Three ways to improve Windows security
Three years ago, I attempted to condense PC security into 10 steps you could finish in about an hour. After a recent false-positive on a virus scan, I returned to that advice and realized that those tips are sorely out of date.
I'll re-examine the first three tips here and will cover the rest in posts later this week.
Step one: Set Windows to download and install updates automatically.
I don't do that anymore. Windows updates often cause problems, so I set Windows to download but not install updates. Then I wait a couple of days before actually applying the patches to see whether there are any reports of problems related to the fix. If all is quiet on the update front, I install the patches. I don't have to worry about forgetting because Windows will keep a little update icon in my system tray.
To change your Automatic Update settings in XP, click Start > Control Panel > Security Settings (in Category view) > Automatic Updates. Select "Download updates for me, but let me decide when to install them" and click OK. You'll find more about XP's automatic-update settings on Microsoft's Help site.
To access Vista's update controls, press the Windows key, type windows update, and press Enter. Click "Change settings" in the left pane, choose "Download updates but let me choose whether to install them," and click OK.
Set Vista to download updates but let you decide whether to install them via Windows Update's Change Settings dialog.
(Credit: Microsoft)Step two: Visit the Windows Update site (or Microsoft Update, as the case may be) to download updates manually if the PC has been off for a long while.
Perhaps a better destination for your first stop after an extended period offline is Secunia's Online Software Inspector or free Personal Software Inspector.
Both the online scan and downloaded program will check Windows and many applications on your PC to ensure that you're using the latest versions available. The client-based scan recognizes more programs than the Web-based service.
Step three: Enable Windows' built-in firewall.
This tip is way out-of-date. On the good side, the defenses built into Windows XP and Vista have improved considerably over the last three years. Unfortunately, they haven't improved enough to trust the safety of your system and private information to Windows alone. In my opinion, you simply have to use a security suite.
In the absence of a commercial security suite, you should activate the firewall and other security features in Windows Defender. But that's just not good enough. There are plenty of free antivirus programs, bidirectional firewalls, and anti-spyware programs. You'll also find a lot of security add-ons for the Firefox browser.
The problem is in managing several different security programs, any of which could conflict with some other app on your PC or with Windows itself. That's one of the principal advantages of a security suite: you can be pretty sure the various components will work well together, and you're dealing with only one vendor, for better or worse.
You can compare the virus-detecting ability of various security programs by perusing AVTest's most recent results, which include tests of the 2009 editions of most big-name security apps.
Next up are steps four, five, and six, which include keeping your browser safe. That will be the subject of my next post.
Dennis O'Reilly has covered PCs and other technologies in print and online since 1985. Along with more than a decade as editor for Ziff-Davis's Computer Select, Dennis edited PC World's award-winning Here's How section for more than seven years. He is a member of the CNET blog Network, and is not an employee of CNET. 
Step Two? Nice one.
Step Three? Not so sure - most exploits nowadays (thanks to, say, IE) whiz right past the firewall (the latest big exploit comes right in through port 80), and if you have a firewall on your home router, odds are that it should suffice (as long as you don't have kids and etc. who like to download tons of stuff, anyway). Otherwise, it's pretty useless in most home installations, and can often get in the way. Whether or not to use it depends on your technical comfort level and the apps you use. Leave it on if you're not sure, but otherwise... meh.
Step Four: Download and use Firefox for everything that isn't Windows Update. This way you can neatly avoid the vast majority of remote Windows exploits.
IMHO, Step Five: Buy a Mac. This way you won't have to worry so much about it. Apple's patches aren't notorious for breaking things, you'd have to knowingly install any exploits that have ever surfaced for it, and it just runs.
/P
Completely agree with the firefox option though. IE is probably the most retarded browser ever created.
Do you homework, know the vunerablities, get a hardware firewall at home, install a great AV system (ESET) - stop porn surfing, and backup your system more than twice a year... Ya IE is a piece of poo - so what, not new news to say the least..
Jclyow, script kiddies may be poking at Linux all day long (Mac as well for all we know), but so far they haven't been able to do much. On the other hand, the same script kiddy can own any winblows install in minutes, as evidenced by the numerous exploits in the wild for that platform.
Are all winblows apologists delusional, or are they paid by their master to attempt to delude others? I can't tell anymore.
I'm not a windows apologist. And I won't try finding an exploit for mac that installs itself. To be honest I simply don't care enough to. I use windows, have used windows since 3.1 came out. Yes it crashes, yes its unstable, yes there is alot of spyware and stuff out for it. And yes, I know how to protect against it all. Its called being smart and know what you're doing. Stop visitng pr0n sites and installing software that you're unsure of. As far as exploits for macs, lets wait until apple gets the same market share as microsoft in personal computer market, then we can compare the stability and reliability of the two. Why write viruses and such for stuff no one uses?
In any case, all OS'es are vilnerable and all OS'es are unstable. I have OS X crash on me just as often as I have XP crash on me (XP x64 seems to crash less often, and has lesser virri for it).
But whatever. Dalkorian, I wish I had a master that would pay me to talk good about windows. Maybe that way I can buy more hardware to upgrade my PCs with latest goodies. But I guess upgrade is a term not really known to mac community.
@ Jclyow: all OSes have script kiddies poking at them. Only one is consistently busted into as a result (hint: not Linux, not OSX). That alone should say something, yes?
To increase security on most machines without going to that extreme, keep the software updated.
To increase security on winblows machines, format the hard drive and install Linux.
I know, that was expected. All that said, about these 3 suggestions:
1. Remember to keep checking the WU settings periodically. M$ often thinks they know better than you and have changed that setting without the user's permission. One day your machine just starts installing things behind your back - this is why. I went the next step, WU only prompts me when there are updates to DOWNLOAD. I review them, remove the trashware I won't install (WGD, MSRT), then download. When that's done, it prompts me again to install - this is when I double check to make sure M$ didn't slip me a mickey before installing. Yes, sometimes WU downloads stuff it doesn't tell you about!
2. ??? Is this to ensure you're up-to-date and "secure" before you get online? Not a bad idea, I usually just roll the dice and run the typical updater though. What I won't do is surf online while downloading updates - update first, then work (or play as the case may be - winblows is a game console to me and worthless otherwise).
3. Winblows firewall? Please. I'd rather install a firewall from a company that has a clue what the word "security" means. That certainly is NOT M$. I use ZoneAlarm on my game rig and have been rather happy with it. but there are others. Any of them is better than the winblows trashware excuse for a firewall. Besides, how necessary is this when the router has a firewall too?
Linux yes its faster but your constantly messing around with the terminal which completely destroys all speed benifits am I correct?
Use Comodo Internet Security.
- by brynparrott June 10, 2009 4:13 AM PDT
- I guess I might have expected this type of article to generate the usual winows vs mac vs linux type of flame wars.
- Like this Reply to this comment
-
(11 Comments)So, I'm trying to work out objectively what extra value a mac pc holds in terms of the extra you have to pay these days to get one. Like $AUD3.5K or something, versus $AUD700 or so for a reasonable windows PC.
Does the Mac (presumably running windows in a shell to get all of my software to run..) slow down over a period of time to the point where its pretty much useless - ? (Windows does).
Does software written for Mac leave temporary files lying around the place for some housekeeping program to clean up (or the user). (Windows does).
If my sister gets a mac, will she always be phoning me up asking how to fix something (with windows she does).
These above are my main windows hates, have dogged me for years with no end in sight. Maybe its time to cross over to the dark side and bite into an Apple.
Anyway, getting back to the topic - who can point me to said objectively written article about win vs mac ?
Thanks in advance ?