender turned off. If you decide to switch to Windows Defender, uninstall Avast, and then Windows will think real hard for a few minutes and finally it will turn Defender on. Sometimes it might require a reboot before you see that Defender is happy. *Warning: do this at your own risk. Sometimes the switch to Defender gets buggy and takes more time than expected, but whatever.
  5. I'm assuming you are running a current, supported version of Windows and are taking all its updates. That's a must. A lot of those updates are security updates. Windows 10, at its most up-to-date, is the safest. It has extra security for things like ransomware built into the OS.
  6. Cease downloading third-party tools. They are no longer critical to smooth running of Windows, and instead act as infestations. For example, if you have ccleaner, uninstall it.
  7. Try to restrict your obtaining third party apps mainly to the Microsoft Store if possible.
  8. If you use chrome as your browser, use the Google Chrome Store to find and install the extension called "Web of Trust." It's abbreviated WOT. This will guide you away from unsafe or untested sites.
  9. The latest wisdom is to NOT keep changing our passwords. Instead, it is safer to use a password protector and leave your passwords alone unless you know of a breach or if the account demands it. I use Lastpass to store all passwords, almost all of which are randomized passwords. I have a few hundred. Lastpass, in my opinion, is a must today. Or some other competitor to Lastpass is fine too. 
  10. Every Saturday I run Lastpass security checkup
  11. Two step authentication is a royal pain but a must. I have 2 step authentication with Lastpass and also have it with a few individual accounts such as google. 
  12. By the way, Lastpass turns out to be a great way to bookmark everything too. There are two ways to go into a site. One way is to open the site and then let Lastpass fill in the password. But the safer way is to go into Lastpass and click on the website you want.  
  13. If you are going to a website to buy something, or to download something, check if it's safe first. It's easy with VirusTotal which is an aggregator of many other website safety tools. Try it out:


  1. Credit cards are safer than debit cards
  2. Avoid ATM's and try to use cash when you're out at eating establishments, gas stations, and the like. The scimmers have become very commonplace. 
  3. Get a free Credit Karma account, and ping your calendar to check it once a week. You'll look for changes such as a new address you don't recognize, or a new credit card you didn't open. Also go into Credit Karma settings and turn on email notifications. However, the notifications aren't always as timely as they could be. That's why you should go into the account once a week and check. 
  4. Place a permanent security freeze on your credit file through all three credit agencies (Equifax, Experian and Transunion). Credit Karma will show you Equifax and Transunion for free. So to see Experian, you can open a free Experian account as well. Set up notifications there too, and check that one every Saturday too 
  5. You'll have to dig around in Credit Karma and Experian to find out where the important nuggets of info are. 
  6. Experian, for example, gives you dark web reports. I think Credit Karma does too. Ignore all the advertising. The free version advertises credit cards. 
  7. Shred everything. 
  8. We studied Lifelock in-depth and determined that it's really not that useful. It doesn't prevent theft, and when the theft has occurred, it just holds your hand through recovery. After we studied it ourselves, we asked our beloved Financial Advisor, and he said he doesn't use it either. He says it's not useful. He does what we do. 
  9. Look inside your online bank accounts once a week, or get the Quicken app for your computer, where you can auto-download all accounts into one place every day. That includes paypal, charge cards, store cards, checking accounts, savings accounts, and investment accounts.  That way, you know very quickly if there's a fraudulent charge. Especially look for tiny charges that are easy to dismiss but don't dismiss them. Sometimes hackers start with a tiny charge. We sometimes have to call our bank to verify what a charge is for.


My New Plex Server

 Update: The old one revived. So I have two plex servers

Today my Windows 10 Plex Server died a blue screen motherboard death. I'm only struck by how long it lasted, as it started out as a Windows 7 computer used by our business, and when retired three years ago, I acquired it and turned it into a media server.

It accesses all the ,and music on my NAS device. My NAS device is my local backup server. Therefore, the media source for my server is actually backup. It works great.

So today I dragged another retired Windows 10 laptop out of my closet, got it up to date, and installed Plex. It was straightforward, except that I had remembered wrong taht I can point it to an external device. I couldn't figure out how to get my data!

That's not actually how it works. Apparently what I had done three years ago, and I did again today, is to go into file explorer, choose "Map Network Drive" and map my NAS device as a pc network drive. Then when I edited movies and music in my Plex Server app, I was able to point each to the movies and music I wanted on the network drive. Simple.


If you absolutely must pry malware off your Windows 7 computer

Print Friendly and PDF

This post was written for a Windows 7 user who suspects malware, but is useful for all Windows versions. I suggest reading my other recent posts about Windows security and Security in general.



As stated in other posts, I strongly urge Windows users who suspect malware on their computers to either
  1. Buy a new Windows 10 computer, along with lots of precautions
  2. Do a complete reset, along with lots of precautions, and put Windows 10 on it if it's not already there

But if you're in such a difficult situation that you are going to try to pry the malware back off, I have some thoughts to make the process safer. First, maybe it will give you some comfort to know that resetting isn't a guarantee either.

So, no matter what you do, you must do it with an abundance of caution.

How to think about this

Basically, think of it as you're creating a cleanroom for your cleanup process. Be mindful of the ongoing potential of moving or spreading malware around, all while you think you're cleaning up.


The Steps

These steps are only somewhat in a good order, so read it all first. Also there may be more you can do that I'm not thinking of, but these certainly will help:
  1. Make sure you're not getting malware from your router. To do that, follow instructions for cleaning your router model. Usually it's just a reset, and then creating a new password, but don't trust me on that. There may be more to do. Also if your router is not giving you WPA2 security, it's time for a new router
  2. Find guidelines and tools for malware cleanup that are specific to Windows 7
  3. Don't download cleanup tools from the infected computer. Why? Because they could become infected from your already infected computer.
  4. Instead, download any tools from a clean computer onto a usb flash drive, and then install each tool to the infected computer from your usb flash drive
  5. Before downloading each tool, check on the safety of its source (such as using virustotal)
  6. Best if the flash drive is brand new, so you're not risking that there's already malware on the flash drive
  7. Be aware that malware cleanup can screw things up worse.
  8. Make sure you have your files backed up first.
  9. You must run your cleanup tools on your backup as well--before doing a restore!



What to do if you suspect malware on your Windows computer

Note: I originally was writing this to help out a relative, and decided to turn it into a blog post for the benefit of all. I wrote all of this based on my own two decades of experience with Windows. It's meant as a guideline and not gospel. And you'll no doubt be looking up some things that I didn't flesh out for you.

Rationale for a complete reset with a thorough wipe

  1. Antivirus can miss stuff, and you could even be running silent spyware for years. So I don't rely on any particular software to clean up a computer that I suspect is infected. Instead, I do a complete reset. The historical term for "reset" is "reimage." They are basically the same thing. 
  2. Therefore I don't want to recommend anything in particular for hard drive cleanup beyond Microsoft's Malicious Software Removal Tool, and it's not enough. You can run this and others, but ultimately, none of it is enough. They are only a preliminary before doing a complete reset with a thorough wipe.
  3. Note: A restore or a refresh are not the same as a reset and will not wipe your computer.
  4. Note for Mac Users: Mac users think they're safe but they're not. Much hacking these days happens in the cloud, not on the hard drive, which effects everyone. In addition, Macs do get infected, but it's less transparent to the user, and therefore underreported. It's also underreported because there are fewer Macs.

Guidelines for a complete reset with a thorough wipe

Note that a complete reset, wipe and reinstall can take several days, much of which is unattended but you want to be nearby to babysit the process.

There are many different procedures to follow and which one you pick can depend upon your installation. Here are some notes about finding the best instructions and following them.
  1. First run some tools to do cleanup, such as the link mentioned above. The reason for this is to reduce the risk that your backups don't end up getting restored later with malware on them.
  2. Make sure all your important files (pics, documents, videos, and so forth) are backed up to some external place first. You can use a cloud service, or a reliable external hard drive with enough room. I use both because I had the dreadful experience of an external hard drive crapping out. Also be sure the hard drive is no longer attached to your computer before you do a reset or else Windows might try to boot from it during the process, which has driven me crazy in the past.
  3. Also if you have installation files for software tucked away somewhere, make sure those are backed up too, because you will have to restore all your apps that you had put on your computer.  Be sure you also have all the product keys backed up...
  4. However, a fresh download of your apps is safer. Be careful that you are not backing up any unknown exe's (executables) because if you restore those, they could be the source of malware. So be as minimalist as you can about what you're going to restore to your new computer. Here's an example: if you have a license for Photoshop, you should be able to download a fresh Photoshop as long as you have the product key. Don't use an old download. (Check on this to be sure but I think about right about this and it applies to a lot of software these days.)
  5. How you do the process also depends upon whether you had at one point upgraded your windows version on this computer. You'll need to get Microsoft Instructions for how to reset, for example, if you are now running Windows 10 but the computer originally had Windows 7 on it.
  6. Find the best instructions for your computer. The instructions vary. I usually follow two sets: one from Microsoft and one from NOT Microsoft. LOL. I follow both. You might want to do that too, plus keep this list from me in front of you as a set of guidelines and reminders.
  7. For this whole process, if you've been running wirelessly, switch to ethernet. It will be much faster. But regardless, it can take days to get your computer back in service.
  8. If you don't know your Windows version, go into your run command and type winver, then press enter. 
  9. When you find instructions, it's important you find instructions that will completely reset AND wipe your hard drive
  10. During the process, you should be prompted with a question about whether you want the quick wipe or the complete wipe. You want the complete, thorough, wipe.
  11. If the process asks you about partitiions, I think you can leave any partitions intact, as they are not touched by malware. But that's just my educated guess. However, if you restore your Windows installation from a partitiion, then it will restore to the original Windows version that was there when you bought the computer. You might then have to upgrade. (Note: you can still get the free windows 10 upgrade if you already had the windows 10 upgrade before. Google this to get instructions on how to get your freebie back.)
  12. Once the wiping is done then you'll start over with a reinstall of Windows, either from a partition or from an external disk, or a download, all depending on what instructions you followed and the decisions you've made.
  13. After you've reinstalled windows, it will take a day or two to update itself. Or possibly longer, depending on your connection.
  14. Then let Windows Defender become your default. Be minimalist about the software (apps) that you put back. Don't restore any apps or files until you know that your computer is completely protected.
  15. When possible, get a fresh install of any apps and use your exisiting product key. Follow wisdom mentioned elsewhere about where you are getting your fresh downloads from.
  16. Be minimalist about restoring your files. Pics and vids are safe, but be careful about executables or anything you decide you don't need any more.

My recommendation for an easier alternative

Think the above is too hard? You might only want to try it if it's your idea of a good time, and don't mind bumps in the road. Here's what to do instead:
  1. Computers have gotten cheaper and more powerful. You might be better off buying a new computer. There are many specs and prices to choose from. My only strong recommendation is to get an Intel 7 chip or higher. (Or find out what the AMD equivalent is for Intel 7).  Everything else is about matching the specs to your needs.
  2. If you buy a new computer, still be circumspect about what you restore onto it.
  3. Keep the old computer until you are thoroughly set up with the new one and you know for sure you've restored everything you want to restore.
  4. Before tossing the old computer, drive a stake through its hard drive.  
  5. Microsoft reports that Windows 10 is the last version. There will be no Windows 11. But Windows isn't going away. Instead, major updates will continue to come from the cloud twice a year (what they call Creators Updates) and we will all continue to get minor updates periodically. Always accept all Windows updates. You can't pick and choose any more. 
  6. Therefore if you haven't been keeping your computer up to date or it's not Windows 10, or it didn't start out with Windows 10, you're better off starting fresh with a new computer with Windows 10 on it. As soon as you buy it, let all its updates run, with several reboots and lots of patience, as there will probably be updates since the computer landed on the store shelf. 
  7. And one more suggestion for the road: buy the second computer and then reset the first one. Keep two around. (It's what I do.) It takes away all the stress of having a computer out of commission. Just keep both up to date with Windows, and when you have to switch, all that's needed is to go to your backup target and download your latest stuff.

What to do from now on 

  1. From now on, accept all Windows updates which will also include Defender Virus Definitions.
  2. Do not install a third party antivirus unless you have one that you already love and it's the paid version. If you're getting a free version, Windows Defender is just as good, and is tied to the OS which makes it maintenance-free for you. Also, any AV you install will turn off Defender.
  3. Occasionally download a new version of Mircosoft's Malicious Removal Tool and run it. Do follow Microsoft's steps for how and when to do that.
  4. Follow all the other good wisdom out there about protecting your computer, including firewalls, two-step authentication, a password protector, a protective extension in your browser and so on. Some of my favorites: Chrome Web of Trust, VirusTotal when using an unfamiliar website, Lastpass. 
  5. Download and install less stuff than you used to. If you want an app, see if it's available in the Microosft Store. If you can't find it in Microsoft Store, then use some tools, such as my favorites, to make sure the download will be safe
  6. Avoid downloading third party tools that extend function in Windows. That's an old-world concept and often nowadays, these tools do more harm than good.