I have a steam game and Asians device drivers installed. Both are run from outside the country, require administrator access / permission, and auto-update, and run in the background permiscuously (you never know when they may be running and some cannot be closed).

I want to buy and sell on Amazon without worries that Steam or Asians will be extorting or fishing me or my bank by breaking and entering my home computer.

My second worry is Win10 (apple too) has like 100 processes running. I want to know what applications can "connect" to these 100 (ie, like rpc or cortana) and what can access to (ie, edge web browser) can be achieved. For example, can an Asian driver install a TCP sniffer (noting they completely control "update" my ethernet driver anyway) that can sniff into frame delivery to or from Edge web browser?

---------------------------

If you are going to say check settings or disable cortana or use chrome (full of Asian hacks btw) please don't answer: I know you know zero about security if that's all you know.

I'm only asking the question on the chance someone actually took a course on security and knows what my ps(1) list should look like and any special boot instructions: if there are any, if there are any, so I can feel safe I will not be prosecuted by my bank for allowing a 3rd party access to their system.

Microsoft Windows 10 official answer is "contact your bank for software you need to be secure for online shopping"

I have no idea if people are using Amazon for web purchases and what legally may happen to them. I'm NEW TO THE TOPIC.


I'm only asking the question who knows computer security and can answer for sure "if Windows 10 is as secure as Apple High Sierra" when it comes to online shoping on Amazon. If Win10 can become as secure and what to do.


thank you

(PS. I realize it's not a Linux question and it pains me. however I feel if anyone knows what i'm talking about (ie, DLL, memory reads, sniffing) and knows a reasonable answer - chances are they may be here on lq

(the computer(s) I trust are under repair. I have a windows pc I made for gaming only, at the moment)

AFAIK, https means all transmissions between the client PC and the website are encrypted and therefore secure. I don't believe the OS has much to do with it, if anything.

As long as the browser shows that the connection is secure, you should be good to go. ('tho I'd probably not use the Edge or MS Explorer browsers, but that's just a personal preference, more about the UI than the security).
Yes, you need to be sure the site you're connecting to is properly secured. I believe most browsers will tell you if that's not the case, by default. Certainly Firefox does. (see the green locked padlock in the address bar here? Secure!)

I don't know what all this is about.

If you want to "feel safe" buy a teddy bear.
If Microsoft told me something like that, I'd listen.

"Asians" can do whatever administrators can do on a Windows10 host. Promiscuously speaking, is there a "crack" or something like that
in these "drivers"?

I would virtualize a new instance of Win10 dedicated solely to this subject.
This will require a valid Product key from MS. Possibly a newly purchased one.
Log everything.
Logging secured connections is both easy and documented.

I'd isolate the suggested "banking software" into a Virtual host using whatever works for you in that area.
Virtualbox and the transactions should be strictly over https:
2FA
Take out a new line of debit/ credit. (new card, no history)
Create a secondary email (alter-ego) Anytime you see "it" you'll know that is "your Amazon thing"

"You may not incorporate any portion of the Amazon Software into other programs or compile any portion of it in combination with other programs, or otherwise reproduce, duplicate, copy (except to exercise rights granted in this section), modify, exploit, create derivative works of, distribute, sell, resell, assign any rights to, or license the Amazon Software in whole or in part (including any features of Amazon Business)." says 14.1. Use of the Amazon Software..
So I can "guess/estimate" that a registered an Amazon Business Account may have more protections than John Q. Public "doing a non-business transaction.".
Aren't sellers required to have "Business Accounts" otherwise, it would be a circus, or craigslist?
Nope says "sell as a Professional" or "sell as an individual"
Business, Professional, or Individual account?

APP PERMISSIONS states
"When you use apps created by Amazon, such as the Amazon App or Kindle App, you may grant certain permissions to us for your device. Most mobile devices provide you with information about these permissions. To learn more about these permissions, click here"
There's an app for that. And I'd be looking at a a new iPhone if this were me. Amazon app and Apple should be a win-win-win situation.

Oddly the sole Amazon link I could find for Protect Your System suggestions are rather "pedestrian".

I'm sure that if you follow their prescribed methods, you can stay safe online and still conduct business w\Amazon.
Couple of phrases to consider when weighing what you may hear, read, or be told.
"Recommended", "Best Practice" and "Suggested."

Good Luck.
John out.

Uhm, yes, Mr. security genius. People are using Amazon. For purchases. Over the web.

As for that program that updates your "ethernet device driver" that you're worried may be installing backdoors? Uninstall it. You don't need it.

In fact the OS implements SSL/TLS via a system SSL library.
Just not an "Asian" teddy bear...

They don't need to be actually in your computer to sniff the packets going to and from your computer, genius. They just need to be on the same network.

A backdoor hack would be a lot more invasive.

That made me chuckle

Anyway, to help answer the OP question, I've purchased many stuff on Amazon from Windows 10 without any issues whatsoever. I guess you just need a bit of common sense and not have crapware installed on your computer. I just have an AV software, Windows' own firewall and I'm behind a router with the security settings reasonably hardened. I'm not a security or an IT expert, but I guess it must suffice in most cases. (Assuming you're in your own network).