Windows doesn’t have a reputation for being a very secure operating system. Since Windows is the most widely deployed OS its always been the top target for hackers and virus writers.
Microsoft has improved security quite a bit with Windows 7 but its still important to implement your own security practices so your system doesn’t become an easy target.
Most of these tips apply to Windows XP, Vista, or 7.
1. Update vulnerable software automatically with Secunia PSI
One of the most common reasons a computer may become compromised by hackers or malware is out of date software. Besides targeting security vulnerabilities in browsers hackers are targeting flaws in Adobe, Microsoft Office, Flash, Java, etc.
Secunia PSI will scan all of the installed software on your computer and check for any necessary updates or patches. Secunia is able to automatically update many common programs, and if its unable to update a program it will provide a link so you can manually install the update you need.
Download Secunia here
2. Scan your computer for Malware with Malwarebytes
Often the signs of malware on a computer are obvious, but some malware can hide in the background redirecting traffic or even logging keystrokes.
Even if you have security or antivirus software already installed it is still a good idea to occasionally run scans with another program to catch things your primary protection may have missed. If you find their software useful you can purchase the full version which adds real-time protection among other features.
Download Malwarebytes here
3. Protect your computer against viruses and spyware with Microsoft Security Essentials
Most people will agree that Microsoft finally got something right when they created Security Essentials, it just works. MSE provides real time and on demand protection against viruses and spyware without slowing down your system.
I’ve found Security Essentials to provide effective detection without the constant nagging and pop-ups you’ll find with other protection like Norton for example.
4. Encrypt your hard drive to protect against offline attacks
One of the imutable laws of security is , “If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore”.
Ever think about what would happen if your computer was stolen? Or if someone with physical access to your computer attempted an offline attack? Chances are good that your data would be stolen quite easily unless you’ve setup encryption of your hard drive.
If your using Windows 7 Ultimate or Enterprise drive encryption is already included, its called BitLocker. Microsoft TechNet has a detailed article on how to configure BitLocker.
If you do not have a version of Windows with BitLocker you can use TrueCrypt instead.
Whichever method you choose I highly recommend backing up your encryption keys.
5. Disable unnecessary Windows services
You can save some memory and a few CPU cycles while increasing the overall security of your system by disabling services that you don’t need.
By turning off services that you don’t need you can decrease the number of potential ways an attacker could compromise your system.
For a guide about which services you can safely disable I recommend visiting Black Viper’s website. On his website you’ll find guides for Windows 2000, XP, Vista, and 7.
6. Setup an account lockout policy
By default Windows does not have a lockout policy enabled. This means that someone could try to guess your password as many times as they want.
There are many programs out there such has Hydra that will automatically try to brute force passwords over the network. By configuring a lockout policy you can set your account to disable for a period of time after a certain number of invalid attempts. Doing this effectivly enables a brute force attack useless by greatly increasing the amount of time between attempts.
SimpleHelp.net has a great step-by-step article on how to setup a lockout policy.
7. Check your computers overall security level with Microsoft Baseline Security Analyzer
Microsoft BSA is a quick and easy way to check your computer for missing security updates and also common security mistakes like guest accounts being enabled, or having accounts with no passwords.
Once the scan completes it will show you what issues it found, how it identified that, and what you should do to correct the problems.
You can download the most recent version here.
8. Use OpenDNS to protect against botnets and phishing
OpenDNS provides free access to their DNS servers. By using their servers you can protect yourself against many common botnets and phising websites on the internet. As an extra bonus OpenDNS is typically faster faster then most ISP provided DNS servers as well. Check out my post on benchmarking DNS for more information.
9. Choose a strong password
The single best thing you can do to increase security is choose a strong password. If you want to get an idea how secure your current password is you can test it with the Microsoft Password Checker.
If your password is 8 characters or less and contains only lower-case letters and numbers current methods can crack it in a matter of minutes. If your password is based on a dictionary word you’re in serious trouble. Strong passwords are at least 8 characters in length and contain mixed case letters and symbols.
They key is creating a password that is strong yet easy to remember. If your password is so complex that you have to write it down because you can’t remember it then you have defeated the point.
Roboform is a great way to keep track of all of your different passwords. Roboform can automatically fill out forms and log into websites for you while keeping your passwords encrypted.
Download Roboform here
10. Backup your data
Even if you have taken all of the security precautions that you can there is still a chance hackers or viruses could get through, no security system is impenetrable. New zero day exploits emerge every day and until patches and detection rules are created you are at risk.
The cornerstone of any good security system is a backup plan. I recommend using Dropbox or Mozy to backup your most critical data offsite, both offer 2GB of free storage.
Do you have any security secrets of your own?