HOWTO - Protecting your Windows system

Too many people these days are coming into the forums requesting help on massively infected systems. So, I thought I'd compile something for the newbies that may be useful to help prevent infections and other useless trash on your computer.

Step One: The Core

This is the single most important piece of your computer. Chances are that if there's something wrong with this, the weakest link in the chain, everything will come crashing straight on top of you. I am talking about the Single Point of Failure (SPoF) on your system - the Operating System.

This critical piece (actually, make that ultra-hyper-mega-critical) of software is what manages the entire show and you dont want any unnecessary software messing with it. Not all Operating Systems are created equal. Technically speaking, server OSes are some of the safest OSes around. But usually you cannot go around installing these OSes unless you're a total geek with around 10 computers around your home and you need software to centrally manage them. When it comes to a single desktop OS, currently Microsoft Windows XP rules the roost.

Your choice of Windows OS preference in the order of safest first is:
Windows XP Professional
Windows XP Home
Windows 2000 Professional
Windows NT 4.0
Windows 98 SE
Windows ME
Windows 98
Windows 95

I would recommend you either stick to the Windows XP OSes, Windows 2000 Professional or Windows 98 SE. Needless to say, Microsoft Windows XP is currently the most safe computing environment for a user. And that neatly brings us to our next topic.


Step Two: Patching it Up

No OS is secure if you are running it straight out of the box. A long list of vulnerabilities are detected by security experts and Microsoft routinely releases update software to address these vulnerabilities and close them. Updates may either be :
Service Packs
Critical Updates
Hotfixes
Cumulative Updates / Rollups
Hardware Updates
Optional Updates

Service Packs (SP) are comprehensive updates to the OS, fixing every single vulnerability in the OS since the release of the OS itself or the last SP release. SP's also include major OS changes, newer updates to system files and they contain every single update to the OS that has ever been released. Also, SPs are cumulative, so if you were to install SP1, it would contain every single update since the OS release and if you install SP2, it would contain every single update that has been released since SP1, and it would also include the updates of SP1 also. So, if you are patching an OS with an SP, you dont have to go around installing SP1, then SP2, SP3, etc. Installing the latest SP would mean you're getting all the updates. The latest SPs for the various OS are:

Windows XP - SP2:
The best way to get SP2 for Windows XP is either via Automatic Updates (I will get to this later), Windows Update, ordering the free Service Pack 2 from Microsoft. However, if you want to download it yourself, a larger network install can be downloaded http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Microsoft only releases an SP for the OSes that can be used as full-fledged network clients, so there are no SPs for Windows ME, 98 SE, 98 and 95, only the standalone updates. However, an Unofficial SP exists for Microsoft Windows 98 SE.

Critical Updates are those very important updates that Microsoft releases in response to a threat against the Windows OS. There is no option and these should not be avoided. Installing these updates is a must if you dont want your system exploited or open to infection. Microsoft usually releases a slew of these updates every month.

Hotfixes are patches to existing Windows components that address a vulnerability in the code and are released as and when the vulnerabilities are discovered. Needless to say, you need these as well if you want to protect your OS.

Cumulative Updates and security Rollups are a bunch of related updates and hotfixes that enhance the security of the Windows component and also patch any existing unpatched vulnerability. Of course, you need these too.

Hardware Updates can sometimes be found on Windows Update when your hardware manufacturer, like your motherboard manufacturer, releases patches, fixes and updates that usually add functionality and improve performance of your hardware components. While these updates are optional, it is recommended that you install them because they often boost your hardware's performance and provide newer functionality that you can take advantage of.

Optional Updates are just that. They're optional and its your choice whether you wish to update/upgrade them. Usually, these fall in the category of extra tools for the Windows OS such as a newer Media Player, a Journal Viewer, Movie Editing Software, software to make applications programmed in the .NET environment to work, etc. You can safely ignore these updates if you are not planning to use them.

Microsoft releases a number of updates on the second Tuesday of every month, which many of us geeks fondly call "Patch Tuesday". Make sure you bookmark this day in your calendar each month and check for updates. Also, if a threat is severe enough, it may make the people at Microsoft release an update before the planned Patch Tuesday.

Also, most programs have updates for themselves. While some are improvements on features, its not uncommon for products to include security enhancements as well. Keep track of the products you're using and check for updates for your software products regularly. This is especially important when it comes to Microsoft Office products as their updates can have a significant impact on sysem security. You can always visit Office Update to check for the latest updates to your Office products.

Step Two Point Five: Honesty Pays

It is worthwhile to mention that when it comes to Windows OSes, it is better to pay for a legal, genuine copy of the OS to enable you to get the latest updates without a hassle. When it comes to Windows XP, it will not allow you to install a genuine copy of the SP or some critical fixes unless you have a legit version of the OS. Yes, cracked SPs exist and you can always install them, but you will be doing the world a lot of good, not to mention yourself, if you just get yourself a legit copy of at least Windows XP Home. You just spent over 20,000 on that new computer, the least you can do is spend another 4000 and live quite happily afterwards.

Step Three: Securing the OS

Here we will take a look at securing the OS itself without using any third party software. The most important tool here is the "Automatic Updates" option. You can usually find this option in the Control Panel, if you are running Windows ME, Windows 2000 (with the appropriate SP) or Windows XP.

When you open the Automatic Updates option, you will be faced with a couple of options including (exact wordings may differ)
Automatically Download and Install Updates
Download Updates but let me choose when to install them
Notify me of updates but do not automatically download or install them
Turn off Automatic Updates

It is recommended that you select Option 3 - "Notify me of updates but do not automatically download or install them" instead of Option 4, turning off the Auto Update feature. This way, when an important update is released, the Automatic Updates feture will inform you that updates are available for your OS and you can go to Windows Update and download and install them at your convenience. Also this way, you can tell when an update is being offered before the Patch Tuesday cycle and stay protected.

Windows XP comes with a built in Firewall to protect your computer, but its not a worthy solution when compared to a standalone firewall, so I will skip that in favor of a third party firewall solution.

Also, make sure you secure your user account with a password so that no one can fiddle with your system in your absence and then damage the OS.

Windows XP, when patched with Service Pack 2, comes with a Security Center option that can be accessed via the Control Panel. When you restart your computer after installing SP2, you will be prompted to choose an Automatic Updates method (1 out of the 4 choices) The Security Center also monitors the status of the built-in Windows Firewall, which is enabled by default and also the status of your antivirus program, whether it is on, turned off or if it requires an update. However, it only works with well known antivirus solutions. If any of these components are not working right or are turned off or disabled, the Security Center will pop up a warning in your system tray notification area, alerting you.

(via dctorrent)

0 comments

Recent Entries

Recent Comments

Recommended Money Makers