Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 commandments of Windows security

Daniel Dern | April 24, 2012
With the introduction of Windows 7, many PC and notebook users may feel more secure than they did using older versions of the Microsoft operating system. Newer OSs have more security features, offer better out-of-the-box security settings and have closed many of the historical security holes. Windows 7, for example, has changed the default User Account Control level so that it's harder for rogue programs to run without first explicitly gaining the user's permission.

Consider renaming the administrator account so that it's not obvious to an intruder. Since this account can't be "locked out," password attacks can be performed indefinitely; changing the name makes the account less of a target.

5th commandment: Set passwords

Set the main Windows password, as well as the Power/Time to lock the system, with a screen saver, and require a password to resume activity.

Also, depending on the sensitivity of information on your system (did someone say "online banking"?), consider password alternatives, such as:

  • Fingerprint reader
  • Smartcard reader (contact or contactless)
  • Biometric facial recognition
  • RSA software and external token
  • Password "gesture" (e.g., Android tablets)

Another option is two-factor authentication, such as requiring both a fingerprint and a password.

6th commandment: Add/activate anti-theft tools

Invest in, install and activate anti-theft tools that can either lock the system; conduct an IP trace; report, take and send pictures; and even wipe the computer when a lost or stolen computer reconnects to the Internet. An example is Absolute Software's Lojack for Laptops.

Vendors like Lenovo are embedding Absolute's CompuTrace Agent into the BIOS, so even if somebody erases or replaces the hard drive, the agent is automatically re-installed.

Computers that include Intel Anti-Theft technology in their hardware let you add additional security services, such as automatically locking the main board until it receives the "unlock" password, lock or wipe if a machine goes too long without connecting to the Internet or if a user fails the login process too many times. Intel Anti-Theft is typically part of third-party security products like CompuTrace, adding perhaps $3/year, and as the anti-theft option on WinMagic's full disk encryption product.

7th commandment: Turn off sharing and other unneeded services

Windows allows you to share resources that are on your computer, like file-sharing (Shared Folders) and print sharing. Your computer's Internet connection management utility (Windows includes one, but many systems have their own) lets you define each network as either Public, Home or Work. If you mis-set a connection, your Shared Folders will be visible to other computers on the network.

Suggested Desktop Security Reading

If you are behind a firewall, when your computer's Internet connection manager tool asks you what kind of location/connect it is, you can call it either a Home or Work network, Bott says. But specify Public network if you are connecting directly to the Internet (e.g., at home or in the office), if you don't have a hardware router but instead are directly connected to the cable modem, or if you are connecting to a public network like a Wi-Fi hotspot or a hotel or conference Ethernet. This will ensure that no local sharing is allowed.


Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.