Windows has always been synonymous with malware. To this day, Windows systems are being targeted by malware developers because of the number of Windows systems online, as well as how many exploitable security holes are available. Much of the malware can easily be prevented if users just took the time to implement some security measures on their Windows systems.
Below I provide 5 of the best tips that I utilize on my Windows system. Since implementing these tips, I haven’t had to worry about any malware on my computer in any shape or form.
1. Don’t Use an Administrator Account
Before Windows 7, Windows users have always enjoyed the freedom of accessing their computer with an administrator account – and so did malware authors.
The administrator account in Windows provides unrestricted access to anything within your computer. Anything that you ran, including malware, ran under the context of an administrator.
With Windows 7, you are no long required to run as an administrator. With Windows 7 and above you should always be running with a limited user account. I have been running with a limited user account for 4 years without any issues.
When using a limited user account on Windows, you will be prompted for an administrator password when you install an application. This means that an application cannot be installed without you knowing as it will require a password. This is similar to how things work on a Linux or Mac OS system.
2. Use a Sandbox or a Virtual Machine
While there are many tips that could help keep your Windows computer secure, the best one tip that I can give is to either use a sandbox or virtual machine for browsing the Web or accessing your e-mail.
While this may sound complex, it really isn’t. For those that aren’t too technical, I recommend that you go the sandbox route as it doesn’t require setting up another operating system in a virtual machine.
A sandbox application protects your computer by creating a “container” – called a sandbox – on your hard drive that any application running in the sandbox can access. Anything outside of that sandbox cannot be modified by any application running within the sandbox.
This means that if you access a Web page or open an e-mail that contains malware, that malware program cannot access anything outside of the sandbox, which keeps your computer protected. Even ransomware, such as CryptoLocker has been proven to be ineffective when running in a sandbox.
To create a sandbox I recommend Sandboxie, as I have found it to be fairly easy to use, and it does a tremendous job of keep your computer safe from malware from Web pages or from e-mails. There is a free version of Sandboxie, but I recommend you spend the €15 for the pro version as it comes with more options.
Virtual machines are popular among the tech-savvy users – myself included. Basically, a virtual machine will use your computer’s resources to create a second computer that is hosted within Windows.
The security portion is that the hosted virtual machine cannot access the files from the host machine (your Windows machine). You can install any operating system you wish within the virtual machine. For security reasons, many that create virtual machines for protection will install a flavor of Unix – such as Ubuntu.
Once the virtual machine is created, then all Web browsing and e-mail accessing will be done within the virtual machine.
If you are interested in creating a virtual machine, then you should download and install VirtualBox. It is a free option for creating virtual machines on your Windows computer that is easy to use with a lot of support.
Whether you use a sandbox or virtual machine, always ensure that you browse the Web or check your e-mail in either a sandbox or virtual machine.
3. Keep Windows and Applications Updated
Keeping your Windows operating system updated is probably on everyone’s list of securing a Windows machine. Every second Tuesday of the month, Microsoft releases patches for their products, many of which are security-related. It is imperative that you take the time to download and install the patches that Microsoft releases, not only for Windows but any Microsoft product you have installed.
Of course, along with the operating system, you should also ensure you keep installed applications updated, as well. This may be more difficult, especially if you are like me and have many applications installed.
The good news is that there is a free tool from Secunia called Personal Software Inspector (PSI). this is probably one of the best, little known, tools you can install.
Secunia PSI will scan your hard drive for installed applications, and then check to see if they are at the latest version. If an application is out-of-date, end-of-life, or is missing a patch, then PSI will notify you about an update.
You can have Secunia PSI install the updates automatically for you, but I found it doesn’t always work well, especially since I don’t run with an administrator account. I, however, will download and install the application update manually, and use PSI as my notification service.
The second reason I don’t have PSI automatically update software has to do with the next point about bundled software.
4. Watch What You Install
Be careful what you install on your computer, especially for software that comes bundled with other software. If you didn’t request the software to be installed, then don’t install it.
Ensure you read the prompts during an application install to ensure you don’t install additional, unwanted software, during the install of another application. This is becoming too common. A checkbox is automatically checked when installing an application, and suddenly you have a toolbar in your Web browser, or software is running in the background on your computer, eating up CPU.
With regards to watching what you install, there are two applications that you may not want installed on your computer: Java and Adobe Reader.
Java is by far the most exploited software on the planet with regards to security. Most people probably don’t even need Java installed on their computer, and if you are one of those people, I suggest you uninstall Java. If you do need Java, then unhook Java from your Web browsers to help prevent malicious users from exploiting security holes in the application.
Adobe Reader is also another popular application being exploited by malicious users. PDF files are now an openly documented standard, so there are many PDF readers that can replace Adobe Reader. Such applications include Foxit and Sumatra PDF.
Most of the latest Web browsers can also open and display PDF files, so you may not even need additional software to read a PDF file.
5. Lockdown Your Web Browser
Internet Explorer is installed on all Windows systems by default, but there are much better alternatives to Internet Explorer. Firefox, Google Chrome, and Opera are all better, and more secure, alternatives to IE.
With Firefox, you should install the NoScript add-on to manage what JavaScript runs. Also, Web of Trust – WOT to flag inappropriate or malicious sites, and VTzilla to scan download files and web sites for viruses with the click of a button.
Google Chrome has extensions, such as NotScripts that is equivalent to Firefox’s NoScript. While I haven’t used Google Chrome as much, I’m sure there are additional extensions that can help keep you safe while browsing the Web.