Checklist for Microsoft Windows computer security:
To have a secure (MS Windows) computer you need at least the following:
- Windows XP or Vista
- A Firewall (software or hardware, preferably both)
- Virus protection software
- Spyware/Malware detection software
All four of these security components need constant attention in the form of keeping
them up to date, or they need to be configured to automatically update themselves.
If you don't update automatically then you should check them manually on at least a
weekly basis. If you do set them to automatically update then you should still check
them on a monthly or quarterly basis to ensure that the updates are occurring. An
additional update check needs to be performed for your application software as well.
Thus there are five areas which need to be monitored, and they are:
- OS Updates
- Application updates
- Firewall updates
- Virus protection updates
- Spyware detection updates
OS Updates
First of all your operating system (OS) should be Windows XP, either Home or Professional.
Windows Vista should also be acceptable, but I'm still running XP myself so I can't say
with certainty that it's ok. None the less I've heard of no glaring security lapses in
Vista (Note that the User Access Control feature that annoys so many people is a good
thing). Until I start using Vista I won't comment further on its security. The remainder of
this web page was written before Vista had been released. For now I'm assuming that wherever
you see "XP" below you can substitute "Vista".
The security tools in XP alone make it the best version of Windows. XP has a powerful
security feature known as "Automatic Updates". If you have automatic updates turned on
then your computer should automatically download the latest OS patches to keep the OS up
to date.
To check if the "Windows Update" feature of XP is turned on:
- Right click on "My Computer" and click on Properties
- (or open the System control panel under Start -> Settings -> Control Panel.)
- Click on the "Automatic Updates" tab
- Click on the "Automatic" radio button to turn auto updating on
If you want to manually install updates go to:
http://windowsupdate.microsoft.com/
(you need to use Internet Explorer)
On this page you can also view the history of all the patches you've installed on your computer.
Application Updates
Applications need to be kept up to date as well. Different software companies
have different ways of updating software. Usually you can find update instructions
in the help menu of the application. Frequently Help -> About will show the URL
of the company. Now days most programs also have a "Check for Updates" option in
the Help menu, if so that's usually your best tool.
Firewalls and Firewall Updates
Software Firewalls, usually called "Personal Firewalls", are a modern necessity.
However, if you have Windows Update set to Automatic, then you probably
have Microsoft's built in firewall already running. To check to see if your built
in firewall is running, do the following:
- Click on Start
- Click on Settings
- Click on Control Panel
- Click on Network Connections
- Click on Local Area Connection
- (This should bring up the Local Area Connection Status dialog.)
- Click on the Properties button to get to the Local Area Connection Properties dialog
- (there are several ways to get to this dialog, frequently there are paths from the networking system tray icons - your paths may differ).
- On the Local Area Connection Properties dialog click on the Advanced tab.
- Click on the Settings button, and make sure that your firewall is turned on.
The updates for Microsoft's built in firewall come with the OS updates.
There are also non-Microsoft software firewalls. A free version (after navigating a
host of web buttons trying to direct you to the for-pay version) is ZoneAlarm from
zonelabs.com .
If you use ZoneAlarm it automatically shuts off Microsoft's own built in firewall,
but that's ok as long as you keep Zone Alarm up to date. Zone alarm also has an
automatic update feature found on the Preferences tab of the Overview window in
the ZoneAlarm main dialog. You get to ZoneAlarm's main dialog by double clicking on
the ZoneAlarm system tray icon. The big virus protection companies such as McAfee
and Symantec also sell personal firewalls.
I used to use ZoneAlarm, but I'm now convinced that MS's built in firewall is just
as good as any of the third party products with the only exception that MS does not
block outgoing connections. Personally I now just use MS's built in firewall.
There are also hardware firewalls which are usually built into routers such as a
wireless hub. I believe that hardware firewalls do not sufficiently replace the
functionality of software firewalls so I think you should always have a software
firewall such as ZoneAlarm, or MS's built in firewall. Hardware and software
firewalls should peacefully coexist though so I recommend using both.
Virus Protection Software and Virus Updates
Every virus protection package that I know of has at least weekly updates.
Most packages also have an automatic update feature. As long as that's on you
should be ok. However, it's a good idea to check to make sure you're up to date.
The first time I set up a virus protection package to update automatically it
failed to make the connection, but it never told me. I was months out of date
before I realized the updates were not going through. The package I use now
(McAfee) has version numbers on each update so it's pretty easy to see that you
have the latest version.
Spyware Detection Software and Spyware Updates
Finally there is spyware detection software. Spyware is typically installed
along with other software. Most notorious "carriers" are file-sharing software
packages such as Kazaa. Since I don't use this sort of software, and since I only
run software obtained from trusted sources I've never had any spyware on my computer.
None the less, accidents can happen, so it's worth scanning for spyware.
Microsoft also has a free spyware product called
Windows Defender.
It's a good spyware scanner, and it's also an excellent
system analysis tool. You can get defender here:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
One additional note on spyware is that some spyware detection programs are in fact spyware themselves!
If you don't go with a name like Microsoft or Norton or McAfee then research the software fully and
download it from a trusted site.
One site I trust is download.com.
They are operated by cnet.com which is
another site I trust. cnet and download.com have been around for a long time. Their
reviews are worth reading when doing research on software.
Others issues and more information links
If you don't use a password:
If you have your OS set so that you don't have to type in a password
then you should tell the OS to only allow the no-password accounts access to the console (ie
no remote login). To do this do the following:
- Click on Start
- Click on Run
- Type in "secpol.msc", and press [Enter]
- This will open the "Local Security Settings" window.
- In the left-side window pane double click on: "Local Policies"
- Then, still in the left-side window pane, double click on: "Security Options"
- In the right side window pane double click on:
Accounts: Limit local account use of blank passwords to console login only
- Ensure that the "Enabled" radio button is selected.
Erasing information from Hard Disks
This page is mostly dedicated to just computer security, but identity theft is also
a very important issue. One issue related to both computer security and identity
theft is information on your computer's hard disk. When you get rid of an old
PC the hard disk in that computer will still contain a great deal of information
about you. To be safe you need to make sure everything on the hard disk is
completely erased. That doesn't mean simply deleting files because deleted files
can be recovered. You need to write over the disk with 0's, and to be safe you
need to do it a few times.
There is specialized software to do this, but I don't know a lot about it. A trusted friend has recommended:
http://dban.sourceforge.net/
You might also try doing a Google on something like "safely erase hard disk"
(this is for more information about the topic - I do NOT recommend that you download
software for erasing your HD without doing a lot of research on that software).
More sophisticated users can probably get away with using the
SysInternals program "sdelete".
You can get it here:
http://www.microsoft.com/technet/sysinternals/Security/SDelete.mspx
Security Related Links:
|