Enable UAC

One of the first things some Windows Vista and Windows 7 users do after running Windows for the first time is disable UAC (User Account Control). Big mistake. Although it is annoying to put up with, UAC is only being obtrusive for your own good. It is designed to prevent programs from automatically executing on your computer without your express permission, and most of the nastiest malware installs itself by doing the very thing UAC prevents. Turn it on and leave it on.

To turn UAC back on, click the Start menu and click your user picture in the upper-right corner. In Win7, click Change User Account Control Settings and use the slider to change it from Never Notify to one of the other settings. We recommend moving it two notches up to Default, but for maximum security, move it all the way to the top setting of Always Notify. In Vista, click Turn User Account Control On Or Off, checkmark the Use User Account Control (UAC) To Help Protect Your Computer box, and click OK.

Web Filtering

One of the best ways to keep malicious Web sites from delivering their payload onto the computer’s hard drive is to set things up so nobody can access those sites in the first place. This is accomplished via filters that maintain a list of known malware sites and monitor your Internet connection to see if the computer is trying to access those sites, stopping those requests before they ever reach their destinations.

One such filtering product is OpenDNS (www.opendns.com). DNS stands for Domain Name System, and there are DNS servers scattered all over the Internet that convert the Web site addresses you type into IP (Internet Protocol) numbers that computers understand. For example, when you type www.smartcomputing.com into a browser window and press ENTER, that information, called a URL (uniform resource locator) is forwarded to a DNS server. The server looks up www.smartcomputing.com in its database and finds out what IP address is assigned to that particular Web site. Your Web browser then connects to that IP address, and the site loads in your browser. It’s kind of like calling an operator when you only know someone’s name (the URL), and then the operator (the DNS server) dials their phone number for you.

OpenDNS bypasses the DNS servers your computer normally connects to and lets you use theirs. OpenDNS automatically filters an enormous list of malicious Web sites by default. If your computer tries to connect to one of those sites after OpenDNS is enabled, your Web browser will act as if the site doesn’t even exist. There are additional filtering options as well that let you disable entire categories of sites that host things such as illegal content. All this, and the service is free.

The best way to take advantage of OpenDNS is to enable it on your home network’s router. That way, every device that connects to your home network is protected automatically without having to set up the service individually on each machine. There are detailed instructions for doing this with many routers at the OpenDNS Web site.

Anti-Everything

At bare minimum, you need one first-class antivirus program installed on your computer and at least one antispyware program installed. You can install multiple antispyware programs if you wish, but never install more than one antivirus program or they will conflict.

For years, Microsoft left antivirus and anti-malware chores up to third-party vendors, but during the development of Windows 7, they implemented Microsoft Security Essentials (free; microsoft.com/Security_Essentials). This is a one-stop shop for antivirus and antispyware that works unobtrusively without stealing a lot of resources from other Windows applications, and is highly recommended. It works with Windows XP, Vista, and Win7.

Download the program by going to microsoft.com/Security_Essentials and clicking the Download Now button. Setting up the software is a breeze. Find the icon in the Windows System Tray and double-click it to open the main interface. The Home tab lets you run manual scans for viruses and spyware, but it is best to have the software do this automatically at a time you set. Click the Settings tab and click Scheduled Scan on the left. Make sure the Run A Scheduled Scan On My Computer box is checked and use the drop-down boxes to choose a time. Quick Scan should suffice, but if you want to really make certain everything is rooted out, select Full Scan, which takes longer. Make sure the other two checkboxes are checked and click Save Changes to enable the automatic scan.

Next, click Real-time Protection on the left and make sure every box in that panel is checked. This will make sure your computer is protected from malicious Web sites and scan everything you download to make sure it isn’t infected. Click Save Changes.

Finally, click Advanced on the left and make sure all the boxes in that pane are checked before clicking Save Changes. These options make sure everything on the computer is scanned, including compressed files (such as .ZIP files) and removable USB drives. We recommend leaving all of the other Microsoft Security Essentials settings at their defaults.

You also should make sure Windows Firewall is turned on, if you’re not using a third-party firewall. This tool inspects all data on your Internet connection to make sure it’s authorized to enter or exit. In WinXP, click Start, click Control Panel, and click Security Center. If Firewall is labeled On, leave it alone. If it is off, click Recommendations and click Enable Now before clicking Close and OK.

In Vista, click the Start button, click Control Panel, and click Security. Click Windows Firewall, click Turn Windows Firewall On Or Off, and click On before clicking OK.

In Win7, click the Start menu, click Control Panel, and click System And Security. Click Windows Firewall, click Turn Windows Firewall On Or Off, and choose Turn On Windows Firewall (in both locations) before clicking OK.

Embrace Encryption

Much of your data would be of little interest to criminals, but passwords, financial info, and the like are a different story. You don’t want to leave those exposed, and encryption is the best way to keep it all private.

Encryption scrambles data so that even if someone gains access to it, they need an alphanumeric key to unscramble it. The longer the key, the better-protected your data is, and there are also various types of encryption from which to choose that offer varying levels of security.

One solid encryption software option is TrueCrypt (free; www.truecrypt.org). It works with WinXP, Vista, and Win7 and lets you set up a virtual hard drive on your computer that is always encrypted. For example, if you have a computer with a 500GB (gigabyte) hard drive, you can have TrueCrypt permanently set aside 5GB (or any other amount of space) as an encrypted virtual drive, and anything you store there is automatically encrypted.

Here’s how it works: Download the installation file and then double-click it to begin the installation. Accept the license terms, make sure the Install radio button is selected, and click Next. Leave all the checkboxes checked and click Install. Click Yes if you want to read the tutorial. Otherwise, click No and click Finish.

Double-click the TrueCrypt icon that appeared on your Desktop and click Create Volume. There are many options here you can explore later, but for now select the Create An Encrypted File Container radio button and click Next. Select the Standard TrueCrypt Volume radio button and click Next.

On the Volume Location screen, click Select File but do not click a file in the Windows Explorer pane that appears. If you do, TrueCrypt will convert that file into an encrypted volume, deleting its original contents. Instead, select a folder where you want to store the TrueCrypt volume, type a new name in the File Name field, and click Save. Make sure the Never Save History box is checked and click Next. There are a number of encryption algorithms to choose from on the next screen, but the default settings of AES and RIPEMD-160 offer a terrific combination of security and performance, so leave them alone and click Next.

Now it’s time to choose a size for the file. The free space on your drive is listed, and if you have a few gigabytes to spare, click the GB radio button and type 2 in the box. That should be plenty of room for documents, but if you want to encrypt a lot of pictures or video, which consume a lot of storage space, consider reserving more space. You can always create another volume later if you need more room. Click Next and type a password. Some tips are provided in the window, and keep in mind that if you ever forget the password you are about to use, you will permanently lose access to the encrypted volume. TrueCrypt doesn’t email forgotten passwords. Click Next, and if you see a message asking if you plan to store files larger than 4GB, choose Yes or No based on your preferences and click Next.

Choose NTFS for the file system, if it’s available, leave the Cluster on Default, and move your mouse around the screen to help create a strong encryption key before clicking Format. The volume may take a long time to format depending on its size and your computer’s speed.

Now when you open TrueCrypt, you can select a drive letter, click Select File, navigate to the volume you just created, and click Mount. Type your password and click OK. Now the volume will appear as a separate hard drive when you click the Start menu and Computer. You can use it the same way you would use any other drive on your computer, with the only difference being that the files in the TrueCrypt drive are automatically encrypted. When you go into TrueCrypt and click Dismount All, nobody will be able to access the contents of the encrypted volume without mounting it again and supplying the proper password.

Lockdown

The main problem with sharing a computer is that you never know what someone else has done on the machine or what Web sites they visited. This article has focused mainly on protecting the PC from outside attacks, but users messing things up from within is also a big threat. When you’re finished applying the tips in this article, be sure to read “The Power To Protect” on page 62 regarding establishing Parental Controls that can help protect users from themselves and keep your precious data intact.

Home Vista Security Windows Security & Privacy
Search MS Office A-Z   |   Search Web Pages/ Design A-Z