How to Secure Your Windows 7 System – Part 2

Should You Disable the Windows Pagefile?

In my last post titled How to Secure Your Windows 7 System – Part 1, I talked about securing your wireless router and about how to protect your computer with a UPS. While the tips provided in that post can apply to more than just a Windows 7 system, I felt it was important to discuss how to secure you system outside the actual operating system.

This post, however, will now look into securing your Windows 7 system by making changes within the actual operating system. Now we will start to get into a few changes you can make to help keep your system safe. It is also important to note that you may not be able to apply all settings outlined in this post because of such things as your computer being connected to a LAN. I’ll try and point out such situations in the post.

Basic Windows Security Settings

Before we begin it is important to first ensure that you perform two basic security tasks before changing any settings. These involve updating your version of Windows, and also setting up the proper user rights.

Update Windows

Every security expert, and computer expert will recommend that you keep your Windows operating system up to date. This is extremely important as Microsoft releases many security fixes for all their supported operating systems.

If you haven’t done so, I recommend you do that right now. If you are unsure, you can use the following steps:

  1. Click the start button in the lower left corner, then click “All Programs”.
  2. From the “All Programs” menu, click “Windows Update”.
  3. If there are important updates available for your computer, click the link that says there are important updates available. If there are none, then your Windows system is up to date, and you can stop following these steps.
  4. Once you click the link, a list of updates is then displayed. Click the checkbox next to the updates to select them. Alternatively, you can click the checkbox next to the “Name” column at the top to select all updates.
  5. Once all the updates have been selected, click the “OK” button at the bottom right to install the updates.
  6. You will be taken back to the Windows Update window. Click the “Install updates” button to install the selected updates.
  7. Once all the updates have been installed, you may be asked to restart your computer. If you are, then restart your computer, else just close the Windows Update application.

While Windows 7 may tell you when there are important updates ready to be installed, it is good practice to manually check for updates from time to time.

Use a Limited User Account

Most people have probably been using their Windows system with an administrative account. While this makes things easier as you have total access to everything on your computer, this also means that applications that run from an administrator account also have total access. For security reasons, it is advisable to use a more limited account for your day-to-day activities, and then use the administrative account when needed, such as installing software.

When using Windows 7, you will be prompted for an administrator password when you do need to perform such activities as installing software, so you don’t even need to log out and log in as an administrator. You can easily run application as an administrator using your limited user account.

To create a non-administrative account, use the following steps:

  1. Click the start button, and then click “Control Panel”.
  2. Once the “Control Panel” window is opened, click the “Add or remove user accounts” under the “User Accounts and Family Safety” heading.
  3. From the “Manage Accounts” window, click the “Create a new account” link.
  4. Enter a name for the account and ensure that the “Standard user” option is selected.
  5. Click the “Create Account” button to create the account.

Once the account has been created, you should logoff with the administrator account and then log in with the new standard user account. You can then create a password for the account by double-clicking the account and then selecting the “Change the password” option.

Disable Some Windows Services

With the two basic settings mention above complete, you can now begin to get into more serious security modifications. By default, there are many services that are automatically started when Windows is loaded. While many of the services are needed, some can be disabled to help secure the system. It is important to note that this section is rather advanced, so you may not want to perform the following settings if you are not comfortable with stopping services.

Before we begin, it is important to understand how to stop and disable certain services. To do this, use the following steps:

  1. Click the start button and then in the search box type “services.msc”. Press CTRL+Shift+ENTER to launch the “Services” window. The CTRL+Shift combination will launch the services window with an administrator ID, so you may be prompted for the password. Enter the local administrator password to continue.
  2. Dobule-click the service in the list to open the service’s properties window.
  3. From the “Startup type” dropdown, select “Disabled” from the list. This will prevent the service from running at Windows startup.
  4. Click the “Stop” button to stop the service if it is currently running.
  5. Click the “OK” button to save your changes and close the window.

It is important to note that you should disable one service at a time. Once you disable a service, see how your computer works when connected to the Internet or across the network, and also by running your every day applications. If something doesn’t work right, re-enable the service. By using the above steps, you should stop and disable the following services:

  • Media Center Extender Service
  • Net.Tcp Port Sharing Service
  • Remote Desktop Configuration
  • Remote Desktop Services
  • Remote Desktop Services UserMode Port Redirector
  • Remote Procedure Call (RPC) Locator
  • Routing and Remote Access
  • SeaPort
  • SSDP Discovery
  • TCP/IP Net BIOS Helper
  • UPnP Device Host
  • Windows Firewall – Disable if you have another firewall installed, such as ZoneAlarm or Comodo. Otherwise, keep it enabled.

If you are not on a LAN and connected to other computers, such as you only have one computer, then you can disable these services.

  • Function Discovery Provider Host
  • Function Discovery Resource Publication
  • HomeGroup Listener
  • HomeGroup Provider
  • Internet Connection Sharing (ICS)
  • Computer Browser
  • Server

In addition to disabling the above services, you can also set the following to “Manual” instead of “Disabled”:

  • Workstation

The above list shows the services that I currently have disabled on my stand-alone desktop computer. I am currently having no issues with the above services disabled.

Change File Type Association

If you have used Windows for many years, you are probably aware that certain files types can be used to execute malware on your computer. For these file types, a good solution to prevent these files from executing malware is to associate them with Notepad. What this will do is open the file in Notepad so you can view the contents of the file, instead of running it. To associate Notepad to a file type use the following steps:

  1. Click the start button in the lower-left corner and select “Default Programs”.
  2. In the “Default Programs” window, click the “Associate a file type or protocol with a program” link.
  3. Now, to change a file association, double-click one of the file types in the list.
  4. If Notepad isn’t listed under “Recommended Programs”, look for it by expanding the “Other Programs” list. If you still don’t see Notepad, click the “Browse” button, and navigate to your windows directory and double-click “notepad.exe”.
  5. Once Notepad has been added, click on it to select it and then click the “OK” button. Notepad is now the default program for that file type.

Now that you know how to specify a default program file a file type, use those same steps to set Notepad as the default program for the following file types:

  • .js
  • .otf
  • .reg
  • .vbe
  • .vbs
  • .wsf
  • .wsh

Note

If a file type doesn’t exist, don’t worry about it. Just set Notepad as the default program for the files types that do exist in the above list.

This post mentioned several tasks that you can do to help secure your Windows 7 system. The next part in this series will begin to look at applications that you can install to help keep your system secure.

Follow Me