Hey, I found this on another website and I figured I'd post it since I don't see it on here already.
The average user installs antivirus and firewall software and then call their computer secure... Reality is: your computer is still not secure. Most viruses, trojans, -wares, etc. can easily disable any protection. I would say that my computer is more secure than the average user. Up to now, I never had any viruses, -wares, etc. on my computer. It is also recommended to have the professional version of XP and the latest updates.
Here are my security tips (See end for additional notes):
- Reformat and reinstall to remove all viruses, -wares, etc.
- Get antivirus, firewall, privacy, and spam protection from reliable and reputable vendors (ex. mcafee, trendmicro, symantec, etc.)
- For wireless networks: Use the WPA or WPA2 security protocol on your wifi devices
- Create two accounts: Administrator and User
- Password protect all accounts
- Set group policy settings using Group Policy Editor (gpedit.msc)
- Use the windows classic logon style instead of the windows welcome
- Turn on DEP (Data Execution Prevention) for ALL programs
Additional Notes:
*The Administrator of the computer has full control of the system. Most computer users have one or two accounts that have administrator rights. This means that anything/body can change or disable security settings. It is recommended that you create and use an account THAT IS part of the USERS group at ALL times (Run lusrmgr.msc to do this). Members in the Users group cannot make system wide changes which makes any attempt to compromise security useless. Therefore, if viruses, -wares, etc. were to get on your computer, it wouldnt affect the security because members of the Users group cannot make changes to system and program files due to restricted permissions; also, the antivirus and/or firewall will notify you. If you need to install something, right-click the setup executable and select runas and enter the admin login info.
*The Group Policy Editor (only available on Pro) is a powerful tool that system/network admins use to reinforce security. For example, the "LAN Manager Authentication Level" is a crucial security setting for windows passwords. Most password crackers generally get the password fastest by cracking the LANMAN hashing algorithm (easiest to crack) that is applied to windows passwords. Setting the "LAN Manager Authentication Level" to "Send NTLMv2 response only - refuse NTLM and LM" greatly increases password security because of the complexity of the NTLMv2 hashing algorithum. To crack this type of security would take forever and nearly uncrackable.
*The DEP prevents protects your computer from damages caused by viruses, trojans, etc. It is NOT a substitute for anti-virus.
I also found this too
For an added layer of security add a BIOS password
Take off boot from cd / floppy (change it back when you need it)
Set a screensaver and have it "on resume, return to welcome screen"
A router firewall will stop most attacks in its tracks
Make sure you only port foward necessary ports
Check msconfig for any new suspicious adds to your startup (once in a while)
CTRL ALT DELETE and check running processes for anything suspicious (once in a while)
Keep your system up to date
Common sense, don't open .exe files from random people ect...
Source: Securing your computer
Add on if you have anything else
The average user installs antivirus and firewall software and then call their computer secure... Reality is: your computer is still not secure. Most viruses, trojans, -wares, etc. can easily disable any protection. I would say that my computer is more secure than the average user. Up to now, I never had any viruses, -wares, etc. on my computer. It is also recommended to have the professional version of XP and the latest updates.
Here are my security tips (See end for additional notes):
- Reformat and reinstall to remove all viruses, -wares, etc.
- Get antivirus, firewall, privacy, and spam protection from reliable and reputable vendors (ex. mcafee, trendmicro, symantec, etc.)
- For wireless networks: Use the WPA or WPA2 security protocol on your wifi devices
- Create two accounts: Administrator and User
- Password protect all accounts
- Set group policy settings using Group Policy Editor (gpedit.msc)
- Use the windows classic logon style instead of the windows welcome
- Turn on DEP (Data Execution Prevention) for ALL programs
Additional Notes:
*The Administrator of the computer has full control of the system. Most computer users have one or two accounts that have administrator rights. This means that anything/body can change or disable security settings. It is recommended that you create and use an account THAT IS part of the USERS group at ALL times (Run lusrmgr.msc to do this). Members in the Users group cannot make system wide changes which makes any attempt to compromise security useless. Therefore, if viruses, -wares, etc. were to get on your computer, it wouldnt affect the security because members of the Users group cannot make changes to system and program files due to restricted permissions; also, the antivirus and/or firewall will notify you. If you need to install something, right-click the setup executable and select runas and enter the admin login info.
*The Group Policy Editor (only available on Pro) is a powerful tool that system/network admins use to reinforce security. For example, the "LAN Manager Authentication Level" is a crucial security setting for windows passwords. Most password crackers generally get the password fastest by cracking the LANMAN hashing algorithm (easiest to crack) that is applied to windows passwords. Setting the "LAN Manager Authentication Level" to "Send NTLMv2 response only - refuse NTLM and LM" greatly increases password security because of the complexity of the NTLMv2 hashing algorithum. To crack this type of security would take forever and nearly uncrackable.
*The DEP prevents protects your computer from damages caused by viruses, trojans, etc. It is NOT a substitute for anti-virus.
I also found this too
For an added layer of security add a BIOS password
Take off boot from cd / floppy (change it back when you need it)
Set a screensaver and have it "on resume, return to welcome screen"
A router firewall will stop most attacks in its tracks
Make sure you only port foward necessary ports
Check msconfig for any new suspicious adds to your startup (once in a while)
CTRL ALT DELETE and check running processes for anything suspicious (once in a while)
Keep your system up to date
Common sense, don't open .exe files from random people ect...
Source: Securing your computer
Add on if you have anything else
