All operating systems and software eventually get their vulnerabilities exposed by unforeseen bugs in code.
Having a multi-layered approach to these things is the answer.
1. Don't visit sites that are questionable. DON'T PIRATE, go get a job and purchase the software you need, or you may find yourself facing blackbeard. (having a good firewall/anti-virus/malware protector helps here)
2. Use https everywhere. Lots of malicious sites don't use https because its harder to implement, and browsers refuse to view the site when the certificate is not signed properly / doesn't exist. Many web site servers require extra $$ to serve https (even on win10, works with firefox,
https://www.eff.org/https-everywhere )
3. Use a firewall and don't let it AUTO decide what software to allow on the net, manually choose what programs you allow. (windows firewall is NOT good enough)
4. Unplug / Disable your internet connection when its not needed. (VERY important, no one NEEDS 24/7 internet)
5. WPA2 was cracked long ago, and most hardware routers and hardware makers cannot / will not update it. (see #4 for a real world solution to this, win10 will not protect you)
https://www.zdnet.com/article/new-wi-fi-attack-cracks-wpawpa2-passwords-with-ease/
6. Turn on security features of browsers like firefox... (block third party content, trackers, third party cookies, turn on the do not track signal)
7. Use encrypted and anonymous search engines to help prevent metadata scraping and expoitation from organizations LIKE GOOGLE. (they can't protect their own browser, what makes you think they can protect their own metadata?)
https://www.startpage.com/en/search/download-startpage-plugin.html
8. Stop using the internet for everything you do, GO to the bank, GO to the store, GO outside (novel concept, i know, or dare i say, turn it all off and read a book)
9. I will stress this again, DISABLE the internet connection by disabling the wireless/ethernet device when not in use/needed.
10. Staying protected with the latest OS offered isn't always going to protect you, sometimes the new stuff has more vulnerabilities that are yet to be discovered. YOU decide.
11. BACK UP EVERYTHING ONTO A EXTERNAL DRIVE THAT YOU
DISCONNECT ONCE YOU MADE YOUR BACKUP.
12. ALWAYS use different passwords for every single site you login to. Change them regularly.
13. Using a browser that saves your passwords is a win/loose scenario. You can win using this because if you use a master password to protect the password list, you do not enter your passwords so keyloggers cannot scrape your password, just your master password, which should be unique also. If a hack gets access to your master password list this can be the loose scenario, but the master password might protect it, hacks would need a way to both steal the master password files, and your master password. Keyloggers that also steal your encrypted master password files are hard to implement (see #3 and #9) Keyloggers are easier to implement. This scenario is a win/loose in both situations.
14. Use a separate computer/laptop to do sensitive things like your banking, and do not use it for anything else, turn it off once done, install very minimal software onto it.
15. Firefox lets you turn off plugins / addons, keep them off when you don't need them. (your plugins should be set to ASK TO ACTIVATE) Then don't allow sites to activate FLASH and other plugins, unless you want to see them.
16. Firefox addons exist that let you selectively turn off scripting / javascript on all sites except those that you choose. (html5 script blocking in firefox addon, for example, install this addon, and visit youtube, and watch it NOT WORK, unless you allow the site to run html5 script)
17. Use a raspberrypi connected to a TV and any usb mouse/keyboard to view websites / youtube / streaming media video / audio. Part benefit here is they are linux, and slow, harder to have malicious code run due to their unique and slow hardware (wow, one time when slow hardware might help you). They are cheap and you can have a few for different tasks.
https://www.amazon.com/CanaKit-Raspberry-Starter-Premium-Black/dp/B07BCC8PK7?ref_=bl_dp_s_web_3020163011
18.
DO NOT USE ONLINE EMAIL. Use a
offline email program like
THUNDERBIRD. This can be setup to work with gmail. Set up your client to use POP so you can tell gmail to delete the online copy once downloaded to your pc.
https://www.lifewire.com/gmail-access-thunderbird-1173150
Have it download all the email and then DELETE the email on the gmail google servers.
https://superuser.com/questions/116...nt-delete-gmail-emails-after-downloading-them
This makes it so even if your
online email is hacked, no hacker can see
all your old emails that
SHOW ALL YOUR LOGIN SITES AND ACTIVITY!!!!
19. Always keep your firefox and thunderbird updated by clicking the
Help option on the top menu bar, and choose
About Firefox or
About Thunderbird.
Never update either using ANY OTHER METHOD. (
NEVER UPDATE either with a downloaded file, this is a known method hackers use constantly.)
Always use the Help / About page for updating. Or on your options menu its the same, choose the menu, choose help, choose about at the bottom. If an update is available, a button to update will show in the spot where it says that you are up to date.