10 Tips to Secure Your Windows System

10 Tips to Secure Your Windows System

For many people Windows is synonymous with viruses, malware and security vulnerabilities. For many years Apple and Unix/Linux users have touted how they don’t have to worry about viruses or malware.

Windows users have, however, enjoyed the fact that their system has the most compatibility for hardware and software than any other system. This, unfortunately, has also been an issue as Windows users have always had a more open system to allow for such compatibility, which has allowed viruses and malware to propagate easily.

With the 10 tips outlines below, I will show you how you can run your system in a much more secured way, to the point where you can, hopefully, make viruses and malware threats a thing of the past. The good news is most of you probably won’t even need to spend a dime to make your system much more secure.

10 Tips to Secure Your Windows System

10. Don’t Install Java or Adobe Reader

Cost: Free

There are two applications that are by far the most exploited applications you can install on any system: Java and Adobe Reader. Adobe’s Flash player is the third, but you may want to keep that around as many websites still require Flash player.

For the average user, you may not need Java installed, and it isn’t installed by default. If you don’t need Java, then you should uninstall it. If you do need Java, then ensure you keep it updated with the latest patches, and also prevent it from running in your Web browser.

With Adobe Reader – you don’t need it. Adobe Reader is used to open and read PDF files, but since the PDF document standard is now an open-standard, there are many other readers available to install. Sumatra and Foxit are two of the more popular choices, or you can even use your Web browser as the latest version of Web browsers allow you to view PDF files.

9. Install Anti-virus Software

Cost: Free or more

Installing an anti-virus product on a Windows system has become second nature to most users. It is a necessary piece of software for helping detect and clean viruses from a system. The problem is which anti-virus product to choose.

There are paid solutions such as Bitdefender, ESET or Kaspersky that do a great job. Microsoft provides a free solution called Microsoft Security Essentials that does a good job – especially for the cost.

Many anti-virus software develops also provide a full Internet security suite that includes many different features. Be careful if you go that route as it could conflict with the software in the next point.

8. Use a Hardware and Software Firewall

Cost: $40+ (hardware), Free or more (software)

Chances are if you have a broadband Internet connection, then you use a router. If you use a router, chances are you probably have a hardware firewall. A firewall monitors and controls traffic between your local network – the network your computers are connect to – and the Internet.

For the most part you really don’t need to do much with your router’s firewall, unless you want to open ports to allow applications to send and receive data – such as P2P sharing. In such cases, you want to be conservative on how many ports you open and which applications are using those ports.

The other type of firewall is a software version that is installed on your computer. Your Internet security software suite may include a software firewall, or you can use a popular free one such as Comodo or ZoneAlarm. Of course, Windows already includes a pretty good firewall that is enabled by default.

7. Install Anti-malware Software

Cost: Free or more

I am place anti-malware software in a different category than anti-virus software because they can be different applications. While should only run one anti-virus software on your computer, you can have multiple anti-malware software installed.

The most popular, and the one considered the best, anti-malware application is offered by Malwarebytes called Anti-malware. There is a free version of Malwarebytes Anti-malware, but you can also buy a lifetime license of Malwarebytes Anti-malware PRO for about $30.

6. Log in with a Standard User Account

Cost: Free

Windows users have always logged in with an administrator account. The problem is that the administrator account has total control over every aspect of a Windows system. When an application is executed by a user, the application has the same privileges as the user. This means the application can change anything on the computer if the user is an administrator.

With Windows Vista, Microsoft has made changes to Windows that allows a user to use a standard user account on a regular basis instead of an administrator account. A standard user account is restricted to what it can do on a Windows system. A standard user account can’t add/change files in the Program Files or Windows directory, it can’t install applications or drivers.

If an application is run by a standard user account, it too, will have the same restrictions, which provides some protection for your system.

5. Create Strong Passwords

Cost: Free

Creating strong passwords is probably the most common security advice offered anywhere. The unfortunate thing is that people are still creating short, easy-to-guess passwords, which can be hacked. It may be convenient for you to use the same easy password everywhere, but it is also convenient for hackers.

Always create long and unique passwords for each of your accounts. Passwords are the first line of defense against hackers, and sometimes the only line of defense.

4. Install Windows and Application Updates

Cost: Free

A list about tips for securing your Windows system wouldn’t be complete without mentioning updates. I have had people ask me if they should update their Windows computer, and I always emphatically say “yes.”

Microsoft releases security updates on the 2nd Tuesday of every month. If you see the Windows Update icon in the lower-right corner of your computer, then double-click it to perform the updates. If you use Microsoft Security Essentials, then the definitions for that application will also be downloaded through Windows update.

Not only are Windows updates important, so are application updates. The latest Web browsers tend to update automatically these days, but you should also look at updating other applications such as Java (if it installed), your security software, office products, Flash player, and any other software you can update. Keeping updated is the best way of closing any exploits in applications.

3. Use a Virtual Machine

Cost: Free

Virtual machines have been around for many years, but have only started to become more common at home. A virtual machine uses the existing hardware of your computer to create a second computer running in an application within your current operating system. Because the machien doesn’t have physical hardware – meaning you can’t see the hardware on your desk – it is called a virtual machine.

There are many solutions that you can use to create a virtual machine. VMWare is by far the most popular, but VirtualBox is also a great alternative. Each allows you to setup a virtual machine within Windows and install any operating system you choose.

The virtual machine can then be used for checking e-mail or browsing the web without the risk of viruses or malware being installed on your physical machine. If you do get malware on your virtual machine, you can just delete the virtual machine to remove the malware.

2. Use Sandboxie

Cost: Free or €15

While creating a virtual machine is probably the best way to contain malware, it can be complex and technical for the average user. This is where Sandboxie can provide tremendous protection from malware for the average user.

Sandboxie allows you to run applications in an isolated area, called a sandbox, within Windows. Anything that happens in the sandbox – such as malware or virus installations – stays within the sandbox and doesn’t affect any other part of your system. Much like a virtual machine, without the complexity of creating a virtual machine. If malware does get installed, you simply clear the contents of the sandbox and the malware is gone.

There is a free version, but it does have a few functions disabled and a nag screen appears after 30 days of use. The full version is 15 euros for one year and is well worth the price. I currently use the full version of Sandboxie and force all Web browsers to run within a sandbox to help keep my system protected.

For protecting your system, Sandboxie is about the best you can get.

1. Use Common Sense

Cost: Free

The ultimate weapon in your arsenal of keeping your Windows system safe is common sense. All the above tips can be rendered useless if you don’t use your own common sense.

A Bonus Tip

Cost: Free

While I did mention this post will have 10 tips, I will give you a bonus tip. Microsoft has an application available called he Enhanced Mitigation Experience Toolkit (EMET) that you can install to help mitigate vulnerabilities in software. I suggest you install and use this application.

For more information on using the tool you can read this excellent post: Windows Security 101: EMET 4.0.

I know there are many more tips that can be added to this list. Which tips do you have to keep your Windows system secure?

12 Responses to “10 Tips to Secure Your Windows System”

  1. nyc post but sir i have a problem with my lappi .I hav installed Window 7 and due to some virus my lappi continue show Blue screen How to i remove it please help me out?

  2. Sohil Memon says:

    Hey Paul,

    These are awesome tricks and tips. I still prefer “SandBox” to be secure. As we all know that Windows OS is quite easily vulnerable and hacked at anytime. Now, I think it’s time to switch Linux Distros, is it great idea or I should stay with Windows OS? Can you help me out! Thanks 😀

    • Paul Salmon says:

      I have Ubuntu installed on a laptop,, and it does take some getting used to after using Windows for many years. If you have used Linux before, or are eager to learn Linux, then you could switch – providing all the applications you need are available.

      For Windows, it really isn’t hard to keep yourself safe, but you do need to be vigilant and take steps to protect your self. Using a sandbox, such as Sandboxie, and have your e-mail application and Web browsers run inside that sandbox goes a long way to keeping your system safe.

  3. santi says:

    I am using a program called PSI Secunia to alert me when there is updates available for 3. party programs.

  4. So glad I found this. Really great tips. I especially love avoiding Java, Sandboxy and Strong passwords.

    I’d also add a VPN like Private Internet Access or Pro XPN (or some of the other zillions on offer)- particularly if you find yourself connecting to t’internet in Starbucks or another coffee shop or indeed a hotel. You wouldn’t want to send out your stuff in the clear for people to snoop on!

    I wanted to ask, is Adobe Acrobat that bad? We use Adobe Acrobat Pro (we have Adobe Creative Cloud) which we do find very useful in creating pdfs. I have used Foxit and although I find it is ok for a lot of users it doesn’t quite give me what I need.

    I also wondered how best to lock down a computer in a work environment so that less techie users are stopped from installing their own software, apps or opening zips or adding silly toolbars etc. ?

    Thanks again!

    • Paul Salmon says:

      I’m not sure about Adobe Acrobat Pro, but Adobe Acrobat Reader is known for security holes. They are two different applications, but I don’t hear too much about Acrobat Pro. If you need the software, then you should probably keep it installed.

      One of the best ways to lock down a computer is to simply have all users use a standard user account instead of an administrator account. This should help prevent most software from installing since administrator access is required.

      Opening zip files is a little more complex because the user will be able to do so from their own directory. The best bet is to have a good network administrator and good security software installed to help prevent any malware from such activities from being installed.

      • Thanks, Paul. I’ll stick with Adobe Acrobat Pro for now. I’m certainly not a massive of Adobe software. Over priced and could almost be described as bloatware. Unfortunately they have a near monopoly on a lot of apps I use.

        Thanks for your suggestion of just giving a user account. It sounds so simple but actually that will probably be the best solution. The only other thing I’d like to look into would be if it’s possible to get users to use Google Chrome and not IE and to stop them installing browser extensions. There must be a way to do this I assume?

        • Paul Salmon says:

          Regarding Web browsers, it does get more difficult to get user’s to stop using IE. You can first make Chrome the default browser so all Web pages will load in Chrome. Next you should make the Chrome shortcut more prominent – like on the desktop – and remove IE shortcuts. I don’t think your user’s will go search for IE if Chrome is easily accessible.

          In terms of preventing them from installing browser extensions, I am not sure how to do it, but there is probably some setting that can prevent users from installing them.

  5. Thomas says:

    Hi Paul
    Most people install Windows updates and some kind of Antivirus program, but many people forget or simply do not know that they also have to update programs like Java, Adobe Flash player, Adobe Air and Acrobat reader. I am using a program called PSI Secunia to alert me when there is updates available for 3. party programs.

    • Paul Salmon says:

      Hi Thomas, I also have PSI Secunia installed for alerting me of updates. I should have added or mentioned PSI Secunia – maybe on a second “securing windows” post. Many people do forget to update Java, but I don’t think the average person knows the security issue, or if they even have Java installed. I have uninstall both Java and Adobe Reader, but do have Flash player installed.

      • Thomas says:

        Hi Paul
        I wish I also could uninstall Java. The number of security holes found in Java for the last 2 years are unbelievable. My problem is that all Danish and Norwegian Netbanking system are based on Java. It is really a big issue over here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.