For better or worse, many of us need to run the Windows Operating System for one reason or another. I run Windows XP on my laptop and on one of my home computers.
However, running Windows takes a lot more care and feeding (and is more dangerous) than other operating systems.
To keep your Windows machines safe and clean, here are the tools and techniques I use personally, and have had good luck with. If anyone has better suggestions, or knows of something I've missed, please post a comment here, or e-mail me at trulore@yahoo.com.
TOP TEN WAYS TO KEEP YOUR WINDOWS CLEAN
1) Have a good hardware firewall to protect incoming traffic. I'm using a router with a hardware firewall which denies all port requests expect for the ones I explicitly open.
2) Have a good software firewall to alert you to outgoing traffic. It's always nice to know when programs try to access the internet without your knowledge. I used to run Zone-Alarm as a software firewall, but now Windows XP has a built-in software firewall that does a good job.
3) Use Windows Automatic Updates, or check for updates regularly yourself. Windows Automatic Updates is a little scary. I don't like the idea of Microsoft shoving any software onto my machine at any time they feel like it. But it's also the quickest way to get any emergency security patches that come out. So...if you want the ability to keep your Windows machine protected in real-time, you have to trust Microsoft to have open access to your computer. (ouch!!!)
4) Use a good anti-virus software program. I use McAfee VirusScan. Some say Norton Anti-Virus is good too. Neither of these are free. There are free virus scanners out there, but off the top of my head I can't make a recommendation on the best free one.
5) Use a good anti-spyware program. I like Spybot Search&Destroy. It's the best free Spyware remover on the market. http://www.safer-networking.org/en/download/
McAfee also offers an AntiSpyware package for $19.99 per year.
6) Use a good rootkit scanner. A rootkit scanner can detect programs that run "below" the operating system. Rootkit programs cannot be detected by anti-virus programs, because they are hidden to the Windows API. Rootkits are a relatively new threat in the PC world, so there aren't as many mature tools in this space. The best one I know of is RootkitRevealer. http://www.sysinternals.com/Utilities/RootkitRevealer.html This tool simply scans your drive for files that exist on the drive, but that are hidden from the WindowsAPI. Files that are hidden under the OS are a good sign of rootkit software running on your machine.
7) Use a browser that is secure, and has a safe sandbox for JavaScript and native components. Internet Explorer is notorious for having security holes in their JavaScript engine, ActiveScript engine, and Active/X containers. Your web browser is THE most common way for the bad guys (and marketers) to get inside your computer. So pick a browser that is hardened. I recommend Firefox.
8) Turn off your computer at night. Most hackers trying to get into your machine, and most mal-ware trying to call home, will do so at night. Lock the windows in your house when you go to bed, and turn off the "Windows" on your computer as well. The only truly secure Windows computer is a powered-off one.
9) Use an external hard-drive with an off-switch for your most valuable data. If I stumble onto a Web Site that exploits a hole in my browser and suddenly gives someone access to my computer, or suddenly wipes my drive, they at least won't get to my most sensitive files, because I keep my external drive turned off 99% of the time. I only turn that drive on when I'm paying bills or doing something where I do need access to my secure data. Playing games, chatting on Instant Messaging clients, and surfing the web are all high-risk activities on a Windows machine, so I turn the drive off when I do any of these things.
10) Be very careful and aware every time you install any program, no matter how trivial, on your computer. *NEVER* do the "Default Installation" if you have a choice. Always pick a "Custom Installation" so you can choose which pieces of a program to install. Almost every piece of software you can find on the internet these days will come bundled with other software that some other company as paid them to include in their distribution. Some of my favorite Open Source tools that I thought were safe have recently started including the Google Toolbar as part of the installation. I suppose the Google Toolbar isn't a malicious program (yet), but the point is that there are many companies out there paying big bucks to piggy-back their software onto other popular software that people use. When you run any program from the internet, and install any piece of software from the internet, you are opening a door to your computer. And there are countless hackers and greedy companies and marketers who will DO anything and PAY anything to get a foot in that door. All they need is a foot in that door, and then they can own your whole computer and own you.
To do all of these 10 things I've listed will take a lot of your time. And to buy tools to keep your computer safe will cost you more money per year than you spent to buy the Windows Operating System itself. And I'm not sure if this situation is going to get any better in the long-term. It may just get worse.
Consider the time and cost it takes to maintain a safe Windows Machine. If you are afraid of switching to a Macintosh or a Linux Operating System because of the additional hassle it takes to adopt a new Operating System, you might find that Linux or Mac will actually save you time and money (and your identity) in the long run.
But sometimes Windows is just unavoidable. It's too much a part of the computing landscape of this country, and has too much awesome tool support for me to abandon it completely, no matter how much hassle it causes me. So maybe you find yourself in the same leaky boat, and we'll forever be plugging leaks to keep our Windows machines afloat. :)
Sunday, November 13, 2005
Subscribe to:
Posts (Atom)
