Sunday, June 17, 2012

Better practices with Windows Operating Systems

Over the years, Microsoft has brought a significant number of improvements to Windows. However, there are still a few "shortcuts" taken, user or installation, that lower the security level of a Windows PC.

When Windows is installed, the only existing user is the local administrator, a user whose privileges include installing and removing applications, starting and stopping services (including anti-virus and security software) and modifying critical system files. A better practice consists in creating a non privileged user (normal user) and log on or use the run-as command as administrator only when needed. In that way, if a malware starts executing, it would inherit limited privileges and will potentially do less damages. Users are created in the management console: select "my computer", right-click, select "manage" and expand "Local users and groups".

By default, Windows comes with a lot of running services: Wireless network, Network discovery, various responders. In certain cases, none of them are really needed: for instance, if you have a desktop, there is little chance that machine has a wireless card. In that case, having the "Wireless service" is useless and it should be stopped. There are other examples, your mileage may vary but there are many services you could stop without having an issue. In many cases, this will free some memory and CPU for other tasks. Select "My Computer", right-click, select "Manage" and expand the "services" section. In order to prevent a service from starting when the computer boots, it has to be "manual" or "disabled". The former allows the service to be started by either another process or by an administrator. If the service is disabled, it cannot start at all.

If your computer is alone in your home network or if you are not sharing any files or printers using netbios, it is a better practice to disable it. In order to do so, go to your network interface, select "file and printer sharing" and disable it.

The Windows firewall is an important component of a system security. It prevents unauthorized connections to the system, but it can also filter outgoing connections. For instance, you may decide that outgoing SMTP connections only go to your provider's mail server (the one you have defined in Outlook). In the event a virus infects your computer, you will limit the quantity of spam sent. The configuration happens under the network interface. There is a tab for the network filter where you can define the traffic going in and out. Windows 2008 and 7 have a slightly different user interface that is more user friendly.

A hot topic is updates and upgrades. If Microsoft products are usually taken care of by the Windows Update Services - just remember it needs to be turned on - other applications such as Adobe Flash and Acrobat, Chrome Browser, Skype and so forth need to be updated by the users. Over the years, more and more of the developers have done a terrific job at adding auto-update functionality. I, however, recommend making sure that the latest version is installed by "checking for update", often found either in the "help" menu or in "about...". Be careful, however, of e-mails offering a patch: it is always best to use the application itself to check for updates, or to visit the vendor's website.

Last but not least, a good antivirus/antimalware is needed. Some are available for free, such as ClamWin or BitDefender. While this is not a silver bullet against all malwares, a good AV will help keep your machine clean.


Happy Surfing!