2nd commandment: Use current OS versions and automatically get OS and application updates
If you aren't using the most current commercial version of the operating system, it's time to upgrade. Additionally, make sure you set the software to automatically apply updates (not just the OS, but all applications) and periodically turn off the computer, which is when many updates are auto-applied. An appalling number of security breaches occur because applications lack important security fixes that have been available for a year or more.
The computer vendor may also include helpful update tools. For example, Lenovo includes an update process that is designed to show all BIOS and driver updates available for that particular model. You can also manually start the update-check apps process. This may take several cycles, particularly for the first time around, if some updates require other updates.
"Third-party software is usually the vector that security intrusions come through, not the operating system," says Ed Bott, a Windows expert and ZDNet blogger. Flash, Adobe Reader and Java are three of the biggest targets, Bott says. While many programs include their own automatic update checker, Bott urges using a tool like Ninite or Secunia Personal Software Inspector, which automate update checking for all the applications on your computer.
3rd commandment: Use Windows' new security tools (and/or third party software)
Windows 7 includes a number of security controls and tools through its Actions Center (which replaces the Security Center), and other tools are available via the Control Panel, including:
- Windows Firewall: With its basic settings, this wards off basic attacks, and you can use its advanced settings for more specific control. There are also third-party firewall programs available.
- Microsoft's Microsoft Security Essentials and Windows Defender. These tools secure your computer against viruses, spyware and other malware.
Obviously another option is to invest in third-party security software, like individual anti-virus, anti-spam and other programs, or a security suite, such as Symantec's.
4th commandment: Set up (or remove) user accounts
Historically in Windows, the default account had administrator privileges--meaning that programs capable of taking unwanted insecure actions wouldn't have to first ask the user if they could run. Starting with Vista, Microsoft added User Account Control (UAC), which asked non-administrator users for permission to run certain programs or actions. With Windows 7, UAC still protects systems but less intrusively.
[Can you guess the 15 worst data breaches?]
Even so, managing which user accounts are--and aren't--available contributes to security in the following ways:
- Establishes non-administrative user account(s) for each user.
- Disables or removes user accounts that aren't used or shouldn't be there.
- Disables the "guest" account, unless it's needed. If it is needed, a password should be required for elevating privileges, to prevent unauthorized changes to the system.
Sign up for Computerworld eNewsletters.