Get the Basics (Anti-Everything and Auto-Updates)
Your Windows Firewall is on, right? If not, rush to the Control Panel. Ensure that it is on. For maximum security, block all incoming connections, a topic in future blogs related to this article. This is done in the firewall’s Change Notification Settings. Nice start.
By now, everyone assumes anti-virus software is required. Find a free or commercial anti-virus product with anti-spyware abilities. Perform a Bing or Google search to find comparative reviews. Although you can run multiple versions of this software, this creates conflicts, false alarms, and poor performance. Your new software should disable Windows Defender, pretty good anti-spyware software.
What about automatically downloading Windows updates? Patch early and patch often! While in the Control Panel, open Windows Update and use Change Settings to set up automatic downloads. Consider this: Some think all those monthly patches indicate big security problemsnot so! Windows was one of the first operating systems to download and install patches for both the operating system and key applications.
What about Adobe Flash, browser add-ons, video codecs, and other optional software you may install? These may or may not be integrated into the Update Center. These applications may or may not offer a convenient update service. They may or may not patch at all, preferring to hope that the hackers haven’t found a way to abuse coding errors. Limit applications or add-ons you install. Go to the National Vulnerability Database to research a tool’s security history before downloading and trusting it. OSVDB.org (Open Source Vulnerability DataBase) has similar information. I dare you to look up Firefox and Internet Explorer and review the vulnerabilities and their severity. Why?
Internet Options are very important. Open the Control Panel and navigate to that applet. It controls Internet Explorer settings. Another browser may need similar settings within its administration interface. Consider lowering the amount of cached days in History, amount of cached memory, number of cached cookies, etc. Faster Internet connectivity makes these less necessary. Why leave a trail?
The Programs tab allows you to review Add-Ons that may have been installed onto your browser. Use Snipping Tool to take pictures of installed browser programs that are on by default. This allows you to disable suspicious code and then re-enable it if your testing determines that the code is needed.
Be sure to set an HTML editor that cannot execute HTML as a helper app. If you don’t know what that means, select a very limited editor like Notepad. Additionally, be suspicious if active content can run on your computer or if invalid software signatures allow software to run. These can be signs that your computer is hacked. As risky, enabling integrated Windows authentication can send your authentication credentials elsewhere. Although encrypted, this information can be a helpful start to hacking.
Last, under Advanced, I like to empty all temporary files at browser exit, on any browser I use (see Figure 2).
Figure 2 Emptying Temporary Internet Files
This has been a large number of suggested configurations! How will you know that you applied the correct settings and required software? Fortunately, this is covered in Windows Action Center (see Figure 3). Once you open it and review the Security List, you will confirm that your settings equal or exceed recommended security defaultseven if you choose security software from a company other than Microsoft. If you notice problems with the Action Center, choose software that integrates with it! Integration makes it more likely that you will get an error alert when it matters most: when malware is able to shut off or reconfigure your security software.
Figure 3 Using the Action Center to Create Secure Baselines
User Access Control (UAC)
The Action Center is one of several paths to setting the important UAC configuration. Windows 7 lowered the number of alerts by introducing a new setting, one that “trusts” all binaries signed by Microsoft. Microsoft products offer many rich programmatic interfaces to hackers and authorized alike. Move the slider bar to the most secure setting (see Figure 4).
Figure 4 Alerts are helpfulenable them!
Last, do not log in with administrator authority accounts for daily work. Go into the Control Panel to access User Accounts. Check Manage Users to determine what privilege your login account has. Create and use an unprivileged account for daily work. Windows will allow you to Administrator authority account as you need to.
By now, you should have some backups ready. You should have successfully enabled important security software and settings, including your user accounts strategy that doesn’t allow booby-trapped code to hack your system, not with Administrator authority and not without Windows alerting you that you have authorized a change. Let’s go further!