Windows

Windows 8 FAQ

Securing your PC

If you have recently bought or set up a PC then I suggest you take the following steps to secure your PC:

1. Install a Firewall

A firewall will block unwanted incoming and outgoing attacks to or from your PC. It will prevent trojans and worms attacking your PC such as the MSBlast (or W32/Lovsan). Windows 8 has the Windows Firewall installed, which blocks incoming and some outgoing connections , use that wherever possible if you don`t have a third party firewall (see the Advanced tab of your Internet connection). Some ADSL Modems will have a firewall, check documentation on your modem to see if it has one and whether its enabled. You can also buy or download a wide range of Firewall products such as McAfee, Norton Internet Security, ZoneAlarm, Panda Firewall, AVG and others.

Windows firewall

a) How to I allow Pings to my computers through a Firewall?
In the Advanced Settings, Inbound Rules, allow access for File and Print Sharing (Echo Request - ICMP v4-In).

b) How to do I allow other users access to my website through the Firewall?
In the Advanced Settings, Inbound Rules, allow access for World Wide Web Services (HTTP traffic-In).

c) How do I allow other users access to my shared folders and printers through the Firewall?
In the Advanced Settings, Inbound Rules, allow access for File and Print Sharing (LLMNR, NN Datagram, NB-Name, NB-Session, SMB and Spooler Service).

2. Install an Anti-Virus Product.

Firewalls will protect against some forms of attack but not all. Viruses come in all sorts of forms such as Macros, Programs, scripts and so on. Only an antivirus program will block and delete such threats. Windows Defender on Windows 8 can now detect and remore viruses and malware for you . Alternatively, there are many other anti-virus products to list see Product List..
For more information on viruses, see the Virus Library on symptons and removal instructions.

Action center

3. Use your Attachment blocking in your Mail Program.

Some Email programs such as Outlook and Windows Mailwill block downloading and execution of certain types of programs. For example, you can block viruses in Windows Mail by enabling blocking via Safety Options, Security and enable Do not allow attachments to be saved or opened that could potentially be a virus. You may disable this if you need access to attachment when needed, but leave it enabled at all other times!

4. Install an Anti-Spyware product

A lot of websites use suitable tricks to track and download private information about your self and your web browsing habits and tend to install plugins and programs that sometime hijack your browser to set your home page or display pop ups. Programs such as Defender can search and remove such products from your system. Ideally use two or more anti-spyware products as one may not detect them all. If you have User Account Control enabled, it will prevent malware from installing programs without your permission.
You can also restrict the types of cookies saved to your PC via the options in your Web Browser. For example, in Internet Explorer, use Tools, Internet Options, Privacy and set a privacy level to suit your web sites (Medium is suitable in most cases). For lists of spyware or adware programs visit Safer Networking and DoxDesk.
Use either Hijack This or MSCONFIG and check programs listed under startup and make sure they are required.

5. Clear out your Temporary Internet Files cache and Cookies cache

Copies of web pages and pictures are saved in a cache on your PC, clearing this cache out on a regular basis (no more than once a week) will remove any unwanted files. In Internet Explorer, goto Tools, Options, Delete Files or Delete Cookies. Using the Disk Cleanup facility can also clear out the cache.

6. Use more secure file systems

Where possible use more secure file systems such as NTFS on Windows NT,2000,XP, Vista,7,8 rather than FAT32 to secure your files and if possible. If you have Windows 8 Pro then you can take advantage of EFS (Encrypted File System) to secure data on the hard disk (make sure you back up data and certificates before using EFS). If you loose your certificate or account then it will be impossible to recover the data.

Encrypt file

Make sure you backup your personal certificate to a Floppy or USB stick, because if you loose that and need to recover data, it will be impossible to read the data again. See the Certificates management console.

7. Keep your PC up to date with latest security patches

Wherever possible keep your PC updated with latest security updates from the Windows Update web site or enable automatic updates using the Automatic Updates control panel.

8. Backup your data

Get a decent backup program in case your PC is infected, attacked or otherwise made unusable and require a reinstall. Programs are easily to reinstall but data is very hard to get back if deleted, overwritten or lost. A list of backup software can be found on this Product list.

9. Secure PC with usernames and passwords

Use a Standard user than an Administrator user when using your PC. . Linux or other unix systems tend to be secure but double check your setup anyway for any loop holes. Also, make sure that you always set a password for accounts including the administrator account, which is blank by default on most Destkop systems. Never write passwords down where they can be easily found and use complex passwords, using combinations of letters and digits and do not use personal information for passwords e.g. names, date of births, pets etc. which can be easily broken.

Never give out personal information such as account details, pins numbers or passwords from Emails sent over the network. Legitimate companies and banks will never ask for such information even if threatened with Account closure or suspension and never click on links provided on such Emails as they will always be sent to fake web sites.

10. Clear out your Contacts

A lot of viruses now uses your contacts to spread itself to other users. I suggest you delete any unwanted or old email contacts from your Address Book now and again. Also, so keep your Address book clear, turn off 'Automatically put people I reply to in my Contacts list' in the Send options of Windows Mail or any other email program, so that it doesn`t fill up with unused entries and restricts the number of potential victims of viruses! You can still add people by right clicking their email address in a message and selecting 'Add to contacts'.

11. Do not use Peer-to-Peer File Sharing Software.

File sharing software basically allows anyone to read files off your computer and bypasses your Firewall and all other security considerations. Consider this as a very risky. If so, do NOT login with an account which has administrator privileges, and apply strict NTFS permissions to the folder you use for file sharing and keep it well away from any personal data.

12. Do not advertise your email address.

Your email address can be searched for and use for spam very easily by programs that actively look for email addresses than can be used to spread spam. If you have your own web site DO NOT use the standard technique of using HREF and the MAILTO: method of displaying your email address, instead use Javascript to hide it from spammers and search programs (called webbots). If you visit a website and need to create a profile or login name, if it asks for an email address either enable the option to hide the address from public view or use another email address instead of your main email address.

13. Erase your hard disk before selling or recycling your old PC.

Programs and data can be easily stolen from hard drives on old PCs.A format will not clear it, you need to overwrite the data several times with a good secure erasure program which will write loads of 00000s then 11111s and 1010101s Good programs include software such as Drive Wipe. For more permanent destruction you could use a powerful magnet, a drill or a hammer to destroy the disk (only for the most paranoid users).

14. Make sure data is secure by using EFS or third party products

If you listen to the news, computers can be stolen and you may end up losing valuable data to theives. To protect your data you should use the Encrypted File System on Windows 8 Pro or Enterprise Editions. If you have Home editions you can use other products such as Folder Guard, DES Lock+, and PGP Desktop products.

15. Enable security options in your Browser

In Internet Explorer you should enable UAC (User Account Control) which will enable Protected Mode (see status bar at the bottom right), also enable the Pop Up Blocker to stop unwanted pops ups (although this may also disable legitimate pop up windows), and lastly enable the Phishing Filter (this can slow down browsing though).
To prevent phishing and downloading malware, try McAfee's Site Advisor tool to advise you on a site's safety.

16. Use BitLocker to secure your PC

If you have Pro or Enterprise edition you can enable Bit Locker to secure your PC. To enable it, goto Control Panel, System and Security, Bitlocker. To enable Bitlocker you need to have the Trusted Platform Module (TPM) enabled in your BIOS. Also you need a single partition (C:) to take full advantage of bit locker. An open source equivalent is called TrueCrypt. As you can see my PC can be BitLocked:

BitLocker not compliant

17. How can I secure my Wireless Network?

Wireless networks, if unsecured can be open for anyone to use and if you have an unsecure Workgroup, people can view files on your shared folders.
Windows 7 and 8 support Home Groups which can be secured with a password to restrict who can view shared files, this will only work if all the other computers are Windows 7 or 8 machines.

To secure your wireless network, you should enable encryption of all network traffic using WEP or preferably WPA2. You should also hide the name or SSID of your wireless network to prevent people trying to connect to it. Also, you can restrict the network to specific computers and mobile devices by putting them in a Wireless Station Access List so that unknown devices cannot connect. It is also a good idea to change the router's default admin password to prevent others from changing its settings and locking you out.

18. What is SmartScreen?

SmartScreen in Windows 8 allows you to be warned about any potential threats from unrecognised apps or programs before running them. You can turn in on via the Control Center, Action Center. It is three settings:
a) Get administrator approval before running an unrecognised app.
b) Warn before running an unrecognised app but does not require administrator approval.
c) Don't do anything (turn off Smartscreen)