- Make sure that Windows Update is turned on on all systems. This can be configured in different ways - "fully automatic", "tell me when there's a new update", "download the update but don't install it until I say so", etc. Microsoft typically sends out Windows updates every Tuesday, but occasionally if something is really "hot" they'll do it sooner. For a long time I only installed these things when I was absolutely sure what they were, but have become convinced that for most people it's better just to let Microsoft do their thing. Generally, they've gotten better and better at it over the years.
- Make sure you have at least WinXP Service Pack 2 installed. This is because it includes an updated Firewall, that is turned on by default. (If you do have SP2, make sure the firewall is still turned on!)
- You should be running some kind of anti-virus software. This is not as much of a great thing as it used to be, as the bad guys are figuring out other, even sneakier ways to be bad, but you should still run something. I am running a couple free ones (on different systems): AVG Free, and Avira AntiVir Personal. Historically, the well-known commercial titles such as Norton and MacAfee have gotten bigger and bloatier over time (to the point where I stopped using them), but at least one of those has recently de-bloatified their stuff. I still use the free ones 'cuz I'm cheap, but heard a plug by a reputable computer repair guy in Hawaii for the Kaspersky stuff.
- If you have a wireless network in your home, you really really should have a particular kind of wireless encryption (WPA) turned on. Your wireless connection can be the weakest link in your network - if it's not robust, all of the other things here are not worth nearly as much, especially in terms of data privacy/security. Don't rely on just the "WEP" kind of encryption - you must use "WPA". Older routers and laptop wireless cards don't support WPA - I had to buy a new card for my laptop since its built-in card is WEP-only. (If you want to run an "open" network so that your friends and family and the occasional drive-by "guest" can get on your network easily, that can be done - but there's a right way and a wrong way. Hint: the right way involves setting up a "DMZ" on your router.)
- If you travel and/or use free wireless access points (say, at your local coffee shop), you are taking your laptop's overall security into your own hands, and not in a good way. This topic is really beyond the scope of this list, but - briefly, you need to figure out a way to use some kind of so-called "tunnelling" communication protocol whenever you're connected to such a network (e.g., VPN, which stands for Virtual Private Networking). There are free ways to do this (e.g. OpenVPN, which I haven't tried), and there are certainly "payware" ways.
- Don't use a Windows user account that has Administrator privileges for your day-to-day computer activities. This turns out to be kind of a pain in the *ss in some ways, but it does lessen the ability for malicious software ("malware") to sneak and and do things at the "administrator" (god-like) privileged level. In all likelihood your user account on your laptop has Administrator powers - if nothing else, check and see if it does, using the Control Panel's "User Accounts" applet.
Wednesday, March 11, 2009
The Basic Basics - Part One of ?
I wish I could do this as a separate page or file that's part of this blog, but I can't figure out how to do that. Soooo... Here are some first-level things to think about in terms of "hardening" your system(s) and network against the bad guys.