How to Secure Your Windows 7 System – Part 3

How to Secure Your Windows 7 System – Part 3

This is the third part in my series on securing your Windows 7 system. In part one I talked about securing your system using a hardware router and an uninterruptible power supply (UPS). In my last post I discussed creating a standard user account, disabling certain services, and a few other tasks you could perform within Windows to secure your system.

In this post I will begin talking about some applications you can install, as well as a service that I recommend you use. The focus on this post is mainly on securing the communication channel to and from your Windows 7 system.


I started using OpenDNS only recently, but have heard about it for several years. Basically, when you sign up with them, you can use their DNS servers instead of you ISP servers. DNS is an acronym for Domain Name Service. The servers that comprise a DNS are responsible for translating the human readable domain names, such as, into Internet Protocol (IP) addresses. These servers are also responsible for identifying and locating computer systems and resources on the Internet. By default, you use your ISP DNS Servers to locate web sites on the Internet.

While this section is optional, when you sign up with OpenDNS, you can use their DNS servers instead of you ISP DNS servers. There are several benefits to using OpenDNS, such as:

  • Web content filtering.
  • PhishTank anti-phishing.
  • Malware site protection / botnet protection.
  • Whitelist / blacklist.


For a complete list of the benefits for using OpenDNS, please visit OpenDNS Overview.

If you would like to use OpenDNS, or at least give it a try, you can sign up at the OpenDNS website. It is completely free for you to use. Once you have signed up, you will need to change the DNS settings of your connection. For information on how to do that, please visit the OpenDNS setup page.

Once you signup, I suggest you set up the filtering to prevent certain types of sites from being accessed from your network, which can be done from your OpenDNS dashboard under the “Web Content Filtering” option. By not allowing access to specific sites, you can reduce the chances of you downloading and installing malware on your computer. As an added benefit, it also allows you to prevent children that may use the Internet to access specific sites that are not designed for young children.

After trying out OpenDNS, and you choose not to use the service, you can always revert back to your ISP DNS by simply undoing the steps you performed to setup the OpenDNS servers.

Installing a Software Firewall

The next step to securing your Internet is to install a software firewall. While you probably have a hardware firewall built into your router (hopefully), it is also important to use a software firewall. My recommendation is to use a free firewall called Comodo.

Comodo is more complex to use than ZoneAlarm, another popular firewall, but it has been rated one of the best free firewalls available. There are a lot of options you can set within this application that can help make your Internet connection more secure. Once you have downloaded and installed the firewall, use the following steps to help secure your connection:

  1. First click the start button and then type “cmd.exe” in the search bar.
  2. From the command prompt, type “ipconfig /all” and press ENTER.
  3. Scroll up through the output until your find an item labeled “DNS Servers”. Write down those IP addresses as you will need them in future steps.
  4. Close the command prompt window to continue.
  5. Double-click the shield icon in the system tray found in the lower right corner of your screen. The Comodo firewall window should now be displayed.
  6. At the top of that window, click the “Firewall” option.
  7. Next, click the “My Network Zones” option to display a list of defined network zones.
  8. We will be defining your DNS IP addresses as part of a network zone. Click the down arrow on the “Add” button, and then select “A New Network Zone”.
  9. Type in “DNS Servers” for the name, and then click the “Apply” button.
  10. Back in the list of network zones, click the newly create “DNS Servers” network zone and then click the down arrow on the “Add” button again. This time select “A New Address”.
  11. Select “A single IP address” option, and then enter one of the DNS server IP address you wrote down earlier.
  12. Click the “Apply” button to add the IP address to the network zone.
  13. Repeat the previous three steps for any remaining DNS server IP addresses that you have written down.
  14. Once all the IP address have been entered, click the “Apply” button on the network zone list to return to the Comodo window.
  15. On the left side of the window, click the “Advanced” button, and then the “Predefined Firewall Policies” option.
  16. From the “Predefined Firewall Policies” window open, click the “Web Browser” item and then click the “Edit” button.
  17. Select the “Allow Outgoing DNS Requests” option and then click “Edit”.
  18. Under the “Source Address” tab, select the “Zone” option, and from the “Zone” dropdown, select “DNS Servers”.
  19. Click the Apply” button to close the “Network Control Rule”, and the “Apply” button to close the “Application Network Access Control” window.
  20. From the “Predefined Firewall Policies” window, select the next item and repeat the previous steps to ensure the “Allow Outgoing DNS Requests” option is set to the “DNS Servers” zone. Some policies may not have the “Allow Outgoing DNS Requests” option, so just skip those.
  21. Once all the policies have been set, click the “Apply” button to close the “Predefined Firewall Policies” window.
  22. From the Comodo window click the “Attack Detection Settings” option.
  23. From the “Attack Detection Settings” window, click the “Miscellaneous” tab and then check the “Do protocol analysis” checkbox.
  24. Click the “OK” button to close the window.
  25. You can now close the Comodo window. Comodo has many other settings that you can look up, but for the most part the default settings provide a good level of security for your Internet connection.

Install a More Secure Web Browser

While Windows comes with Internet Explorer, it is not the most secure browser to use. Two alternatives to this browser is Firefox and Opera. I have used both of these browser, and currently am using Opera.

When using any browser, it is recommended to disable JavaScript, unless you need to access a specific site. If you regularily visit a site, and you trust the site, then you can enable Javascript for that site only. For Firefox, this is easily accomplished with the “NoScript” add-on. Once it is installed, you will see the “NoScript” icon appear in the lower right corner of the status bar in the browser. By clicking this icon, you can determine which JavaScript to enable for the site.

For Opera, you must first disable JavaScript for all sites by using the following steps:

  1. Display the “Preferences” window (view the documentation for you specific version of Opera as it is different for the latest version and previous versions).
  2. Click the “Advanced” tab and then click “Content” on the left.
  3. Uncheck the “Enable JavaScript” option.

Now that JavaScript has been disabled for all web sites, you can enable it for certain web sites by visiting the web site and following these steps:

  1. Right-click a blank area of the web page and select “Edit Site Preferences”.
  2. Click the “Scripting” tab and then check “Enable JavaScript”.
  3. Click the “OK” button to save your changes and close the preferences window.

The steps outlined in this post will help you to secure your Internet connection. In the next post I will look at tools that you can install to help keep your system up to date with patches, and also anti-malware tools you can use.

3 Responses to “How to Secure Your Windows 7 System – Part 3”

  1. raymund says:

    I am just curious, why do you prefer Opera over the two major browsers?

    • Paul Salmon says:

      I don’t use Opera anymore – I have switched to Google. I like Opera because I found it faster, and with the lower market share, there really weren’t too many people looking to “hack” it. They were also quick on the security fixes.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.