Believe it or not, it does not take much to actually lock down a Windows PC & keep it secure. The basics can be done for free, and those who want to go over the top, the costs can be very minimal. Most things are pretty basic, easy to do & completely free. I base this write-up from over 20 years experience repairing, setting up & maintaining PCs for personal usage & basic home/office situations; and since I hate paying for software, neither should you. In nearly all generic & home usage situations, simply using a little common sense, while keeping up with the basics, your PC can remain secure for a long time to come.
Here is what I recommend doing:
- Hide your PC behind a hardware & software firewall
A hardware firewall keeps people on the net from directly connecting to your PC, unless you explicitly open the ports to allow them to see your system. Most broadband ISPs (such as cable & FIOS) provide a hardware modem/router, which contains a built in NAT firewall. If your ISP provides this, you should not need anything else & it should be pre-configured to block all incoming traffic (unless its a response to something you requested). If not, adding a wireless access point or similar home/SOHO router can be applied very very cheaply. Such a access point/router would be placed between your ISPs network connection & your PC, usually using an Ethernet cable.
A software firewall keeps other PCs/devices internal to the network you are connected to from accessing your PC. Pretty much every OS includes a software firewall. In current OS'es, this is generally sufficient, as long as your keep your OS fully patched. If you feel that the OS supplied software firewall is not sufficient, you may want to consider installing a 3rd party software firewall app, such as ZoneAlarm by ZoneLabs. However the built in OS'es software firewall is usually sufficient & does not add any additional overhead to your PC.
- Setup Windows Update (Microsoft Update) to auto run.
Normally its setup this way by default. However its best to go into your Control Panel & simply ensure its setup to automatically apply, just in case. If you don't leave your PC on 24/7, you should run the Windows Update feature once a month to ensure you are not missing any critical patches. As applying Windows patches is one of the most important things you can do for the security & stability of your PC. It was reported during 2011, that nearly 60% of all viruses can be stopped simply by keeping your version of Windows properly patched.
To turn on Automatic Updates:
1. Click Start, and then click Control Panel.
2. Depending on which Control Panel view you use, Classic or Category, do one of the following:
* Click System, and then click the Automatic Updates tab.
* Click Performance and Maintenance, click System, and then click the Automatic Updates tab.
3. Click the option that you want. Make sure Automatic Updates is not turned off. - Use Secunia PSI (Personal Software Inspector), to patch other apps in the background
The Secunia PSI app is FREE, super tiny, super light weight & can automatically patch many apps, add-ons & toolbars in hte background. Most are things you use everyday, but never realize. This includes things like iTunes, QuickTime, Java, Flash, Shockwave, web browsers & browser toolbars, just to name a few. It can also help auto-patch other Microsoft apps (other then Windows), that Windows Update may not be patching directly. And even better yet, it generates a security report to tell you how securely patched your PC is & if any of your apps are end-of-life (i.e retied apps, that are no longer being actively supported/patched but its creator). Like Windows patches, this closes a vast amount of the remaining security holes/threats left behind by other apps, which the remainder of viruses usually target. - Use NiNite to pre-install common/free apps (it also auto-patches those apps after installation)
Using NiNite is not actually a requirement, but a much easier way to address 2 different situations at one time. I feel using this app makes it much easier to install common & freely obtained applications/add-ons from a single location. You simple choose all the apps you want & the app then auto installs all of them for you. After installation, it automatically keeps those apps updated as patches are released & will automatically upgrade them to new versions as they come out. - Use a decent Anti-Virus application
It cannot be said enough that a good anti-virus application will help keep your PC secure; especially when surfing online. There are many decent anti-virus applications out there. I have been happy with AVG Free, Microsoft Security Essentials & Avast! Free. These are all free & easy to use anti-virus apps for home usage. Each of these apps have their strengths & weaknesses, but they are all well supported, free, pretty light weight on resources & do the job well - so you need only install one. If you feel you need additional protection, you can go with a all encompassing anti-virus suite, as such Norton 360, McAfee Total Protection or premium level versions of the free anti-virus applications noted above. However usually I find these all encompassing anti-virus apps are very bloated, resource hungry & really don't give a general usage/ home user much more protection then what you get when you simply follow the basics I note here, with a little common sense. - If needed, run a scan using a stand-alone anti-spyware app.
When the rare occasion has called for it, i found Ad-Aware or SpyBot Search & Destroy did the job pretty well. Each has their own strengths and weaknesses, but I think AdAware usually worked better for the basics.
There are many articles you can find online, which explain how to lock down a PC for security. If you need a stricter extra protection, beyond the common/basics, you may be interested in this article on LifeHacker.
And for those with a SOHO & small business networking situation, the same basic principals above would apply to your office systems. However you would likely need to pay for the software I recommended, as the free versions are usually limited to personal (not business) usage.
DISCLAIMER: The above information is only a general outline for applying basic Windows PC security & should not be accepted as the only way to lock down a Windows PC. SOHO & businesses should follow Payment Card Industry Data Security Standard (PCI-DSS) specifications, regardless whether they're collecting/storing payment data or not. As being PCI-DSS compliant is a good way to ensure you are covering all bases & that adequate minimum security guidelines are met. The steps above would get you one step closer to basic PCI compliance in a business situation. But while compliance programs, such as the Payment Card Industry Data Security Standard (PCI DSS), provide sound steps to increasing security, being PCI compliant would not make an organization/system/network immune from attacks.
If you like this site or any of its content, please help promote it. Use the social media buttons below to help spread the word. Don't forget to post in the comments section.
