The computer is the primary channel most of us use to interact with cyberspace. So in order to protect it from cyber outlaws, we need to make it as small of a target as possible. In geekspeek, that’s called minimizing the attack surface. That requires thinking proactively. We’ll make it hard to get in so the bad guys will pass you by in favor of an easier target.
You are your computer’s biggest security feature
I should mention that if you’re looking for a quick set-and-forget method of securing your computer, you won’t find it here. That’s not how security works. Rather, it’s a continuous, intentional effort you make. It should become a way of life for every computer user. There are no magic settings that make your computer invincible. You’re the biggest security feature you could ever have.
Expand Table of Contents
- Keep your computer clean
Only install programs that you need and trust
Install an antivirus program and schedule regular scans
Install an anti-spyware program and scan regularly - Keep your computer fit
Make sure Windows is up to date
Update your programs regularly - Raise the shields
Use strong passwords on every computer account
Make sure your firewall is turned on
Lock your screen when you walk away
Turn off your computer when it’s not in use
Use a standard Windows user account - Hide your personal information
Encrypt the sensitive data on your computer
Destroy old sensitive data - Advanced security techniques
Use Microsoft EMET to help strengthen your programs
1. KEEP YOUR COMPUTER CLEAN
This is your job, not your antivirus’. If you’re not practicing good habits then your system will get compromised, regardless of how good your software protection is.
Only install programs that you need and trust
Every program you install adds a potential foothold for the bad guys. Remember, try to be the smallest target you can. The fewer programs you have installed, the less vulnerable you are. Only install what you need.
Additionally, unless a program comes recommended by a trustworthy source, don’t install it. Screensavers are NEVER recommended by trustworthy sources. I don’t care how precious dancing baby monkeys are.
To close a program without clicking anything, hold Alt and press F4
If you get an unsolicited request to install software (meaning you didn’t ask for it), then don’t install it. NEVER click on anything that pops up on your screen saying that you should install it, no matter how important it looks. It might be a legitimate program, but in that case do it the right way by going through the program itself or downloading the new version from the official website.
The security journalist and investigator Brian Krebs has three basic rules that sums all this up nicely:
- If you didn’t go looking for it, don’t install it
- If you installed it, update it
- If you no longer need it, remove it
Install an antivirus program and schedule regular scans
Antivirus programs have always excelled at one function: telling you that you’re already infected. These days, it’s true that they’re getting much better at blocking bad buggies before they get on your system, and sometimes will even remove them completely once you get infected. But you shouldn’t rely on it as your sole protector. Antivirus is only a single layer of the entire strategy.
Antivirus programs excel at one thing: telling you that you’re already infected
Think of antivirus as an absolutely essential last line of defense. If you’re lucky you’ll never need it, but it’s there when something bad happens. Everyone should have antivirus installed. It doesn’t matter if you ever download stuff from the internet or not.
If you want a free one, try Avast! or AVG Free or Microsoft Security Essentials. Or up your game and get a good pay-for solution like Bitdefender or Kaspersky.
Then just make sure to set a schedule to scan regularly and verify that it’s getting done. And keep in mind you can only have one antivirus installed at a time, or it will cause problems on your computer.
Related Articles
Should I Pay For Antivirus Software Or Is A Free Antivirus Program Enough?
Install an anti-spyware program and scan regularly
Anti-malware (or anti-spyware) is different from antivirus. You can have as many anti-malware programs installed as you want, in addition to one antivirus. Hands down, the best one out there is Malwarebytes’ Antimalware, but SUPERAntiSpyware is also good despite it’s questionable-sounding name.
The free versions of these programs are all you need, but they do not have real-time blocking or the ability to schedule scans. So you’ll need to remember to start a scan manually every once in a while. Or you can purchase one of the full versions, which is not a bad idea. They are well worth the money. Malwarebytes in particular has the benefit of being a one-time purchase, unlike pay-for antivirus which requires a yearly subscription.
2. KEEP YOUR COMPUTER FIT
How can you help to avoid getting sick? By staying in shape. Don’t let your computer’s health degrade over time.
Make sure Windows is up to date
New vulnerabilities are found in Windows all the time, just like any other software. Ensure that Automatic Updates is set to download and install them on its own. Windows is the most-used operating system in the world, so naturally, it’s the biggest target.
Related Articles
How To Update Windows Automatically – Instructions for Windows XP, Vista, 7 and 8
Update your programs regularly
Don’t ignore alerts that tell you a program needs updated
There are a lot of programs on your computer. And of course, the most commonly installed ones are the ones attacked the most. Java, Adobe Reader, and Adobe Flashplayer are among the most popular targets. But the list is endless.
Fortunately, many of these programs have alerts that tell you when there’s a new update available, or will update automatically. Don’t ignore these alerts. If Java tells you there’s a new version available, you need to install it.
Related Articles
How To Keep Your Programs Updated and Why You Should
How To Use Secunia Personal Software Inspector (PSI) To Keep Your Programs Updated
3. RAISE THE SHIELDS
Make it difficult for malware and bad guys to get in.
Use strong passwords on every computer account
Account passwords work against outside intruders as well as those inside
Every user account on the computer should have a strong password. You shouldn’t even be able to get on your computer without needing to type someone’s password. The importance of this can’t be stressed enough. It doesn’t only block access from someone sitting at your computer, but it can also block attacks from the outside.
A good password should have all these qualities:
- Hard to guess (don’t make it something that anyone can associate with you)
- Easy to remember (like stringing 2 or 3 unrelated words together)
- Complex (use all 4 character types: upper case, lower case, number, symbol)
Related Articles
Password Cracking 101 – How Hackers Get Your Passwords
Make sure your firewall is turned on
A firewall is a shield that that stands between your computer and the wild. All versions of Windows come with one that provides at least the most basic level of protection you need. If you want extra protection, you can find alternate firewall programs for free or for cash. These third party solutions usually come with extra features and more sophisticated controls, but the typical user may find them difficult to manage.
The Windows firewall provides only the most basic firewall functionality
If you’d like to try an alternate solution to the Windows firewall, check out the offerings from ZoneAlarm or Comodo (both free, but with pay-for options as well).
Often, antivirus suites also come with their own firewall as a bonus. So check to see if you aren’t already using one before downloading a new one.
Related Articles
How To Turn On the Windows Firewall – Instructions for XP, Vista, Win 7 and 8
Lock your screen when you walk away
When you step away from your computer, it’s a simple matter to password-lock your screen. This ensures no one gets on the computer while you’re not present.
Can you trust everyone who steps foot inside your house?
This is absolutely critical for laptops and other portable devices, but you should also do it on your home computers. Even if you trust the members of your household, it’s still a good practice. You can give them the password if you want. But get in the habit so that when you have the repairman over, or friends who bring their nosy kids, you’ve already got it done.
Related Articles
How To Password Lock Your Screen – Instructions for Windows XP, Vista, Win 7 and 8
Turn off your computer when it’s not in use
A simple strategy. When your computer sits for extended periods of time without being used, there’s no reason it can’t be turned off. Besides saving on your power bill, turning your computer off makes it impossible to attack. So shut it down whenever you know it’s not going to be used for a while, such as overnight or when you leave the house.
Use a standard Windows user account
If the account you log into when Windows starts up has administrator privileges, then it means you have complete access to everything on your computer. This is the type of account that is required to install programs and modify system files.
Any malware running on your computer has at least the same access privileges that you do
The problem with using an administrator account is that any viruses or bad guys trying to get on your system will also have complete access.
For regular daily use, log in with a standard account instead. You won’t even notice the difference until you do something that requires admin privileges. In that case, just type in the password for the administrator account and you’re golden.
4. HIDE YOUR PERSONAL INFORMATION
Keep prying eyes from being able to see your stuff.
Encrypt the sensitive data on your computer
Encrypting data makes it unreadable unless you have the password. There are good free programs that will do this. Try AxCrypt because it’s easy and secure, or TrueCrypt if you’re the more tech savvy type and want more control over the process. And remember to apply good password practices when creating the keys.
In addition, If you have a laptop, you should encrypt the entire hard drive. A big problem with portable devices is the ease by which they can be lost or stolen.
If any of your computers have a high risk of being stolen or lost, you should fully encrypt its hard drive
Just having a Windows login password doesn’t help because it’s easy to bypass. All the thief would need to do is remove the hard drive and plug it into their own computer like a giant USB thumb drive. This lets them see its entire contents without ever having to boot up your computer. Encrypting the whole drive prevents this from being possible. There are pay-for solutions that can do this, but Truecrypt will do it for free.
You should be aware that this is possible with all computers. So if you feel like any of your computers have a high risk of being stolen or lost, then you should fully encrypt those drives as well.
Related Articles
How To Use AxCrypt to Encrypt and Secure the Files on Your Computer
What is Encryption? The Science and Mystery Behind Keeping Your Data Safe
Destroy old sensitive data
Deleting files does not mean they’re gone. It just removes them from sight. They’re still on your hard drive and it’s possible to recover them. In order to delete files for good, you’ll have to perform the digital equivalent of shredding them. Some free programs that do this are File Shredder (my favorite) and Freeraser.
If you’ve deleted files without shredding them, then they’re still hiding in your hard drive’s free space
Then, once you start using a file shredding program, you should do a one-time wipe of the free space on your hard drive (unless your hard drive is an SSD in which case it won’t work and just wears out the drive).
Wiping the free space sounds strange but if you haven’t been in the habit of shredding sensitive files when you delete them, they might still be hiding in the free space somewhere. The program File Shredder (mentioned above) sports this feature, and so does CCleaner.
Lastly, when you get rid of an old computer, you should completely scrub the hard drive. That means shredding every bit of data on it.
In this study, hundreds of second-hand computers were scoured for sensitive data. The researchers found that many of the hard drives still contained personal data that was extremely easy to recover. Anyone could do it with software tools freely available on the web. Two drives even had enough personal data to completely steal the identity of its former owner. Not something you want to sell for a few bucks at a yard sale.
Related Articles
How To Securely Wipe Your Hard Drive with DBAN – Erase Your Data For Good
How To Securely Wipe the Free Space on Your Hard Drive with CCleaner
How Does Digital File Shredding Work?
5. ADVANCED SECURITY TECHNIQUES
If you’re still concerned about the vulnerabilities in your computer and you’re not scared to get some dirt under your fingernails, keep reading. But keep in mind that some of these techniques may break your system if implemented incorrectly.
Use Microsoft EMET to help strengthen your programs
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to help secure the programs installed on your computer. It addresses several vulnerabilities inherent in how the programs themselves interact with the operating system and hardware.
The explanation of how it works can get complicated, but luckily we don’t need to understand it just to make it work. Grab the user’s guide to help get you started. It also has some explanations of the technology if you want to dive into some real nerdy initialisms and programming jargon.
EMET requires .NET Framework 4 to be installed first. If you don’t have it, EMET will tell you when you try to install it.
Additionally, if you have a previous version of EMET already installed, be sure to uninstall it first.
Related Articles
How To Use Microsoft’s EMET 4.0 to Secure Your Programs