As a security professional it's important to note that alot of malware can run scripts that will easily bypass the UAC since more people do not put a password on the Admin account. It's nice to require certain key strokes but scripts can mimic that. What a script can't do is KNOW your account password. So it will be stopped dead right there. Us the normal account as your daily driver but lockdown your Admin account with a password and you will be covered. Grea video.
@@FungusGenerator The built in Admin Account should immediately be password protected. That account should only be used for major administration of the computer. Such as adding printers and other devices. The standard user account should be used as your daily account as stated by Liron.
@@FungusGenerator make your own admin account. Disable the default admin account. I believe Windows now does this by default. It definitely helps to force you to type in a separate password for administrative privileges.
100% - but as a security professional, surely you aren't advocating for NOT doing a simple step that can help a user protect their pc? Everything in security is wrenching. Adding and not taking away.
@@klwthe3rd Great info, I have one account (admin) on my pc (and it's windows account to) and i'm the only one that uses it, if I create a local account, will all my already installed apps be ok? or do I need to set things up again? Can I change the Name of my Admin Account so I can create my local account with that name instead?
@@harag9 Great question. What I would do to make it easy is create ANOTHER account but make that new account the Admin account. Then, and only then, after that account was created, go back to the account that you use everyday(which is an Admin account) and change it to standard user status. That way you won't have to reload anything.
The thing about UAC -- if it pops up too frequently, less sophisticated users get into the habit of just clicking "OK" regardless of what it's asking. Striking a balance between proper warnings and just being annoying is tricky.
I really enjoy your episodes. I didn't even know half the things you point out. I'm getting a good education. You explain everything clearly and you're really patient. Thanks for the uploads! Mateo in Hamilton, Ontario
Love the video, a personal recommendation is also changing the UAC prompt to require a password, regardless who is logged in. I do this because programs can spoof the keyboard and type in 'shift' then 'enter' in turn clicking yes for you, then they are running with admin permissions. By requiring a password the program can't just click okay.
Brilliant as always,frantically making notes to carry out the instructions .Am looking very accomplished,only under your tuition.Keep them coming Liron.
Great video! Thank you for sharing these simple but essential tips for securing our Windows 10/11 computers. It's great to see experts like you sharing their knowledge and experience to help users like me stay safe and protected online. I appreciate the clear explanations and patience you show in your videos, and I always come away with valuable insights and actionable steps. Keep up the fantastic work!
I checked the system restore setting on one local machine and found it was turned on for the data drive but not the operating system drive. You might want to mention to viewers that the user needs to individually check each drive since system restore is drive dependent and just because it is turned on for one drive doesn't mean it is turned on for all drives on that computer.
10:20 fun fact if you mess up ur windows too much, it can't even restore from the restore point anymore and it says failed to restore, had this some times this shet lol
I usually enjoy your videos. . . But I am a bit leary of System Mechanic. It has been around for a while but . . . do we NEED it in this day and age? Otherwise, I always learn something from your videos. Cheers!
For over 20 yrs I've been trying to convince my clients to login to windows as a standard user. Nobody seems to care about security until it is too late. These days, you can't even play or install some games without Admin level privileges, it is a shame and a big mistake.
For Windows 11 restore point I get THREE CHOICES, what are the other two?: Protection Settings Available Drives Protection OS (C:) (System) On WINRETOOLS Off Image Off Configure restore settings, manage disk space, and delete restore points. Configure... Create a restore point right now for the drives that have system protection tumed on. Create...
A material showing how to prepare a computer for a computer service (repair) would be useful, so that the employees there do not have access to our data, e.g. creating a separate user account so that the service technician can use diagnostic tools, etc.
hmmm thats tough as the repair person would need full Admin access so they can make changes to fix the issues. But I have some ideas - thanks. I noted it down as a potential video
Why not create a new user that is an administrator account, login to that account and change the other administrator account that you have been using up until now to Standard user? That way all your apps are installed and your documents, downloads and pictures are still accessible?
The knowledge I get from your videos is priceless. Sorry In advance for saying this. I just hope it’s all legit ! Anyway I’m wondering if you can show all this stuff but using a MAC? I stopped buying a windows anything a long time ago. I may go back to one just because of your videos ! Thanks LIRON🙏👍
It's important to point out that if you choose the monthly option then your code only applies to the first month ... tricky bit of advertising there. You should also point out that I was required to uninstall Norton before I installed this. Luckily they are a legitimate company and they refunded my purchase. I love the idea but I'm really skeptical of granting an application access to my registry. I love what you are doing ... please keep it up! Thank you ...
the link is for the YEARLY option which is where you get the saving "System Mechanic Ultimate Defense 1-year" - I am not aware that they even have a monthly option?
@@LironSegev wow … no wonder you have so many subscribers … you’re not just a talking head but a real pro when it comes to communication!!! I love your stuff!
As always Liron, i learned something new... 👍 BUT about the DNS ? What if you are running VPN, which has its own DNS...? Please lecture me, thank you kindly... - Stay Blessed - - Peace - 🙏❤✌
You should consider showing how to do a DNS server change in both Windows10 and 11. In Windows 11 it looks substantially different from Windows 10 and there are a couple of extra clicks required to get to the place where you input your new DNS server IP address.
why? I discussed the issue, why you should change it, and then how to change it with step-by-step instruction and big red arrows. Can't make it any simpler.
Thanks, Liron. I have UAC set at max for both admin and secondary accounts. I generally only use my secondary account, and use admin PW via UAC prompt, and use admin account only when absolutely necessary. This is one of the best security practices.
UAC is one of those things i always TURN OFF, realizing its kind of a security risk, but still turning it off. There is no way to setup exclusions to this thing, and getting prompted every time i run cmd as admin is too much to bother, compared to a miniscule chance it may warn me on an actual malware messing things up.
I don't understand the reason for number 2. I am the only one using my pc and sometimes it requires admin priviliges. Could it be useful if there are multiple people using the same pc? About 10:42 how much should the disk usage be set to?
Sorry for this ultra-basic question lol, but if you're using a secondary user account, what can you no longer access? and if you do need admin privileges for something, how do you switch to the admin account? 🤔
not basic at all! When you have an Admin account you can make changes to the system. When you use the local standard account if something needs to make a change, it will prompt you for the password. So let's say you are installing a new app, you will just need to enter the Admin password. The usual stuff will just work.
Hey Liron, is it possible to clear browser cache for only specific sites, so that we don't have the time-wasting inconvenience of having to log back into the 100's of opened tabs in different browsers, every time we have to clear cache in order for other sites to actually work?
Chrome Settings > Privacy & Security, See all site data and permissions, delete the site. You can also open up the website and press ctrl F5 which forces the page to reload regardless of the cached content. This does NOT clear the cache, just gives a fresh copy of the webpage
Thank you. Are the browser security settings overriding the Windows network connections setting? If we can change to secure DNS in the browser, why would we ever need to edit the preferred DNS server in TCP/IPv4?
If you only do it in the browser, then everything else that uses the internet (email, updates etc.) will still use your default DNS. I like to do it at the Network level. Some people aren't comfortable making the change there, so you can just do it in the browser.
I made the changes that you advised, but there has been one problem -- I hope you can help me solve it. When I logged onto my Non-Admin account, and tried to go to online banking, Safepay did not open up to protect the exchange. I went to check my security software's settings, and discovered the Icon for my antivirus was not on my non-admin desktop either, so I couldn't use it. I had to log off and go online with my administrator account to check my banking. Is there a way to make my antivirus available for the non-admin account, or at least to force safepay to open up no matter who is using the computer? Thanks!
I see you promote System Mechanic but why won't it allow you to install it if you already have Norton on your system? Any way to bypass that somehow or does Norton do everything that SM does? Thanks.
i have an antivirus the first one i would like to activate... but i just dont feel safe changing my admininstator things plus the second idk.... i just dont feel safe
What if I get this setting is disabled on managed browsers when i go into Chromes security settings? How do i change the Use Secure DNS When it sis disabled ?
technically everything can be hacked - the odds of someone hacking Cloudflare or Google is pretty low as there are just so many DNS servers. I have no idea how your local ISP manages their DNS - is it just one person responsible or a team? it is a single DNS or multiple servers? Can one person be paid/ bribed to allow a hacker in or is it more complicated? I have no idea. But I would trust Cloudflare who'se single responsibility is securing internet data. Again - just my personal view.
When i press- change your account type in the control panel- it says- do you want to allow this app to make changes to your device. Do i press yes or no. Whatever i press,it says the same thing.
Hi Liron great video. Although at 9:18 time stamp when I try to turn on the "Use secure DNS" option in my Chrome browser the slider bar is grey out, and the line under "Use secure DNS" states "This setting is disabled on managed browsers" . How do I enable this option? Note this options is available and enable on Microsoft Edge
@@LironSegev Yes it works computer (laptop)... I travel quite a bit, but I am careful where I connect and use VPN that works provide. What is odd I'm able to set these DNS changes in Microsoft Edge but not on Chrome?
As a security professional it's important to note that alot of malware can run scripts that will easily bypass the UAC since more people do not put a password on the Admin account. It's nice to require certain key strokes but scripts can mimic that. What a script can't do is KNOW your account password. So it will be stopped dead right there. Us the normal account as your daily driver but lockdown your Admin account with a password and you will be covered. Grea video.
@@FungusGenerator The built in Admin Account should immediately be password protected. That account should only be used for major administration of the computer. Such as adding printers and other devices. The standard user account should be used as your daily account as stated by Liron.
@@FungusGenerator make your own admin account. Disable the default admin account. I believe Windows now does this by default. It definitely helps to force you to type in a separate password for administrative privileges.
100% - but as a security professional, surely you aren't advocating for NOT doing a simple step that can help a user protect their pc? Everything in security is wrenching. Adding and not taking away.
@@klwthe3rd Great info, I have one account (admin) on my pc (and it's windows account to) and i'm the only one that uses it, if I create a local account, will all my already installed apps be ok? or do I need to set things up again? Can I change the Name of my Admin Account so I can create my local account with that name instead?
@@harag9 Great question. What I would do to make it easy is create ANOTHER account but make that new account the Admin account. Then, and only then, after that account was created, go back to the account that you use everyday(which is an Admin account) and change it to standard user status. That way you won't have to reload anything.
The thing about UAC -- if it pops up too frequently, less sophisticated users get into the habit of just clicking "OK" regardless of what it's asking. Striking a balance between proper warnings and just being annoying is tricky.
true
I really enjoy your episodes. I didn't even know half the things you point out. I'm getting a good education. You explain everything clearly and you're really patient. Thanks for the uploads! Mateo in Hamilton, Ontario
happy to help!
Love the video, a personal recommendation is also changing the UAC prompt to require a password, regardless who is logged in. I do this because programs can spoof the keyboard and type in 'shift' then 'enter' in turn clicking yes for you, then they are running with admin permissions. By requiring a password the program can't just click okay.
How do you do that
How
You could mention about setting global secure dns in windows 11. For a little bit of extra security one could browse internet using a virtual machine
Am i ever glad i found this video i found a user account on my computer that i definitely know that i did NOT create! Now it's gone! Thank you Liron!
What was its name?
Brilliant as always,frantically making notes to carry out the instructions .Am looking very accomplished,only under your tuition.Keep them coming Liron.
So nice of you
Great video! Thank you for sharing these simple but essential tips for securing our Windows 10/11 computers. It's great to see experts like you sharing their knowledge and experience to help users like me stay safe and protected online. I appreciate the clear explanations and patience you show in your videos, and I always come away with valuable insights and actionable steps. Keep up the fantastic work!
Glad it was helpful! And thank you for hanging out here 👍
As always, great assistance. thank you VERY much, Liron. Appreciated.
My pleasure!
I checked the system restore setting on one local machine and found it was turned on for the data drive but not the operating system drive. You might want to mention to viewers that the user needs to individually check each drive since system restore is drive dependent and just because it is turned on for one drive doesn't mean it is turned on for all drives on that computer.
Very interesting but I wouldn't know how to check each drive, not being an IT professional. Perhaps Mr Segev would know?
Yea, SYSTEM RESTORE not turned on, on a 2 year old laptop! Thanks for showing how to get at and program this function.
thank you for defending our computer from sites and hackers its realy helpful to learn without knowledge
10:20 fun fact if you mess up ur windows too much, it can't even restore from the restore point anymore and it says failed to restore, had this some times this shet lol
I usually enjoy your videos. . . But I am a bit leary of System Mechanic. It has been around for a while but . . . do we NEED it in this day and age?
Otherwise, I always learn something from your videos.
Cheers!
Thank you very much for the explanation! Outstanding work !!!
You help everyone protection him / herself in a decent way !!
Glad it was helpful!
"Themselves" works.
@@philip6502 ... 😃😃😃😜
For over 20 yrs I've been trying to convince my clients to login to windows as a standard user. Nobody seems to care about security until it is too late. These days, you can't even play or install some games without Admin level privileges, it is a shame and a big mistake.
Agree
For Windows 11 restore point I get THREE CHOICES, what are the other two?:
Protection Settings
Available Drives Protection
OS (C:) (System) On
WINRETOOLS Off
Image Off
Configure restore settings, manage disk space, and delete restore points.
Configure...
Create a restore point right now for the drives that have system protection tumed on. Create...
A material showing how to prepare a computer for a computer service (repair) would be useful, so that the employees there do not have access to our data, e.g. creating a separate user account so that the service technician can use diagnostic tools, etc.
hmmm thats tough as the repair person would need full Admin access so they can make changes to fix the issues. But I have some ideas - thanks. I noted it down as a potential video
@@LironSegev Thank you for your answer. Such material will certainly be useful. I will look forward to it in the future. Thanks for what you do.
YOU ARE PRICELESS!!
Thank You!!! ♡
Thi9s man's a life saver.
happy to help! thanks for watching!
תודה לירון על הטיפים האלה, לא ידעתי על חצי מהם בעבר
no problem!!
Some i knew but i learn a lot, been lazy about his for almost 10y, time to catch up, Thx Liron you are a gold mine!
Glad to help
Keep them coming Liron
Let's change it right now
Why not create a new user that is an administrator account, login to that account and change the other administrator account that you have been using up until now to Standard user? That way all your apps are installed and your documents, downloads and pictures are still accessible?
BIG thanks for this important info. My PC is updated.
You're welcome!
Buying a new computer. These tips will help me enormously!
awesome!
This was very helpful and I feel like I've made my computer much more secure. Thank you
Glad it helped!
Professor Segev for the win!
You can use Group Policy to change UAC settings so you don't need to create a new account as user.
only if you have Win Pro as Group Policy doesn't come with Home :)
@@LironSegev i know there i a workaround on windows 10 home does windows 11 home not have this work around yet?
I love your vids ,doing all the hard work to make it easier for me, much appreciated. Thanks
I usually disable all windows security stuff as I only use my PC for gaming . Less hurdles for pc to run smoothly. Use AtlasOS implementation.
Love ya for these.
Interestingly I had them all as you told us to change to.
Feel safe!
Excellent!
I was wondering if changing ip protocol from ip4 to ip6 gives a better security?
The knowledge I get from your videos is priceless. Sorry In advance for saying this. I just hope it’s all legit ! Anyway I’m wondering if you can show all this stuff but using a MAC? I stopped buying a windows anything a long time ago. I may go back to one just because of your videos ! Thanks LIRON🙏👍
sorry Joseph, but I don't have any apple products
No worries brother.
The dimming feature has a tendency to hang some systems for an extended time. I usually lower it to the setting below that.
Hi Liron I took your advice and changed my settings. But how do I undo these settings from this video. Help!
Great tips Thanks ❤
Thanks for watching!
Super helpful thank you bro.....
Changing DNS things won't affect my 'private' use of Private Internet Access?
Shouldn't as all that should be going via your VPN
WHEW TMI. gotta rewatch this one.
haha - glad I kept it to only 5
again thanks..... as it is said done and done!!!
Epic 🎉
Thanks a lot brother!
Fantastic, Liron. 👍👍
Many thanks
Thank you
Great job of simplifying the bare necessities 🤔 Thanks 💖 🇨🇦
You are so welcome!
Thank you.
Which DNS is better the Google or cloud thanks for the video really appreciate it
try both - see which one seems "faster" for you. In some countries Google is a lot slower to resolve websites names and visa versa.
Ok thanks
All your videos are great, but this one was very useful.
Glad to hear that!
Good video.
Glad you enjoyed it
as usual, most useful things from you, thousand thanks for them!
So nice of you
Very useful and education. Thank you
You are welcome
It's important to point out that if you choose the monthly option then your code only applies to the first month ... tricky bit of advertising there. You should also point out that I was required to uninstall Norton before I installed this. Luckily they are a legitimate company and they refunded my purchase. I love the idea but I'm really skeptical of granting an application access to my registry. I love what you are doing ... please keep it up! Thank you ...
the link is for the YEARLY option which is where you get the saving "System Mechanic Ultimate Defense 1-year" - I am not aware that they even have a monthly option?
@@LironSegev wow … no wonder you have so many subscribers … you’re not just a talking head but a real pro when it comes to communication!!! I love your stuff!
Pup. You do not need this
I have just gotten one step closer to being the smartest man on Earth,Thanks for the video
😂
Sorry. Second fastest... behind Liron. Cheers from Aotearoa New Zealand.
Very useful video. A lot of this stuff I had no idea about.
Glad to hear it!
I set the DNS in the router. I use cloudflare. That covers all the browsers
Yup
Thank you!
You're welcome!
Do you need to do dns changes in your Internet adapter if you all ready made changes in your Internet explorer browser like Microsoft edge?
As always Liron, i learned something new... 👍
BUT
about the DNS ?
What if you are running VPN, which has its own DNS...?
Please lecture me, thank you kindly...
- Stay Blessed -
- Peace -
🙏❤✌
If you use a VPN, I am not sure how much of an impact these DNS will have.
@@LironSegev So don't set DNS to Google or Cloud, keep it private, or automatic, also on phone, is that about right sir...?
A VPN will (or should) take care of that for you.
Around 3:51 NICE!
👍👍👍Thank you
Very good information, thank you.
So nice of you
Always practical tips. Thanks for your videos. Can you make a video on BING with ChatGPT ?
I am waiting for this "AI" stuff to mature a bit. Its all over the place now and causing a lot of confusion.
You should consider showing how to do a DNS server change in both Windows10 and 11. In Windows 11 it looks substantially different from Windows 10 and there are a couple of extra clicks required to get to the place where you input your new DNS server IP address.
The part he is showing is identical
For many normal users, this is over the top.
why? I discussed the issue, why you should change it, and then how to change it with step-by-step instruction and big red arrows. Can't make it any simpler.
Thanks Boss
No problem
1:42 yes but some people will just click on yes instead of first reading the message....
What do you do on a mac?
so good advice i sent to my parents
Protect the parents at all costs!!!
good info 👍
Thanks 👍
Thanks, Liron. I have UAC set at max for both admin and secondary accounts. I generally only use my secondary account, and use admin PW via UAC prompt, and use admin account only when absolutely necessary. This is one of the best security practices.
100%
The changes with DNS , how does that work when using a VPN
Dont change DNS server for IPV6?
You can also set the dns on the router level
true - that is ideal just not as convenient but def better since it impacts every device!
Can you do a similar video, but for Mac computers?
Sorry my I have no Mac products
Thanks so much for theses
Appreciate you being here 🔥
How about for Mac?
Is there an OSX version of this type of video?
Is there a similar action for Mac users?
Unfortunately I don't use a Mac
Thanks!
Welcome!
Can't change dns on windows 11? I don't see ipv4 at all on mine but I am using a wireless connection.
UAC is one of those things i always TURN OFF, realizing its kind of a security risk, but still turning it off. There is no way to setup exclusions to this thing, and getting prompted every time i run cmd as admin is too much to bother, compared to a miniscule chance it may warn me on an actual malware messing things up.
I don't understand the reason for number 2. I am the only one using my pc and sometimes it requires admin priviliges. Could it be useful if there are multiple people using the same pc? About 10:42 how much should the disk usage be set to?
Thanks
No problem
Sorry for this ultra-basic question lol, but if you're using a secondary user account, what can you no longer access? and if you do need admin privileges for something, how do you switch to the admin account? 🤔
not basic at all! When you have an Admin account you can make changes to the system. When you use the local standard account if something needs to make a change, it will prompt you for the password. So let's say you are installing a new app, you will just need to enter the Admin password. The usual stuff will just work.
@@LironSegev Ah, I get it. Thank you for the info, I really appreciate it! 🙂
8:40 you can setup a DNS for your entire network by going into your routers settings.
yup - I just like the convenience of being able to quickly change should one DNS be slower than another. But 100% you can do that
Hey Liron, is it possible to clear browser cache for only specific sites, so that we don't have the time-wasting inconvenience of having to log back into the 100's of opened tabs in different browsers, every time we have to clear cache in order for other sites to actually work?
Chrome Settings > Privacy & Security, See all site data and permissions, delete the site.
You can also open up the website and press ctrl F5 which forces the page to reload regardless of the cached content. This does NOT clear the cache, just gives a fresh copy of the webpage
@@LironSegev Thanks..
Thank you. Are the browser security settings overriding the Windows network connections setting? If we can change to secure DNS in the browser, why would we ever need to edit the preferred DNS server in TCP/IPv4?
If you only do it in the browser, then everything else that uses the internet (email, updates etc.) will still use your default DNS. I like to do it at the Network level. Some people aren't comfortable making the change there, so you can just do it in the browser.
I made the changes that you advised, but there has been one problem -- I hope you can help me solve it. When I logged onto my Non-Admin account, and tried to go to online banking, Safepay did not open up to protect the exchange. I went to check my security software's settings, and discovered the Icon for my antivirus was not on my non-admin desktop either, so I couldn't use it. I had to log off and go online with my administrator account to check my banking. Is there a way to make my antivirus available for the non-admin account, or at least to force safepay to open up no matter who is using the computer? Thanks!
Already had my DNS set to Cloudflare
awesome!
I see you promote System Mechanic but why won't it allow you to install it if you already have Norton on your system? Any way to bypass that somehow or does Norton do everything that SM does? Thanks.
Sorry but no idea. But reach out to them and see what they say.
i have an antivirus the first one i would like to activate... but i just dont feel safe changing my admininstator things plus the second idk.... i just dont feel safe
i mean i have norton (i think its also called life lock)
Awesome 👍
Thanks for the message
I have a "guest" account on my PC that I can't get rid of, is that something I should worry about, and if it is, how can I get rid of it?
What if I get this setting is disabled on managed browsers when i go into Chromes security settings? How do i change the Use Secure DNS When it sis disabled ?
My only concern is those other DNS servers can also be hacked. Is it more likely that the ISPs server is hacked?
technically everything can be hacked - the odds of someone hacking Cloudflare or Google is pretty low as there are just so many DNS servers. I have no idea how your local ISP manages their DNS - is it just one person responsible or a team? it is a single DNS or multiple servers? Can one person be paid/ bribed to allow a hacker in or is it more complicated? I have no idea. But I would trust Cloudflare who'se single responsibility is securing internet data. Again - just my personal view.
@@LironSegev thank you for your quick and great response. I'm not a security expert so this helps a lot.
in the system restore point configure menu the "turn on system protection" button is grayed out, can anyone help?
if I use VPN I have to do the DNS thing too?
When i press- change your account type in the control panel- it says- do you want to allow this app to make changes to your device. Do i press yes or no. Whatever i press,it says the same thing.
Hi Liron great video. Although at 9:18 time stamp when I try to turn on the "Use secure DNS" option in my Chrome browser the slider bar is grey out, and the line under "Use secure DNS" states "This setting is disabled on managed browsers" . How do I enable this option? Note this options is available and enable on Microsoft Edge
hmmm are you using a computer that is managed by your company's IT department?
@@LironSegev Yes it works computer (laptop)... I travel quite a bit, but I am careful where I connect and use VPN that works provide. What is odd I'm able to set these DNS changes in Microsoft Edge but not on Chrome?