The below list is not meant to be exhaustive or to be a how-to for every suggestion, however I have provided links for most of the suggestion from which you can find more information.
This is a bit of a no-brainer, but many people still don’t use one. A good (and free) option to use is Microsoft Security Essentials, it performs well in AV tests, and in my experience runs lighter than other solutions. If you don’t mind paying you can try Norton Internet Security which has done quite well in tests recently, it also includes a firewall and other features.
Even if you have hardware firewall, it is worth having a software firewall installed on your pc as well. This allows out-bound traffic to be filtered, which would not necessarily happen with a hardware firewall. Also software firewalls can flag up suspect programs using HIPS. A good free firewall which has HIPS is the Comodo firewall.
Router with NAT Translation and a Stateful Packet Inspection Firewall
This makes it harder for external computers to connect to your network, for more information see here.
Have separate User and Admin accounts
Running in a standard non-admin user account for daily use can substantially reduce security risks, only use the admin account when installing programs etc.
User Account Control (UAC)
UAC is a highly effective tool, especially when combined with running as a standard user as mentioned above. However make it sure it is set up correctly with the slider right at the top.
Windows 7 has features like Address Space Layout Randomization, this was also in vista, but Windows 7 is much nicer to generally and more responsive.
Use a 64 bit version of Windows 7
64 bit windows includes extra protection like Data Execution Protection and Patch Guard.
Use Google chrome as your default browser
Make sure you install Chrome using your standard account, not the Admin account. This will make sure chrome installs into your document and settings folder as opposed to the program files folder. This is necessary as this lets Chrome auto update in a standard user account, which it can’t if installed in the program files folder. There are several security benefits of using chrome:
- Chrome auto updates itself, this means you will always have the most secure and up-to-date version
- The Chrome sandbox makes it harder to exploit the browser
- Chrome has flash built-in which ensures it is always auto-updated to the latest and most secure version, Chrome will eventually sandbox the plugin which will improve security
- When installed paste “chrome://plugins/” into the address bar (without quotes) and disable any plugins you don’t use
- Also consider using extensions like Flashblock and Adblock
Don’t install standalone Flash
When you need to use something with flash use Chrome, Flash is one of the main routes that a computer can be exploited via the web browser, so by using chrome’s version you can mitigate this risk. Also, do not install java unless you really need it.
Don’t use Adobe Reader
Adobe Reader generally has a lot of security flaws, try using an alternative like Sumatra or PDF-XChange PDF Viewer, Google Chrome also has a built-in PDF viewer in the Beta version, which i’m sure will soon come to the stable version. This is worth using to avoid various PDF exploits. If you really need to use Adobe Reader follow this advice for securing it.
Normally you use DNS servers that are supplied by your ISP, however there are now DNS services that screen domains for Malware, and prevent you accessing them. Two such services are Norton DNS and Clear Cloud DNS.
Turn on Microsoft Update
Microsoft Update is like windows update, but will update any Microsoft product including Microsoft Office etc.