Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 commandments of Windows security

Daniel Dern | April 24, 2012
With the introduction of Windows 7, many PC and notebook users may feel more secure than they did using older versions of the Microsoft operating system. Newer OSs have more security features, offer better out-of-the-box security settings and have closed many of the historical security holes. Windows 7, for example, has changed the default User Account Control level so that it's harder for rogue programs to run without first explicitly gaining the user's permission.

In general, disable any services and remove programs you don't need. For example, if you're sure your applications won't need it, you may want to uninstall Java. If your machine has Internet Information Services (IIS) running but doesn't need it, disable that, as well.

8th commandment: Secure your Web browser and other applications

Web browsers access Web sites that neither you nor your company control (and these sites, in turn, may have ads or link to other content that they don't control). Any of these may try to inject malware onto your computer.

Today's browsers include more security, like "private browsing" session modes that prevent any personal information from being stored, or don't save cookies or history for a session. However, this may interfere with productivity.

Check each browser's security options and select the ones that look useful, like Firefox's "Warn me when sites try to install add-ons" and "Block reported attack sites."

Set Microsoft Internet Explorer to have the highest security setting you can tolerate (since higher security often means you have to click more often), suggests Tom Henderson, Managing Director of, an Indianapolis, Indiana technology testing lab.

Additionally, look for browser "extensions" and add-ons that increase your browser's security, in a more per-tab, per-site or per-tab-session way. For example, the popular NoScript Firefox add-on allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted Web sites of your choice.

PDF readers may also be vulnerable to JavaScript attacks within the documents they're rendering. Make sure your PDF reader is secure; consider disabling JavaScript within it.

9th commandment: Rope in Autorun

AutoRun is a major threat vector for viruses and other malware in Windows XP and Windows Vista. [Editor's note: Simson Garfinkel called Autorun an "OS design flaw" all the way back in 2006.] With this function, the operating system automatically begins executing a program when it sees an autorun.inf file in the root directory of a new drive, such as a network drive, a CD or a flash drive. So, if you haven't yet moved to Windows 7, make sure you've got all the security updates for the OS version you are running. (See MS Security Advisory: Update for Windows Autorun.)

With Windows 7, all the security settings are "No Autorun." When you attach external media like CDs, DVDs, SD cards and USB flash drives, they will give you a dialog box offering to run a program, but by default, nothing happens automatically.

10th commandment: Consider application whitelisting and other controls "Whitelisting" refers to a list of everything you allow on your computer, including e-mail addresses your mail program can accept, Web sites your browser is allowed to connect to and applications the operating system is allowed to run. Whitelisting may not be a match for e-mail or Web browsing, but for preventing unwanted applications from running--such as malware or zero-day attacks--it may be a good additional tool.


Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.