10 Tips to Secure Your Windows System
For many people Windows is synonymous with viruses, malware and security vulnerabilities. For many years Apple and Unix/Linux users have touted how they don’t have to worry about viruses or malware.
Windows users have, however, enjoyed the fact that their system has the most compatibility for hardware and software than any other system. This, unfortunately, has also been an issue as Windows users have always had a more open system to allow for such compatibility, which has allowed viruses and malware to propagate easily.
With the 10 tips outlines below, I will show you how you can run your system in a much more secured way, to the point where you can, hopefully, make viruses and malware threats a thing of the past. The good news is most of you probably won’t even need to spend a dime to make your system much more secure.
10. Don’t Install Java or Adobe Reader
There are two applications that are by far the most exploited applications you can install on any system: Java and Adobe Reader. Adobe’s Flash player is the third, but you may want to keep that around as many websites still require Flash player.
For the average user, you may not need Java installed, and it isn’t installed by default. If you don’t need Java, then you should uninstall it. If you do need Java, then ensure you keep it updated with the latest patches, and also prevent it from running in your Web browser.
With Adobe Reader – you don’t need it. Adobe Reader is used to open and read PDF files, but since the PDF document standard is now an open-standard, there are many other readers available to install. Sumatra and Foxit are two of the more popular choices, or you can even use your Web browser as the latest version of Web browsers allow you to view PDF files.
9. Install Anti-virus Software
Cost: Free or more
Installing an anti-virus product on a Windows system has become second nature to most users. It is a necessary piece of software for helping detect and clean viruses from a system. The problem is which anti-virus product to choose.
There are paid solutions such as Bitdefender, ESET or Kaspersky that do a great job. Microsoft provides a free solution called Microsoft Security Essentials that does a good job – especially for the cost.
Many anti-virus software develops also provide a full Internet security suite that includes many different features. Be careful if you go that route as it could conflict with the software in the next point.
8. Use a Hardware and Software Firewall
Cost: $40+ (hardware), Free or more (software)
Chances are if you have a broadband Internet connection, then you use a router. If you use a router, chances are you probably have a hardware firewall. A firewall monitors and controls traffic between your local network – the network your computers are connect to – and the Internet.
For the most part you really don’t need to do much with your router’s firewall, unless you want to open ports to allow applications to send and receive data – such as P2P sharing. In such cases, you want to be conservative on how many ports you open and which applications are using those ports.
The other type of firewall is a software version that is installed on your computer. Your Internet security software suite may include a software firewall, or you can use a popular free one such as Comodo or ZoneAlarm. Of course, Windows already includes a pretty good firewall that is enabled by default.
7. Install Anti-malware Software
Cost: Free or more
I am place anti-malware software in a different category than anti-virus software because they can be different applications. While should only run one anti-virus software on your computer, you can have multiple anti-malware software installed.
The most popular, and the one considered the best, anti-malware application is offered by Malwarebytes called Anti-malware. There is a free version of Malwarebytes Anti-malware, but you can also buy a lifetime license of Malwarebytes Anti-malware PRO for about $30.
6. Log in with a Standard User Account
Windows users have always logged in with an administrator account. The problem is that the administrator account has total control over every aspect of a Windows system. When an application is executed by a user, the application has the same privileges as the user. This means the application can change anything on the computer if the user is an administrator.
With Windows Vista, Microsoft has made changes to Windows that allows a user to use a standard user account on a regular basis instead of an administrator account. A standard user account is restricted to what it can do on a Windows system. A standard user account can’t add/change files in the Program Files or Windows directory, it can’t install applications or drivers.
If an application is run by a standard user account, it too, will have the same restrictions, which provides some protection for your system.
5. Create Strong Passwords
Creating strong passwords is probably the most common security advice offered anywhere. The unfortunate thing is that people are still creating short, easy-to-guess passwords, which can be hacked. It may be convenient for you to use the same easy password everywhere, but it is also convenient for hackers.
Always create long and unique passwords for each of your accounts. Passwords are the first line of defense against hackers, and sometimes the only line of defense.
4. Install Windows and Application Updates
A list about tips for securing your Windows system wouldn’t be complete without mentioning updates. I have had people ask me if they should update their Windows computer, and I always emphatically say “yes.”
Microsoft releases security updates on the 2nd Tuesday of every month. If you see the Windows Update icon in the lower-right corner of your computer, then double-click it to perform the updates. If you use Microsoft Security Essentials, then the definitions for that application will also be downloaded through Windows update.
Not only are Windows updates important, so are application updates. The latest Web browsers tend to update automatically these days, but you should also look at updating other applications such as Java (if it installed), your security software, office products, Flash player, and any other software you can update. Keeping updated is the best way of closing any exploits in applications.
3. Use a Virtual Machine
Virtual machines have been around for many years, but have only started to become more common at home. A virtual machine uses the existing hardware of your computer to create a second computer running in an application within your current operating system. Because the machien doesn’t have physical hardware – meaning you can’t see the hardware on your desk – it is called a virtual machine.
There are many solutions that you can use to create a virtual machine. VMWare is by far the most popular, but VirtualBox is also a great alternative. Each allows you to setup a virtual machine within Windows and install any operating system you choose.
The virtual machine can then be used for checking e-mail or browsing the web without the risk of viruses or malware being installed on your physical machine. If you do get malware on your virtual machine, you can just delete the virtual machine to remove the malware.
2. Use Sandboxie
Cost: Free or €15
While creating a virtual machine is probably the best way to contain malware, it can be complex and technical for the average user. This is where Sandboxie can provide tremendous protection from malware for the average user.
Sandboxie allows you to run applications in an isolated area, called a sandbox, within Windows. Anything that happens in the sandbox – such as malware or virus installations – stays within the sandbox and doesn’t affect any other part of your system. Much like a virtual machine, without the complexity of creating a virtual machine. If malware does get installed, you simply clear the contents of the sandbox and the malware is gone.
There is a free version, but it does have a few functions disabled and a nag screen appears after 30 days of use. The full version is 15 euros for one year and is well worth the price. I currently use the full version of Sandboxie and force all Web browsers to run within a sandbox to help keep my system protected.
For protecting your system, Sandboxie is about the best you can get.
1. Use Common Sense
The ultimate weapon in your arsenal of keeping your Windows system safe is common sense. All the above tips can be rendered useless if you don’t use your own common sense.
A Bonus Tip
While I did mention this post will have 10 tips, I will give you a bonus tip. Microsoft has an application available called he Enhanced Mitigation Experience Toolkit (EMET) that you can install to help mitigate vulnerabilities in software. I suggest you install and use this application.
For more information on using the tool you can read this excellent post: Windows Security 101: EMET 4.0.
I know there are many more tips that can be added to this list. Which tips do you have to keep your Windows system secure?