Ten Steps to Securing Your New PC
I just bought a new computer, and I want to make sure I've got all the security bases covered before I go any further. My last computer was ruined by viruses, and I don't want that to happen again. What steps to you recommend to make sure it's as secure as possible? |
Security Checklist for a New PC
You've just set up a brand-new PC and you're ready to go online. But before you do, there are several steps you must take to protect it against all the bad guys out there on the Internet: hackers, crackers, spammers, phishers, and other evil-doers in the dark corners of cyberspace. Here's a checklist to help you batten down the hatches:
ANTIVIRUS: Most PCs come with antivirus software trial packages ready to be installed. In fact, you will probably be prompted to install one immediately after your system is set up. Even if the default antivirus package is not the one you want to use long-term, install it anyway before you go Web surfing. You can always uninstall it after downloading your preferred antivirus. Just be sure to disconnect from the Internet before uninstalling antivirus, and don't reconnect until the new protection is installed.
If you want to ditch your paid anti-virus or internet security suite, there are plenty of free options available. And for most people, they will do the job just fine. See my articles Is It Time to Uninstall Norton and McAfee? and Free Anti-Virus Programs for a more detailed look at the issue of replacing commercial anti-virus suites with free alternatives.
UPDATES: Your operating system was installed on a new PC long before you brought it home. A number of security updates have probably been issued since then. Even a brand-new PC should have its operating system updated immediately to protect it against the most recently discovered vulnerabilities. The same goes for any browser or other application software you have on your machine. If Windows or an installed app says you need to download and install security patches, allow it to do so.
ROUTER: Install a router, even if you use only one PC on your "network." A router is one of the best protections you can have against invaders, and it handles security without tapping your PC's processing power. If you have high-speed Internet service (DSL, cable, or fiber) you probably already have a router that was installed by your Internet service provider (ISP).
FIREWALL: Make sure your network is protected by a firewall before connecting to the Internet. A firewall will protect you from unauthorized attempts to access your computer. See Do I Really Need a Firewall to learn more about both hardware and software-based firewalls.
SERVICES: Turn off unnecessary Windows services that may leave a crack in your security. As an added bonus, disabling unnecessary services will speed up your PC's performance. See my related article Speed Up Windows 7 for even more performance tips.
BROWSER: Internet Explorer, the default browser on Windows PCs, is the preferred target of hackers. Security experts differ about which browser offers the most secure web browsing solution, but my opinion is that you can reduce your exposure by switching to Firefox, Chrome, or another alternative browser. The continuous game of "security leap-frog" that's happening amongst the Big Three browser developers is actually a good thing. See my analysis of why Chrome is rapidly gaining market share in Is Chrome the Best Browser?
BLOAT: Uninstall software that you don't need. Every idle program on a new PC is a door that could admit a hacker or malware. PC Decrapifer is a handy, free tool that removes many pre-installed software packages that comes with new PCs.
ACCOUNTS: Create user accounts with appropriate privileges for each person who will use the new PC, and create strong user login passwords for each account. There should be only one administrator account.
SHARING: Windows file and printer sharing should be disabled if you don't plan to use it. From the Windows 7 start menu, click Control Panel / Network and Sharing / Change advanced sharing settings. From here you can enable or disable the sharing options.
EXTENSIONS: Unhide default file extensions. This default "feature" of Windows conceals the extension of a file in Windows Explorer, so that a Word document's name is displayed without the "doc" extension, for instance. The problem is that a malware file may conceal the fact that it is really an "exe" file that can execute a keylogger, virus, or Trojan on your machine. To unhide file extensions, Type "folder options" into Windows Search box and click on that item. Click the "View" tab, then UNcheck the box "hide extensions of known file types".
Got any other security tips you'd like to share? Post your comment or question below...
This article was posted by Bob Rankin on 16 Feb 2012
For Fun: Buy Bob a Snickers. |
Prev Article: Survey Results and Twenty Questions |
The Top Twenty |
Next Article: Is ActiveX Evil? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Ten Steps to Securing Your New PC (Posted: 16 Feb 2012)
Source: https://askbobrankin.com/ten_steps_to_securing_your_new_pc.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Ten Steps to Securing Your New PC"
Posted by:
jj alley
16 Feb 2012
How do I remove a USER account?
Posted by:
The other Al
16 Feb 2012
Rather than using automatic windows updates, some "experts" suggest waiting on Windows Updates until they have proven themselves to be satisfactory (and not break things). Susan Bradley, who writes for Windows Secrets, is one person whose advice I have learned to trust over the years.
EDITOR'S NOTE: I strongly disagree. Windows Secrets has been spouting this line for several years, and I think it's dangerous advice. For 99.99% of users, running Windows Updates on autopilot is the best course of action. How many users have the skills (or the time) to vet all of these updates, and then decide which to apply to their specific computers? The end result of trying to do this will almost certainly be missing some important update, and possibly a compromised computer.
Posted by:
D W Whitlock
16 Feb 2012
I just wanted to add a couple things to Bob's "10 Steps To Securing A New PC";
I think its very important that whatever anti-virus app that the user decides to use have heuristic detection built in to snag infections immediately. A very good stand alone anti-virus that uses heuristic detection as it's only mode of operation is Threatfire. This installable program is designed to be used together with any of the popular ant-virus apps that lack heuristic detection/protection. This will keep your PC from getting infected in the first place which is always most desirable.
Install Mozy or Carbonite. Just do it. When your HDD crashes, you will be so damned glad that all of your valuable documents, photos, music and other personal, non-replaceble items was backed up safe and sound on a very secure server. I use Mozy. It saved my bacon more than once. I don't worry about my data anymore. I can down-load it from Mozy's servers onto a new hard drive or a new PC anytime I need to and its soooooooo easy and cheap. There is no excuse anymore not to back up.
Hope this was helpful.
Posted by:
Cindy in KY
16 Feb 2012
This is one article I plan on saving. A new PC is in the wings and I will go over this article before I go online with it. Thanks.
Posted by:
Jeri
16 Feb 2012
Great suggestions. I would like to add: Install Spybot Search & Destroy, Malwarebytes and Super Antispyware, update and scan once a week using each one. Also install WOT (web of trust)
Posted by:
Bill Walter
16 Feb 2012
Please notify people do not open e-mail from canadian drug, or saying something about Viagara.
they hacked my address book and start sending e-mails out as me, then there add comes up. Thank You
Posted by:
Jerry Bullard
16 Feb 2012
Hello,
three optional things which I think can enhanse security.
1. replace the present, near empty,host file with a special host file such as http://winhelp2002.mvps.org/hosts.htm to block "sites" that are known for malware.
2. use a sandbox type software- I got this from a old newsletter of yours and i have recommended to various people .. if something does sneak in it limits the damage
http://askbobrankin.com/can_a_sandbox_improve_security.html?tbart
3, Another is use something like mcafee's site advisor that give you headsup info on a possible
dangerious site.
Posted by:
Gary
16 Feb 2012
Great advice Bob. This is the main reason I gave up on Windows and went back to Linux. Opera is still my browser.
Posted by:
Rich
16 Feb 2012
That's all well and good, but when it comes to turning off "unnecessary services," are you simply going to hang everyone out to dry? Where's a link to more info? Where are your examples? Do you really think it's a wise idea to tell your readers to turn off services and not tell them which ones?
EDITOR'S NOTE: I did give a link!
Posted by:
DES_Toronto
17 Feb 2012
Turning off network and print sharing is a new idea to me. However, when I went into Control Panel, I left the settings alone rather than follow you advice. It's not exactly clear what would happen. The wording suggest that, although I don't have a second computer on the network, I might not be able to use my iPod Touch and my Blackberry Playbook via my wireless router.
EDITOR'S NOTE: Turning off file sharing should have nothing to do with wifi connectivity of devices such as your iPod, etc.
Posted by:
Patrick Palmer
17 Feb 2012
Dear Bob, There is - or there used to be - a Norton uninstall tool. Perhaps McAfee provides one too? Please give us links to either, or both.
EDITOR'S NOTE: Both Norton and McAfee should uninstall cleanly using the Add/Remove Programs option in Control Panel.
Posted by:
ManoaHi
17 Feb 2012
ACCOUNTS: Create the user accounts as well as your own. Don't use the Administrator account as your general account.
Posted by:
D W Whitlock
18 Feb 2012
Bob,
With regard to always using Windows Update on auto-pilot;
I have my Windows updates (download & install) on full automatic. However, every month, 1 or 2 or 3 updates that are considered "critical" do not get installed on my Win 7 machine. I know this because each month Tech Republic comes out with their "Patch Tuesday". They e-mail this list to all of their subscribers that details all of the new updates that Microsoft has available each month. After Windows auto installs all of my auto-updates, I reboot and set add/change to show me all updates installed to date. Then I check the Tech Republic list for any critical/important updates that were not included in my auto-update from Microsoft. There is always at least 1. The missing updates that I find are always for Win 7, 64 bit, SP 1 or IE 9. I am careful to check these things. So far, when I go to Microsoft's site, find the updates that failed to get included, manually download & install them, my machine always accepts them without any protest. I wonder how many Windows machines are not fully patched
and protected because of missing critical updates that Windows failed to install. If I didn't subscribe to Tech Republic's newsletter, I would be one of those users too.
Bob, can you shed some light on this??
Posted by:
macproowner
25 Feb 2012
Great info if your a windows user but I am not and I was wondering if you have some great info for the mac users among us? I will be very thankful if you do!!!! lol, any little snippet will be helpful...
Posted by:
mwhdvm
28 Feb 2012
I too am a Mac user and would love to have some tips to keep my mac safe - or is there less to worry about?
Posted by:
RICHARD
19 Mar 2012
Bob,
Just curious on to install a free anti-virus protection if I tun off my internet connection.
You said it's best to disconnect from the internet when unistalling anti-virus and don't connect to the internet without having the new protection...How do I do this?
Thanks,
Richard