HOWTO - Protecting your Windows system

Posted by tech master  |  at  11:56 PM

Step One: The Core

This is the single most important piece of your computer. Chances are that if there's something wrong with this, the weakest link in the chain, everything will come crashing straight on top of you. I am talking about the Single Point of Failure (SPoF) on your system - the Operating System.

This critical piece (actually, make that ultra-hyper-mega-critical) of software is what manages the entire show and you dont want any unnecessary software messing with it. Not all Operating Systems are created equal. Technically speaking, server OSes are some of the safest OSes around. But usually you cannot go around installing these OSes unless you're a total geek with around 10 computers around your home and you need software to centrally manage them. When it comes to a single desktop OS, currently Microsoft Windows XP rules the roost.

Your choice of Windows OS preference in the order of safest first is:
Windows XP Professional
Windows XP Home
Windows 2000 Professional
Windows NT 4.0
Windows 98 SE
Windows ME
Windows 98
Windows 95

I would recommend you either stick to the Windows XP OSes, Windows 2000 Professional or Windows 98 SE. Needless to say, Microsoft Windows XP is currently the most safe computing environment for a user. And that neatly brings us to our next topic.


Step Two: Patching it Up

No OS is secure if you are running it straight out of the box. A long list of vulnerabilities are detected by security experts and Microsoft routinely releases update software to address these vulnerabilities and close them. Updates may either be :
Service Packs
Critical Updates
Hotfixes
Cumulative Updates / Rollups
Hardware Updates
Optional Updates

Service Packs (SP) are comprehensive updates to the OS, fixing every single vulnerability in the OS since the release of the OS itself or the last SP release. SP's also include major OS changes, newer updates to system files and they contain every single update to the OS that has ever been released. Also, SPs are cumulative, so if you were to install SP1, it would contain every single update since the OS release and if you install SP2, it would contain every single update that has been released since SP1, and it would also include the updates of SP1 also. So, if you are patching an OS with an SP, you dont have to go around installing SP1, then SP2, SP3, etc. Installing the latest SP would mean you're getting all the updates. The latest SPs for the various OS are:

Windows XP - SP2:
The best way to get SP2 for Windows XP is either via Automatic Updates (I will get to this later), Windows Update, ordering the free Service Pack 2 from Microsoft, (click this link to place your order) or from the Digit September 2004 CD/DVD. However, if you want to download it yourself, a larger network install can be downloaded here.

Windows 2000 - SP4 Download

Windows NT 4.0 - SP6a Download

Microsoft only releases an SP for the OSes that can be used as full-fledged network clients, so there are no SPs for Windows ME, 98 SE, 98 and 95, only the standalone updates. However, an Unofficial SP exists for Microsoft Windows 98 SE.

Windows 98 SE Unofficial SP - Version 2.0 RC1 Download

Critical Updates are those very important updates that Microsoft releases in response to a threat against the Windows OS. There is no option and these should not be avoided. Installing these updates is a must if you dont want your system exploited or open to infection. Microsoft usually releases a slew of these updates every month.

Hotfixes are patches to existing Windows components that address a vulnerability in the code and are released as and when the vulnerabilities are discovered. Needless to say, you need these as well if you want to protect your OS.

Cumulative Updates and security Rollups are a bunch of related updates and hotfixes that enhance the security of the Windows component and also patch any existing unpatched vulnerability. Of course, you need these too.

Hardware Updates can sometimes be found on Windows Update when your hardware manufacturer, like your motherboard manufacturer, releases patches, fixes and updates that usually add functionality and improve performance of your hardware components. While these updates are optional, it is recommended that you install them because they often boost your hardware's performance and provide newer functionality that you can take advantage of.

Optional Updates are just that. They're optional and its your choice whether you wish to update/upgrade them. Usually, these fall in the category of extra tools for the Windows OS such as a newer Media Player, a Journal Viewer, Movie Editing Software, software to make applications programmed in the .NET environment to work, etc. You can safely ignore these updates if you are not planning to use them.

Microsoft releases a number of updates on the second Tuesday of every month, which many of us geeks fondly call "Patch Tuesday". Make sure you bookmark this day in your calendar each month and check for updates. Also, if a threat is severe enough, it may make the people at Microsoft release an update before the planned Patch Tuesday.

Also, most programs have updates for themselves. While some are improvements on features, its not uncommon for products to include security enhancements as well. Keep track of the products you're using and check for updates for your software products regularly. This is especially important when it comes to Microsoft Office products as their updates can have a significant impact on sysem security. You can always visit Office Update to check for the latest updates to your Office products.

Step Two Point Five: Honesty Pays

It is worthwhile to mention that when it comes to Windows OSes, it is better to pay for a legal, genuine copy of the OS to enable you to get the latest updates without a hassle. When it comes to Windows XP, it will not allow you to install a genuine copy of the SP or some critical fixes unless you have a legit version of the OS. Yes, cracked SPs exist and you can always install them, but you will be doing the world a lot of good, not to mention yourself, if you just get yourself a legit copy of at least Windows XP Home. You just spent over 20,000 on that new computer, the least you can do is spend another 4000 and live quite happily afterwards.

Step Three: Securing the OS

Here we will take a look at securing the OS itself without using any third party software. The most important tool here is the "Automatic Updates" option. You can usually find this option in the Control Panel, if you are running Windows ME, Windows 2000 (with the appropriate SP) or Windows XP.

When you open the Automatic Updates option, you will be faced with a couple of options including (exact wordings may differ)
Automatically Download and Install Updates
Download Updates but let me choose when to install them
Notify me of updates but do not automatically download or install them
Turn off Automatic Updates

It is recommended that you select Option 3 - "Notify me of updates but do not automatically download or install them" instead of Option 4, turning off the Auto Update feature. This way, when an important update is released, the Automatic Updates feture will inform you that updates are available for your OS and you can go to Windows Update and download and install them at your convenience. Also this way, you can tell when an update is being offered before the Patch Tuesday cycle and stay protected.

Windows XP comes with a built in Firewall to protect your computer, but its not a worthy solution when compared to a standalone firewall, so I will skip that in favor of a third party firewall solution.

Also, make sure you secure your user account with a password so that no one can fiddle with your system in your absence and then damage the OS.

Windows XP, when patched with Service Pack 2, comes with a Security Center option that can be accessed via the Control Panel. When you restart your computer after installing SP2, you will be prompted to choose an Automatic Updates method (1 out of the 4 choices) The Security Center also monitors the status of the built-in Windows Firewall, which is enabled by default and also the status of your antivirus program, whether it is on, turned off or if it requires an update. However, it only works with well known antivirus solutions. If any of these components are not working right or are turned off or disabled, the Security Center will pop up a warning in your system tray notification area, alerting you.

Step Four: Protection with Third Party Software

Antivirus Solutions

The biggest threat to a Windows system is a virus. How or why a virus attacks and how it spreads, I am not going to go into here. Usually a virus spreads through one of these mediums:
a) an infected floppy or CD
b) an infected file over the network
c) an infected file from the Internet
d) an infected file you received via e-mail or instant messenger.

An antivirus program is a third party solution that runs all the time in your system and monitors and protects your system from viruses and maybe, other threats, depending on the product and its version. It includes a scanning engine and a list of signatures of known viruses that it compares to files staying in your computer's memory and hard disk as well as the ones coming in and going out. If it detects a virus, it immediately stops the activity of the file and informs you about the virus' presence and prompts you to either clean the file or delete it. It should be noted that the major antivirus vendors, McAfee, Symantec, Trend Micro, Kaspersky, etc. release newer versions of their antivirus programs at least once each year in addition to releasing "updates" for the antivirus program every week.

You should have the latest version of the antivirus programs running at all times, and should also make sure its updated every week with the latest virus "signatures." Failure to do any of these two steps may mean an immediate infection. All antivirus programs come with an Automatic Update feature built in that will automatically contact its server and look for available updates and then download and install them automatically. It is recommended that you leave this feature turned on.

Here are a list of instructions that you should actively follow to prevent an infection:
a) Make sure you use the latest version of your antivirus and keep it updated weekly and make sure its auto-update feature is turned on.
b) Never use a CD or a floppy without scanning it for viruses.
c) Do not open files from the Internet without scanning them with the antivirus. Most download managers can integrate with the antivirus program to automatically scan the downloaded files. Turn this feature on.
d) Do not accept and download files from an Instant Messenger conversation if you do not know what it is. Also, all instant messengers can integrate with the antivirus. Turn this feature on.
e) Never open an attachment from an email, no matter what extension it is, without first scanning it with an antivirus. Again, all email clients can integrate with your antivirus solution to automatically scan for viruses in your emails.

Trial Software:
Norton Antivirus 2005
McAfee VirusScan
Trend Micro PC-Cillin 2005 (Currently the best, in my opinion)
Kaspersky Antivirus 5.0 Personal
NOD32 2.0 - v7.20
Norman Virus Control
CA eTrust Antivirus v7.1

Free Antivirus Software:
AVG Antivirus v7.308
avast! 4 Home Edition
AntiVir Personal Edition

Firewalls:

In this day, when broadband and LAN/Cable Internet access is rampant, there is always a chance that somemay may break into your computer, gain access and control your computer to do malicious acts without your permission. A firewall acts like a filter for the data that's going in and out of your computer. If it detects that a program is trying to access the Internet or your local network without your permission, it will stop such activity. Also, if a hacker or any other user tries to gain access to your computer without your permission, it will block all such activity too. The Windows Firewall that comes bundled along with Windows XP SP2 is woefully inadequate when it comes to protecting your computer.

The key to running a firewall efficiently is to configure it right. When it comes to configuring, the key steps to remember are these:
a) If you do not know the program, deny it access to the Internet and the local network.
b) Never allow the software to "remember" the access rights for a program, that is, do not wantonly check the "I know this program. Do not ask me again" for programs that you are not absolutely sure about.
c) Some Windows processes need access to the Internet or your local network to work the way its supposed to. Make sure you check the name of the program and its use before you allow or deny access.
d) Unless you run a server or play/host online or network multiplayer games, go ahead and deny inbound access to all programs except your mail clients, browsers, etc.
e) Do not allow programs to connect to the Internet unless they absolutely need to. So while Adobe Acrobat checks for an update with its servers when you start it up, thats OK. But when you are planning to play Quake 3 Arena offline and it tries to connect to the Internet, go ahead and deny it access this time around.

Good firewalls include;

ZoneAlarm (Free) (The best among them all, when you configure it right)
Kerio Personal Firewall (Free)
SyGate Personal Firewall Standard (Free )
Kaspersky Anti-Hacker v1.7 (Trial)
Norton Personal Firewall 2005 (Trial)
McAfee Personal Firewall Plus (Trial)
Trend Micro PC-Cillin Internet Security 2005 (Trial)


Anti-Spyware:

Chances are that you're probably using the default Internet Explorer browser that came along with your OS. The browser is literally the weakest link in the Microsoft OS and is a very popular target for people that write software to either attack your computer, or as in most cases, just increase their revenue. People write code called spyware/adware/malware that hijack your browser settings or install software that track your movements online or in some cases, totally prevent you from getting any work done and steal your Internet passwords. And if you're using Internet Explorer, you're their favorite snack.
To test the "integrity" of your browser and whether it is vulnerable to spyware and being hijacked and exploited, run the Browser Security Check here. Chances are, yes, you're very vulnerable. Fortunately, we have software just like antivirus programs - antispyware programs that prevent and clean attacks on your system. As with antivirus, the key to a good antispyware program is to leave its protection system running at all times and to update them regularly with the "signature libraries" of spyware.

Some of the well known products are:

SpyBot - Search and Destroy 1.3 (The best, in my opinion)
LavaSoft Ad-Aware SE Personal v1.05
Microsoft Windows AntiSpyware Beta

Another tools that prevents your browser being hijacked and your critical system settings being changed in BHODemon 2.0. You can download it here. Also, when you install antispyware like SpyBot, you will be prompted to install system protection software called "TeaTimer" and will be prompted to have it automatically startup along with your computer. Select this option and when an important change occurs, you have the option to either accept the change or deny it, effectively killing unwanted program installs and browser hijacks.

Misc. Tools:

Of course, you can always ditch the browser and go for a safer alternative. The best I would recommend is Mozilla Firefox, currently at version 1.0.1. Also the lightest browser around, it makes for the best replacement for Internet Explorer. It also automatically imports all your IE cache, settings, cookies and bookmarks, so you have to do nothing but install it and browse safe.

Get Mozilla Firefox 1.0.1 here!

Also, Microsoft has a Malicious Software Removal Tool that you can download and scan for and remove unwanted malicious software. A newer version of the tool will be released each month. Get it here.

In all my time, one tool that really caught my eye and bowled me over was BlackICE PC Protection. The program is actually a firewall for incoming data, but its being paranoid totally. The program totally blocks all incoming requests and literally hides your PC from the local network and from the Internet, making it totally invisible to the outside world. The program also bundles a nifty tool called "Application Protection." What it does is create a snapshot of all the installed programs and their "code" and if there is ANY change at all in the program, it refuses to let the program load without your permission. Of course, you can always authorize and add the program to a list, authorize it to run only once, or terminate it completely. This is the way a paranoid person like myself protects his system. There is no trial that I know of, but if you're interested you can take a look at the link I posted to find out more about the program.

I hope this helps. If anyone has anymore info to add on protecting their systems, please feel free to add it. I will post a HOWTO on fixing your problems with viruses, spyware and hackers tomorrow.

NOTE: A good site to get all your updates in one shot is The Software Patch or you can use third party tools like AutoPatcher to get the same job done.

3 comments:

What they says

Copyright © 2013 Techsense. WP Theme-junkie converted by BloggerTheme9
Blogger template. Proudly Powered by Blogger.| Distributed by Rocking Templates
back to top