The below list is not meant to be exhaustive or to be a how-to for every suggestion, however I have provided links for most of the suggestion from which you can find more information.
Antivirus
This is a bit of a no-brainer, but many people still don’t use one. A good (and free) option to use is
Microsoft Security Essentials, it performs well in AV tests, and in my experience runs lighter than other solutions. If you don’t mind paying you can try
Norton Internet Security which has done
quite well in tests recently, it also includes a firewall and other features.
Software Firewall
Even if you have hardware firewall, it is worth having a software firewall installed on your pc as well. This allows out-bound traffic to be filtered, which would
not necessarily happen with a hardware firewall. Also software firewalls can flag up suspect programs using
HIPS. A good free firewall which has HIPS is the
Comodo firewall.
Router with NAT Translation and a Stateful Packet Inspection Firewall
This makes it harder for external computers to connect to your network, for more information see
here.
Have separate User and Admin accounts
User Account Control (UAC)
UAC is a highly effective tool, especially when combined with running as a standard user as mentioned above. However
make it sure it is set up correctly with the slider right at the top.
Windows 7
Use a 64 bit version of Windows 7
Use Google chrome as your default browser
Make sure you install
Chrome using your standard account, not the Admin account. This will make sure chrome installs into your document and settings folder as opposed to the program files folder. This is necessary as this lets Chrome auto update in a standard user account, which it can’t if installed in the program files folder. There are several security benefits of using chrome:
- Chrome auto updates itself, this means you will always have the most secure and up-to-date version
- The Chrome sandbox makes it harder to exploit the browser
- Chrome has flash built-in which ensures it is always auto-updated to the latest and most secure version, Chrome will eventually sandbox the plugin which will improve security
- When installed paste “chrome://plugins/” into the address bar (without quotes) and disable any plugins you don’t use
- Also consider using extensions like Flashblock and Adblock
Don’t install standalone Flash
When you need to use something with flash use Chrome, Flash is one of the main routes that a computer can be exploited via the web browser, so by using chrome’s version you can mitigate this risk. Also, do not install java unless you really need it.
Don’t use Adobe Reader
Adobe Reader generally has a lot of security flaws, try using an alternative like
Sumatra or
PDF-XChange PDF Viewer, Google Chrome also has a built-in PDF viewer in the Beta version, which i’m sure will soon come to the stable version. This is worth using to avoid various PDF exploits. If you really need to use Adobe Reader
follow this advice for securing it.
DNS servers
Normally you use
DNS servers that are supplied by your ISP, however there are now DNS services that screen domains for Malware, and prevent you accessing them. Two such services are
Norton DNS and
Clear Cloud DNS.
Turn on Microsoft Update
Microsoft Update is like windows update, but will update any Microsoft product including Microsoft Office etc.
