Windows XP Help

Securing your PC

If you have recently bought or set up a PC then I suggest you take the following steps to secure your PC:

1. Install a Firewall

A firewall will block unwanted incoming and outgoing attacks to or from your PC. It will prevent trojans and worms attacking your PC such as the MSBlast (or W32/Lovsan). Windows XP has the Internet Connection Firewall installed, which blocks incoming connections only, use that wherever possible if you don`t have a third party firewall (see the Advanced tab of your Internet connection). Most ADSL Modems will have a firewall, check documentation on your modem to see if it has one and whether its enabled. You can also buy or download a wide range of Firewall products such as McAfee, Norton Internet Security, ZoneAlarm, CA Personal Firewall, Panda Firewall, AVG and others.

Windows Firewall

2. Install an Anti-Virus Products

Firewalls will protect against some forms of attack but not all. Viruses come in all sorts of forms such as Macros, Programs, scripts and so on. Only an antivirus program will block and delete such threats. Microsoft's products is called Security Essentials. There are too many anti-virus products to list see Product List.
For more information on viruses, see the Virus Library on symptons and removal instructions.

Security Centre

3. Use your Attachment blocking in your Mail Program.

Some Email programs such as Outlook and Outlook Express will block downloading and execution of certain types of programs. For example, you can block viruses in Outlook Express by enabling blocking via Tools, Options, Security and enable Do not allow attachments to be saved or opened that could potentially be a virus. You may disable this if you need access to attachment when needed, but leave it enabled at all other times!

4. Install an Anti-Spyware product

A lot of websites use suitable tricks to track and download private information about your self and your web browsing habits and tend to install plugins and programs that sometime hijack your browser to set your home page or display pop ups. Programs such as Defender, Spybot, Ad-aware and Spyware Blaster can search and remove such products from your system. Ideally use two or more anti-spyware products as one may not detect them all.
You can also restrict the types of cookies saved to your PC via the options in your Web Browser. For example, in Internet Explorer, use Tools, Internet Options, Privacy and set a privacy level to suit your web sites (Medium is suitable in most cases). For lists of spyware or adware programs visit Safer Networking and DoxDesk.
Use Hijack This or MSCONFIG and check programs listed under startup and make sure they are required.

5. Clear out your Temporary Internet Files cache and Cookies cache

Copies of web pages and pictures are saved in a cache on your PC, clearing this cache out on a regular basis (no more than once a week) will remove any unwanted files. In Internet Explorer, goto Tools, Options, Delete Files or Delete Cookies. Using the Disk Cleanup facility can also clear out the cache.

6. Use more secure file systems

Where possible use more secure file systems such as NTFS on Windows NT,2000,XP rather than FAT32 to secure your files and if possible. If you have Windows XP Pro then you can take advantage of EFS (Encrypted File System) to secure data on the hard disk (make sure you back up data and certificates before using EFS). If you loose your certificate or account then it will be impossible to recover the data. When erasing data securely use a secure file wipe program such as Wipe Drive.

7. Keep your PC up to date with latest security patches

Wherever possible keep your PC updated with latest security updates from the Windows Update web site or enable automatic updates using the Automatic Updates control panel.

8. Backup your data

Get a decent backup program in case your PC is infected, attacked or otherwise made unusable and require a reinstall. Programs are easily to reinstall but data is very hard to get back if deleted, overwritten or lost. A list of backup software can be found on this Product list.

9. Secure PC with usernames and passwords

Use a Limited or Power user than an Administrator user when using your PC. Windows 95/98/Me users would be recommended to upgrade to Windows XP if possible as those systems are insecure. Linux or other unix systems tend to be secure but double check your setup anyway for any loop holes. Also, make sure that you always set a password for accounts including the administrator account, which is blank by default on most Destkop systems. Never write passwords down where they can be easily found and use complex passwords, using combinations of letters and digits and do not use personal information for passwords e.g. names, date of births, pets etc. which can be easily broken.

Never give out personal information such as account details, pins numbers or passwords from Emails sent over the network. Legitimate companies and banks will never ask for such information even if threatened with Account closure or suspension and never click on links provided on such Emails as they will always be sent to fake web sites.

10. Clear out your Address Book

A lot of viruses now uses your Address Book to spread itself to other users. I suggest you delete any unwanted or old email contacts from your Address Book now and again. Also, so keep your Address book clear, turn off 'Automatically put people I reply to in my Address book' in the Send options of Outlook Express or any other email program, so that it doesn`t fill up with unused entries and restricts the number of potential victims of viruses! You can still add people by right clicking their email address in a message and selecting 'Add to address book'.

11. Do not use Peer-to-Peer File Sharing Software.

File sharing software basically allows anyone to read files off your computer and bypasses your Firewall and all other security considerations. Consider this as a very risky. If so, do NOT login with an account which has administrator privileges, and apply strict NTFS permissions to the folder you use for file sharing and keep it well away from any personal data.

12. Do not advertise your email address.

Your email address can be searched for and use for spam very easily by programs that actively look for email addresses than can be used to spread spam. If you have your own web site DO NOT use the standard technique of using HREF and the MAILTO: method of displaying your email address, instead use Javascript to hide it from spammers and search programs (called webbots). If you visit a website and need to create a profile or login name, if it asks for an email address either enable the option to hide the address from public view or use another email address instead of your main email address.

13. Erase your hard disk before selling or recycling your old PC.

Programs and data can be easily stolen from hard drives on old PCs.A format will not clear it, you need to overwrite the data several times with a good secure erasure program which will write loads of 00000s then 11111s and 1010101s Good programs include software such as Drive Wipe. For more permanent destruction you could use a powerful magnet, a drill or a hammer to destroy the disk (only for the most paranoid users).

14. Make sure data is secure by using EFS or third party products

If you listen to the news, computers can be stolen and you may end up losing valuable data to theives. To protect your data you should use the Encrypted File System on Vista Business or
Ultimate Editions. If you have Home editions you can use other products such as Folder Guard, DES Lock+, and PGP Desktop products.

15. Enable security options in your Browser

If you upgrade to Internet Explorer 7 or IE 8, you can enable the Pop Up Blocker to stop unwanted pops ups (although this may also disable legitimate pop up windows), and lastly enable the Phishing Filter (this can slow down browsing though). To prevent phishing and downloading malware, try McAfee's WebAdvisor tool to advise you on a site's safety.