[Guide] Securing your PC
Posted 3/5/10 , edited 3/5/10
Here's a short guide to securing your Windows PC.

System Updates
Make sure you have the latest Windows and other Microsoft updates installed. Security researchers uncover new vulnerabilities in Windows components almost weekly, so make sure automatic updates is on, or visit Windows Update regularly. Also make sure you have the latest Service Pack installed - XP SP3, Vista SP2 and none for Win7 yet. Viruses and worms can take advantage of vulnerabilities in Windows components to infect your system if you aren't up to date. If you use a pirated version of Windows, you can still turn on automatic updates.

XP, Vista and Windows 7 all come with Windows Update, but you can opt-in to use Microsoft Update which is essentially Windows Update with additional updates for other MS software (Office, Visual Studio, etc). I recommend you enable this by going to Windows Update and following the links to Microsoft Update.

I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.

Windows firewall is all you need. Most of you will be behind a NAT router which prevents incoming connections to your PC anyway without port forwarding, but as IPv6 uptake in the near future takes off, NAT will slowly die and your PC will have a public IP address. Windows firewall simply stops programs from accepting connections from the Internet unless you allow them, so if there are vulnerabilities in any networked programs, worms and viruses can't exploit them.

Some of you may think you need a more advanced 3rd party firewall that blocks programs from initiating connections, but if you need this then you've already failed. If a program you don't trust is already executing code on your PC then you lost the battle to begin with. Also 3rd party firewalls themselves can expose your system to risk, there is a long history of firewall software that contains exploitable vulnerabilities, as well as bad coding which can cripple your PC performance or cause random crashes.

DEP (or NX as it's sometimes called) prevents computer code from executing from areas of memory that are marked as containing only data. This feature has been around for a while but by default only applies to Windows programs and services. Since web browsers, plugins, IM clients, etc are all common vectors for viruses and worms, it is a very good idea to have DEP apply to all programs as it mitigates a large number of attacks. That WMF exploit that infected people just by visiting a website? Blocked by DEP. That Warcraft 3 custom map exploit? Blocked by DEP. Those are just two examples I've personally tested. It's a great preventive measure that everyone should have enabled.

To enable DEP (procedure might be slightly different for Vista / Windows 7), right click My Computer, Properties, Advanced, Performance, Settings, Data Execution Prevention, and tick "Turn on DEP for all programs and services". Contrary to some reports, enabling DEP will not slow down your PC.

There may be old programs that rely on executing code from data memory that have not been updated for DEP compatibility. If you encounter a DEP violation, you will see a popup saying "To help protect your computer, Windows has closed this program". From that dialog you can add an exception, but only do this if you are sure the program is at fault. Eg if you are browsing the web and suddenly get a DEP violation, chances are something just tried to exploit your browser or a plugin so you would not add an exception.

3rd party addons to programs can also cause DEP violations, eg if after enabling DEP you find your browser immediately exits with a DEP error, try disabling any addons or make sure they are all up to date. Windows Explorer also loads addons (shell extensions), so if you find Explorer is exiting with DEP violations and you feel comfortable with advanced tools, you can use AutoRuns to list your shell extensions and disable any problematic ones.

Despite the two paragraphs of compatibility warnings, the majority of you will have zero issues after enabling DEP, so don't be afraid .

Software Updates
Every piece of software on your PC that interacts with the Internet or files could be a possible vector for virus / worm exploitation. It's very important you keep all your programs up to date as exploits are discovered for common products surprisingly often. I recommend using the Secunia Personal scanner which will scan your entire PC for any programs that might allow your system to be compromised. You'll be surprised what it finds.

Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.

Browser Plugins
Since web exploits are the number one vector for malware, it is a good idea to run with the smallest amount of plugins you need. Don't need to read PDF files in your browser? Disable Adobe PDF plugin so PDF files can't auto-load. Finished watching some stream that required a browser addon? Disable it. Java is another good example - it's often installed and forgotten about, or the auto update disabled. If you use Firefox, you can do a very basic plugin check here: http://www.mozilla.com/en-US/plugincheck/
48613 cr points
Send Message: Send PM GB Post
46 / M / Brooklyn, New York
Posted 3/5/10
Hahaha. Try this instead. Linux. That's right multi-boot you system. It's easier than you think. I was curious and tried it out. Now, unfortunately for Windows, I use the better choice.

My wife, who knows little about computers and operating systems, told a friend, "... no, Ubuntu is not any harder than Windows at all. It's really all the same." Of course she really only surfs the web and uses OpenOffice now and then, or listens to music.

Point is, Linux isn't hard, like MS staffers say it is. Dual-boot and try it for yourself. Don't take my word (or anyone else's).
Posted 3/5/10
Shame, you put so much work in.
Don't know if should report.
12079 cr points
Send Message: Send PM GB Post
25 / location location...
Posted 3/7/10

marumo-kun wrote:

Shame, you put so much work in.
Don't know if should report.

You should. =/
Posted 3/7/10
haha mini mods
(but yeah this is a duplicate).
Moon Princess Moderator
288456 cr points
Send Message: Send PM GB Post
29 / F / Heaven
Posted 3/7/10
You must be logged in to post.