Computer and Data Security Guide for Windows
Last Updated: August 1, 2011
Securing a computer system is an important task that every computer user needs to perform. Since we store valuable information on our computers, the need to keep them protected and secure has become crucial. If a computer is not secured, it is vulnerable to hackers, malware, and malicious attacks. Securing a computer is not difficult once you know what to do.
This guide provides information on how you can protect and secure your computer and the data stored on it. It lists steps you can take to reduce your security risks.
Windows and Software Updates
Microsoft periodically releases security updates for Windows. It is important that you install these updates regularly because they will defend your computer against current attacks. Make sure that you turn on Automatic Updates to automatically receive all Windows updates. By keeping Windows updated, you greatly reduce your security risks. Note that some updates may not be applied until a reboot occurs.
This also applies to software installed on your computer. Using outdated software is risky because of vulnerabilities. A critical vulnerability makes it possible for any user to make changes to the system and acquire more rights, so that malicious software can install completely without your knowledge. How do I update my software?
Additionally, only install software that you need. If you installed software that you no longer use or want, uninstall it. An overloaded system increases not only the attack vector, but also inflates the system unnecessarily. When you install software, always choose a custom install, so that you can prevent unnecessary components and spyware from being installed.
Windows Setup and Settings
There are a number of ways to make Windows safer and more secure. Here are a few changes that can dramatically improve the security of your PC.
1. Use a limited account instead of an administrator account. How do I change my account type?
In the administrator account, the user has all rights to change the operating system, and malware can install itself on the computer. A limited account offers additional security because malware has just as many rights as the user (limited).
2. Disable file sharing on your system. File sharing may allow malicious attackers to read or write files from your shared folders. How do I disable file sharing?
3. Disable the Guest account. How do I disable the Guest account?
4. Set a BIOS password to prevent alterations to the system. How do I access BIOS settings?
5. Disable the Autorun feature. This will protect your computer from autorun malware. How can I disable the Autorun feature?
6. Disable unnecessary services. By disabling the services that you do not need, you will reduce potential security risks and improve system performance. Which services can I disable?
Firewalls monitor and control traffic between your computer and the internet, and they help block out hackers and worms that try to reach your computer. The firewall is your first line of defense in protecting your computer and the data stored on it.
There are two main types of firewalls:
Hardware Firewall: This type of firewall is built into routers and should be considered an important part of your security setup. Hardware firewalls can be effective with little or no configuration, and they can protect every computer on a local network. If you have a router, you most likely have a firewall.
Personal/Software Firewall: This type of firewall is installed on your computer and allows you to control outgoing traffic. If an unknown program tries to make a connection, the software firewall will alert you, give you the name of the program, and ask if you want to block it from the Internet. Software firewalls are usually inexpensive, free, or come built into the operating system. When choosing a software firewall, you need to be careful to pick the type that meets your needs.
Note: Do not install more than one software firewall on the each computer, for they can conflict with each other and prevent each other from working.
You should use a different web browser to Internet Explorer. Google Chrome is a highly recommended web browser. It is comfortable, fast, and above all, safe. Chrome is the only browser that uses sandboxing, which helps prevent malware from installing itself on your computer. It also uses technologies such as Safe Browsing and auto-updates to help protect you against malicious attacks. If you prefer to use Internet Explorer, make sure you have the latest version, and tighten the browser settings. This will reduce the risk of exploits through IE.
Antivirus software is used to prevent and detect malicious software. It uses an on-access scanner that is active in the background and scans all files, programs, memory, and possibly web traffic. Antivirus software is necessary to protect your computer system. If you do not have antivirus software installed, get it immediately. Avast! and Microsoft Security Essentials are two highly recommended antivirus programs. Make sure you keep your antivirus up to date because an outdated antivirus is useless.
Note: Running two or more antivirus programs on each computer is likely to cause a conflict, which could result in crashes,
error messages, or slow computer performance.
Some malicious software will disable or corrupt your antivirus program. In such cases, you will need to use an on-demand scanner. On-demand scanners are used to detect and remove malicious software. They only run when you tell them to, and they do not conflict with your antivirus program.
Malwarebytes and HitmanPro are two highly recommended on-demand scanners. They do an excellent job at detecting threats and completely removing them.
You can use a Host Intrusion Prevention System (HIPS) to achieve further protection. Unlike an antivirus, a HIPS does not need continuous updates to stay ahead of new malware, thus, it protects you against known and unknown malicious attacks. A HIPS is designed to prevent changes made to your PC by unauthorized sources. It alerts the user, via security popup alerts to malware that may be trying to run on the computer. It asks the user whether any change should be authorized. A HIPS is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Best Free HIPS
One of the worst types of malicious software are rootkits. Rootkits are difficult to detect because they are designed to hide themselves from Windows and antivirus software. To find and remove rootkits, you need to use an anti-rootkit tool.
Strong passwords are an important part of computer security. Using a strong password makes it more difficult for an attacker to gain access to your computer or data. Passwords should be at least eight characters long and contain uppercase letters, lowercase letters, numbers, and symbols (!,@, #, &, %, *). Never use words that can be found in a dictionary. Try to make it as random as possible. Each password should be unique and unrelated to any of your other passwords. You should never write down your password or share it with others. Remember, security is only as strong as its weakest link.
When using email, abide by the following rules:
Gmail is a highly recommended email service. It encrypts all of your mail, blocks executables, and scans attachments for viruses.
Backup and System Restore
It is imperative that you back up your important data regularly. If someone erases all your data or if a virus attacks your computer, you may be forced to reformat and start over. Hardware failures and registry problems are also causes of data loss. A recent backup may be the only way to recover your data. How do I back up my data?
System Restore is a component in Windows that restores your computer's system files to an earlier point in time. You can use it to undo changes if problems occur. System Restore FAQ
If you are not using your own computer, then you cannot possibly know how the computer is maintained, if the software is up to date, or if steps have been taken to ensure the computer is secure. Malicious software may be running on the computer, and you have no idea who may be watching your internet traffic. Additionally, a keylogger could be recording everything you type. In this situation, your password and other information could be stolen even if you are sending them via a secure (https) web session.
Overall, use common sense when using public computers, and be aware of the security risks involved.
Wireless Networks (Wi-Fi)
Home wireless networks are extremely convenient to use; however, an insecure wireless network opens up several security risks:
The manuals that came with your wireless router should provide detailed information on how to secure your home wireless network.
Public wireless networks (Hotspots) are places such as coffee shops, restaurants, libraries, airports, hotels, and other public places that provide open wireless internet.
Because public wireless connections are usually insecure, you need to be careful what you do online. There is always the chance that another user on the network could be monitoring your activity. Avoid the following activities when using Wi-Fi hotspots:
Also, make sure to only login to known hotspots using a secure (https) connection. HTTPS connections encrypt your data so that it is nearly impossible to eavesdrop. Your browser will usually show a lock icon in your address bar when you connect to a secure connection.
Software and Websites to Avoid
The following is a list of software and websites that are frequently used by hackers to spread malicious software.
If you put the advice in this guide into practice, your computer should be secure. Keep in mind that even with the best security programs installed, your computer can still get infected, if you are not careful. The best security measure is using common sense. As malicious software gets more sophisticated, you need to be more cautious.