ARTICLES
Rules for Safe Computing on the Internet
How to Secure Your Windows Computer
Tweaks! Tweaks! And More Tweaks!
Your Links to the World of Computers
So You “Wannabe” a Computer Tech?
HOW TO SECURE YOUR WINDOWS COMPUTER
(A BASIC STEP-BY-STEP GUIDE)
Last Updated: 10-30-16
LINUX & MACS – Hey, this step-by-step is for Windows based computers! You will have to go elsewhere for Linux help. But, you can still apply some of the steps listed below.
WINDOWS 98 – Forget it! You can’t really secure a Windows 98 computer! Basically there is no real system security for any pre-Windows 2000/XP system. The solution? Upgrade your system to Windows 2000/XP. (Okay, if you really must use a Windows 98 machine, some of the steps listed below will still be helpful, but don’t say I didn’t warn you about Windows 98’s basic failure when it comes to system security.)
WINDOWS 2000/XP – These are the only Windows systems that can be considered viable from a security point of view. BUT, they are now considered obsolete. (What this really means is that they are no longer going to be updated anymore, so security problems will no longer be fixed.) So you really need to upgrade to ...
WINDOWS 7/8/10 Windows has finally come into its own when it comes to security! Take the following steps to make your computer as secure as possible:
BEFORE YOU CONNECT TO THE INTERNET ...
WARNING: Gone are the days when you could just turn your computer on and give little, if any thought to security. Windows 98 lulled us into a state of computer complacency. Microsoft initially designed Windows “dumbed-down” so anyone could use it. Now, more than ever, you must be an informed computer user! Now, more than ever, you need to realize that if you are going to connect to the Internet (especially with a cable or DSL modem), you are connecting to a very dangerous place. Your system will be vulnerable and it is only a matter of time until it is compromised ... that is, unless you take the following basic steps:
● Do not use Windows 3.11, Windows 95, Windows 98, Windows ME or any single-user system! Rather, use a multi-user operating system like Windows 2000, XP, 7/8/10 or Linux that forces you to create an administrator (or root) account and other user accounts. (Now let's get real! The only viable computer to use now is Windows 7/8/10. While you still can use Windows 2000 or XP they are no longer being supported and cannot be updated. And Microsoft is “forcing” us to all embrace Windows 10. So, get used to it!) Then use a non-administrator account for daily work. Why? Because if you are always logged in as an administrator (or root) you have full privileges and rights! What is wrong with that? Well, nothing, except if a virus, worm, Trojan, or hacker attacks your system when the current account is in administrator (or root) mode, that virus, worm, Trojan, or hacker may “inherit” all the rights and privileges of the administrator (or root) account. When you are logged on as an administrator (or root) you can do virtually anything on your system and if a virus, worm, Trojan, or hacker is “logged” on as an administrator (or root) it/they can do virtually anything too. So, for daily work use an account that does not have full rights and privileges over the system.
● Install a hardware router that uses, at the very least, Network Address Translation for Internet sharing networks. Even if your computer is the only computer on the “network,” use a router that has some form of firewall protection. (Yes, you can get by without a hardware firewall router if all you have is a single machine that uses a dial-up account to connect to the Internet. But, you must use a software firewall!)
● Install and properly configure a software firewall like ZoneAlarm. You need both a hardware and a software firewall – especially if you have a broadband (DSL or cable modem). At the very least turn on Windows Firewall. Make sure you have your firewall running before you connect to the Internet! Never connect your computer directly to the Internet without a router/firewall between you and the Net!
● Make sure that you are using TCP/IP as your only network protocol. Do not use NetBIOS (or any other protocol) if at all possible. The fact is, as we move into Windows 10's world we are finally using a very mature version of Windows Networking, and Windows 10 is much more secure than any previous version of Windows.
● Install and properly configure an antivirus package. Make sure you do any updates after you connect to the Internet. (If you must, you can get away with using Microsoft Security Essentials or Windows Defender.)
● Install and properly configure anti-spyware packages like Malwarebytes, AdAware or SpyBot. Make sure you do any updates after you connect to the Internet.
AFTER YOU CONNECT TO THE INTERNET ...
● Do all system and security Critical Windows Updates! And make sure that they are done regularly or turn on the Automatic Update feature in Windows.
● Do all program and driver updates, especially for your motherboard chipset, your video card and your sound card. Use the latest stable drivers for all of your hardware and software products.
● Be sure and also update all Microsoft Office products. Turn off scripting if possible and turn on macro virus protection in any Office product.
● Update your antivirus and anti-spyware software and keep them updated. Make sure that their automatic update features are also enabled.
● Turn off all unnecessary system services and processes. Make sure that you have turned off Universal Plug and Play, DCOM, and Messenger at the very least! Learn what these and other services are and disable the ones you don’t need. Many of them present serious security problems. (Once again, Windows 10 is better at handling most things – including system resources – than previous versions of Windows.)
● Uninstall or disable all Remote Assistance or Control features for your computer. This would include disabling or uninstalling any program like Telnet or any other terminal program.
● Uninstall all unnecessary programs, especially those that automatically start on system boot-up. Do not use any Instant Messaging (IM) or File Sharing (P2P) programs under any circumstances, period! Do not download and install any program without reading all documentation and make sure that you understand their privacy policies. Read the license and terms of use before you install any program. Be very wary of any program that also installs other programs! (Sometimes a shareware or freeware program is free because it installs adware or spyware or worse!) Go into the options and settings of all installed programs and make sure that unnecessary features are turned off, especially those that load at system start-up or stay in memory.
● Use Microsoft’s Baseline Security Analyzer. If something fails, figure it out and fix it.
● Use Steve Gibson’s “Shield’s Up” online scan to test the vulnerability of your system. Make sure you pass with “Stealth” results. If you don’t, fix it before you go any further. There are also several other web sites that offer security checks and online scans of your system, use them!
● Turn off or block all unused ports at your firewall, especially the most commonly compromised ports.
● Make sure that your system is password protected and that there are no unsecured accounts. Disable the Guest account. Rename the default administrator account and password protect it. Learn to use “strong” (i.e., difficult to guess or crack) passwords and change them every six months.
● Use NTFS (or later file systems) on all your hard drives. Turn off file sharing or at the very least password protect each share. Never share entire drives, especially the root and system directories. Unhide the “hide file extensions” option in Windows Explorer. Disable VB scripting.
● If at all possible do not use Internet Explorer or Outlook/Outlook Express for your Internet browsing and email services. Use Firefox or another product! If you must use Microsoft products for Internet browsing and email, go into their options and security settings and choose more restrictive settings. At the very least make sure the security settings are at medium to medium-high. Make sure that privacy settings are also very high. Do the same for your email programs.
● Be aware of the dangers of ActiveX, Java and scripting features used in Internet browsers. Use the highest security settings for these features as possible.
● Be smart when it comes to surfing the Net. Don’t go where angels fear to tread. Don’t click on any web ads ever. Don’t answer spam. Don’t open any email attachments. Don’t click on any links in spam emails. Don’t give out personal information on the Web to anyone. Don’t be stupid!
● Lock down your system when it is not in use. This means using ZoneAlarm’s “Stop all Internet activity” feature when you are away from your computer. Do not leave your Internet connection open for long periods of time. Shut down your system or unplug all network connections when your system is not in use.
● Do not assume for one minute that the Internet is a safe place and do not for a moment think that email is secure. If you are really concerned about safety and privacy issues, use anonymous browsers and encrypted email accounts.
● If you are running a Windows machine you must go to the Microsoft Security web site for the very latest information regarding all critical updates and security incidents! This page gives vital information on how you can secure your system from Internet threats. With Windows 10 most security features are built in to the operating system.
● If you are going to do wireless, you must know what you are doing! Wireless comes with all security measures turned off by default. Change the SSID and disable broadcasting. Use MAC address filtering. Turn on encryption and use the highest form of encryption your wireless system will allow. WEP is no longer considered secure, but it’s better than nothing. WPA is much better. But, if you really need security, use a VPN. (If you don’t know what all this means, you need to learn more about it!).
By now you may be asking, “But how do I do all of this?” Good question! If you need to know specifics as to how to implement some or all of these security feature you can either go to my more advanced “Security Recommendations ” page, or turn to “Your Links to the World of Computers” to find security sites that specifically go into every step (and more) mentioned here. This step-by-step guide is intended as an introduction to basic computer security for single systems or small (SOHO) networks. It is not exhaustive by any means and it does not cover the complexities of medium to large computer networks. One last thing, the indiscriminate application of any and all of these security recommendations may result in your system or some program on your system failing to function properly. It is up to you, the user, to become fully informed and knowledgeable. Take responsibility for your own computer system(s) and network. Make sure that you know what you are doing before you implement any changes. Be smart!
Copyright © 2003-2016
Randar
A+/Network+/Server+/INet+/Linux+ CompTIA Certified Technician
Back to Randar’s Tech Page . . .