Basic security practices

I (mota) have honed my 'be safe on Windows' presentation down to basically these six points:

  • Use admin privs sparingly.

    • On Windows Vista and newer, do not disable UAC. Turn it up to the highest level.

  • Think about what you are agreeing to. Take the time to read the dialogs that present themselves to you.

    • If you don't know who you are trusting when you run the software, don't allow it to run.

      • Really think about this. What person or company does the software come from? What is their reputation?

    • If it looks hinky, don't allow it to run.

    • If you don't know what it means, don't allow it! There's always someone you can ask.

    • If you're installing warez, you're basically agreeing to let unethical people into your computer.

    • In summary: imagine yourself telling a judge why you felt ProgramX was trustworthy. If you haven't got a clear, explainable reason, then you probably shouldn't trust it with full permissions to your computer, all your data, all your email, and all the websites you will ever access. And yes, that's the level of trust you're granting to anything that requires admin privileges to install on your computer.

  • Keep Windows up to date. And reboot when prompted; it's not that big a deal.

    • Keep the rest of your software updated, too. Secunia's 2013 Vulnerability Review (as reported by Ars Technica) concluded that 86% of vulnerabilities found on Windows systems are in 3rd party software, not in Windows itself.

      • We recommend regularly running Secunia's Personal Software Inspector (PSI). This tool makes it simple to see what software is out of date, and provides easy links to update stuff.

  • Don't disable the Windows Firewall.

  • Use strong passwords. Long Passwords are Strong Passwords.

  • Back up your system regularly. All. disks. fail!

(I considered trying to rank these points in priority order. But they are all very important!)

The items in red will require changes in your own habits and skills. And yes, you will feel clumsy at the very beginning of your attempts to put these habits in place.

Microsoft has put up a web page with helpful advice as well. Much of it is similar to what you see here. Also see their Ten Immutable Laws of Security.

You will note that I have carefully NOT included antivirus software here. That's because I strongly believe that you are the first line of defense for your computer. Antivirus/antispyware/antimalware products can be helpful, but thinking of them as your first and only line of defense will fail sooner or later. Experts have noted massive failures in the 'antivirus only' approach. Sometimes, the anti-virus software can actually cause the vulnerability which lets malware onto your system.

Run AV software or don't - that's your choice. But if you carefully and unfailingly follow the steps above, you'll never see an alert from your AV software, because you will have avoided the threat before it could ever touch your PC. Think about that!

If you decide not to run a continuous-protection AV package on your PC, it is a good idea, but not 100% mandatory, to perform a malware scan using one of the many available webscanners from time to time.

Think something is wrong with this list? Got something to add to it? Email me!