Home PC Security 101

Who loves Windows?

The bad guys: the virus writers, the hackers, the crackers, and the black hats.

Why?

Because Windows is so full of holes they can easily break in to an unsecured Windows based PC. In fact, there are so many ways in; Microsoft continuously issues multiple security updates, which should probably be a new release of the operating system, not a patch. Also, be aware that sometimes, these patches break more than they fix.

Since about 99% percent of desktop users run Windows, it makes sense that 99% of the bad guys write exploits for that platform. Windows is not going to go away anytime soon, so you must deal with it.

An “always on” Internet connection is the only way to go, but there are bad things out there. Patiently waiting and listening.

An unprotected Windows based PC brought online (broadband) is generally compromised within 10 minutes, and the majority of people are unaware that an attack has occurred.

There are a few things you can must do.

1. Firewall
2. Antivirus Software
3. Spyware Detection Software

I use a dedicated PC running Linux for a firewall because I’m serious about this shit, but if you are going to use a software firewall that is not part of your virus protection, I recommend downloading it to another machine.

I also recommend downloading whatever virus protection you choose to another machine.

Do the same for spyware detection programs.

Save these, and install them on the machine before you bring it online.

Boot the machine with an online connection, and immediately update your antivirus software. Chances are, you have enough protection for a few minutes. Do the same for spyware, and then scan for viruses and spyware. Next, download and apply all the Windows security patches.

Remember, antivirus software is only effective with the latest pattern files, so whatever flavor you choose; ensure that it supports automatic updates. Depending on how active the bad guys are you might receive updates multiple times a day.

Once you are up and running with a clean machine, there is no reason to ever turn it off. Leave it on and let all the antivirus automatic updates run behind the scenes. I do not recommend allowing Windows patches to update automatically; this can be a problem. If your spyware detection is not part of your antivirus program, update it frequently.

Check the logs generated by these programs, and you will be amazed how many people are trying to hack your machine. Amazed.

Jack talks about it here and here.