Mario works at a government agency that has stiff security. He uses LastPass (a sponsor of the TWiT network) on his devices and wants to know if the government can see his data or his passwords? Leo says it's possible. They may have key loggers or screen readers that can see your activity and certainly monitor your online activity. He wouldn't be surprised if they have custom certificates that allow them to snoop, even if you're using encrypted security. But LastPass probably keeps Mario's activity safe.
Michael's apartment WiFi network security is wide open, with logins based on the apartment numbers and the office phone number as the password. And they won't allow him to change his password. The best solution is to lobby the apartment management to allow him to change the login password.
Rick posted a few pictures on Facebook, and he sees one picture with a caption he didn't add to it. How did that happen? It also seems to come from a group he isn't a member of, rather than from himself. Leo says that Facebook makes a group of your account automatically so you can share images. So that's probably the group he's seeing. You can also add filters or frames that can be added. It's possible it was added by accident. Check the picture and see what the privacy settings are. If it's public, you may want to change it to friends only.
If you've been infected with malware, wipe your drive and start over. Reinstall Windows. If it's a rogue employee of a company you were calling, contact the company and let them know. Any general-purpose operating system is vulnerable to these kinds of malware attacks. If you positively need to use Windows at home, you sort of should become a guru of PC security to protect yourself. Windows shouldn't be your default OS pick anymore.
If you still insist on using your Windows 7 computer and are scared of using it thanks to Microsoft's lack of continued support, it is still okay to use it offline. If you don't take it on the internet, you significantly lower your risks to catch anything harmful for the PC. Plus, most of your permanent applications will still work as long as there is electricity to power the computer! However, you should still be sure to back up important files onto an external hard drive, as staying offline means no access to cloud backup services.
Caller allowed a third party that handles support for her company, to install ConnectWise on her private computer. Is that safe? Leo says that if your company has farmed out IT support to a third-party, it's unlikely that third-party is going to lose that business by compromising your personal data. But her devices are all connected. Can she revoke it? Leo says that you can uninstall ConnectWise and remove that access.
After getting a phishing scam email, Karen ran a malware scan with Windows Defender and it found a "severe threat" called a Trojan-Downloader. Windows Defender blocked it, but is she still compromised? Leo says that everyone gets those, and it's not a side effect of a virus on your system. So if Defender found one and blocked it, you're safe from it.
John is worried that his identity will be stolen, along with his money, if he does online banking through his browser. Leo says that browsers are equally secure, as long as they keep getting patched on a regular basis. The issue isn't the browser, it's the system itself. The weak link in the chain is you. If you get an email that seems to be from your bank and you click on the links inside, it's likely a fake and your login has been stolen due to a phishing attack. That's the kind of thing that can happen. Banks will never email you. Keep that in mind.
Sundeep wants to know if GoToMyPC is better than Microsoft's own native remote desktop. Leo says that if you have Windows Pro, remote desktop is free. But Windows remote desktop has a number of significant flaws that represent a serious security issue for users. One magazine even said that "it's time to disconnect Remote Desktop from the internet. You also don't want to use it "bare" on the internet. You need to use a VPN or proxy server. So Leo advises not using Remote Desktop. Use a third-party service like GoToMyPC.
Much like phishing and spear-phishing, VISHING is the latest online scam designed to steal your logins. Only VISHING uses voicemail to do it, according to the FBI and the Cyber Security Agency (CISA). They are targeted attacks on employees of corporations using voicemail to get users working at home to call back and then use social engineering to steal VPN credentials. Check out Brian Krebs' article here.