Give the Gift of Security
This holiday season, many readers will no doubt be giving or receiving Windows desktop and laptop computers -- machines that, despite Microsoft's best efforts, will still take a significant amount of tweaking to ensure they are sufficiently secure against hackers, viruses and worms.
If you are giving a PC as a gift this year, consider pulling it out of the box and handling the tweaking process yourself on behalf of the recipient. That way, you can be sure that your loved ones won't put off these important precautions until it's too late.
There are several steps users should take before doing anything else with a new Windows PC:
* Set up and use a non-administrator account: When you (or your children) browse the Web using one of these, spyware and other unwanted programs have a much harder time getting their hooks into your system because the account does not have privileges to install programs.
The importance of using a non-admin account for everyday functions like Web browsing cannot be overstated from a security perspective. Also, you should take this step before you do anything else, because it's a lot more work once you've installed a bunch of software and saved tons of files.
When you first fire up an XP computer, it will prompt you to create accounts for each person who will use the computer. The problem is that each account will automatically be given administrator status and will not be protected by a password.
Go ahead and create an account with whatever name you want. Then, when you're at the Windows desktop, click on "Start," "Settings," then "Control Panel" (or just "Start" then "Control Panel") and then "User Accounts."
Next, change the newly created account to a limited-user account. Click on the account name and select "Change the account type" from the options page that comes up, then select "Limited" from the next page and click on the tab that says "Change Account Type." That will return you to the account options page. From there, click on the "Create a Password" option.
You will be prompted to enter a password twice, and you'll have the option of entering a hint in case you forget your password. That page has tips on creating strong passwords, and Security Fix also has its own advice in a password primer. You should do this for every account you manually create at the startup screen.
When you're done, click the "back" button on the left side to return to the main User Accounts page. You should see three accounts there now: Administrator, Guest, and whatever name you assigned to the account you created.
On Windows XP Home, the Guest account will be disabled, but this doesn't quite lock it down. We want to assign a password to it. To do this, click on "Start," select "Run," then in the window that pops up type "cmd" to make a command prompt window pop up. At the prompt, type "net user guest (password)" replacing (password) with the password you want to assign to it (and again, don't include the quotes or braces).
If you do want to install a program while running the PC under a limited user account, right-click on the installation file and select "Run As," then select the account with administrator rights ("Administrator" by default, but if you're really paranoid like me you might consider renaming that to something less obvious), and enter the password for that account.
(Helpful hint: When installing new programs this way, if you change the default installation location (usually C:\Program Files) to your "Shared Documents" folder, you should have few problems using any program you install from any account you wish.)
* Use a Firewall: All recently purchased new PCs should already have Microsoft's Service Pack 2 installed, which means the built-in Windows firewall will be activated automatically. This firewall, however, mainly blocks just inbound traffic, and does little to stop programs -- good or bad -- from "phoning home" or otherwise sending data out of your machine.
Consider downloading and installing a third-party firewall product. A number of these do a great job of helping you determine which programs should have access to your Internet connection, and there are still quite a few free firewall options, including Kerio (http://www.kerio.com/us/kpf_download.html), Outpost Firewall Free, 8Signs, Tiny Personal Firewall, Jetico and Zone Alarm Free.
Wireless routers also can add a solid layer of protection, as most include a built-in firewall that should stop all unwanted incoming traffic from even seeing your PC on the Net. If you intend to use a laptop around the house with your Wi-Fi connection, be sure to follow the vendor's instructions for setting up encryption and securing the router with a strong password (do not make the password the same as your user name!).
Microsoft has a pretty good tutorial for wireless-router encryption setup, including instructions broken down by each of the major wireless hardware makers.
* Download and install all available Windows security patches: Again, most Windows XP machines sold today should have Service Pack 2 installed. This means that when you start it up for the first time, the machine should ask whether you want to enable automatic updates from Microsoft.
The default setting is for Windows to download updates when they become available, then prompt you to install them (and reboot) at your leisure. Whether you choose to accept the default setting or let Microsoft fully automate the process for you is a personal decision, but if you're setting this PC up for a relative who is not too security-savvy, it might be best to select "automatic."
Due to the lag time between the date the PC rolls off the production line and the time it is sold in the store, most new Windows PCs will lack at least a handful of essential security updates, and could be missing dozens of critical patches.
I strongly recommend that users visit the Microsoft Update Web site and download and install all available "critical" security patches, rather than waiting for Windows Update to get around to the process. This can take up to several hours, which is plenty of time for attackers to find and seize control of a vulnerable computer.
* Use and update antivirus software: If the PC comes with a free 60- to 90-day trial of antivirus software -- as most do these days -- make sure the software is equipped with the latest virus definition updates.
You might also consider simply removing the software and installing a free antivirus program. I say this because I have seen far too many users continually ignore the renewal prompts when their trial subscription expires, leaving their machine increasingly vulnerable.
Also consider downloading and using anti-spyware software. Microsoft's Anti-Spyware beta is still free, and should work just fine for the majority of users. Other good (and free) options include AdAware Personal and Spyware Blaster.
Finally, if you need help setting up your antivirus, anti-spyware or firewall programs, check out our video guides to securing your PC.
Failure to follow these basic security precautions could allow your PC to fall victim to viruses, worms or spyware -- or worse yet, to be ensnared by "bot" programs that allow attackers to control your machine remotely.
According to antivirus vendor Symantec Corp., the number of bot networks increased more than sixfold in the New Year compared with December 2004, a spike it said could be attributed to new, unprotected PCs appearing online in the New Year.
Posted by: D. Titus | December 23, 2005 6:25 PM | Report abuse
Posted by: arinews | December 24, 2005 10:35 AM | Report abuse
Posted by: Bk | December 24, 2005 12:06 PM | Report abuse
Posted by: ScottR | December 25, 2005 5:43 PM | Report abuse
Posted by: Mark Odell | December 25, 2005 8:38 PM | Report abuse
Posted by: Benton | December 26, 2005 12:44 AM | Report abuse
Posted by: DZ | December 28, 2005 12:28 PM | Report abuse
Posted by: DZ | December 28, 2005 12:30 PM | Report abuse
Posted by: Mike | December 30, 2005 5:42 AM | Report abuse
Posted by: Steve H | January 11, 2006 12:51 PM | Report abuse
Posted by: srini | July 30, 2006 3:16 AM | Report abuse
The comments to this entry are closed.