Preemtive Security - Part 2 (Windows 7 or Vista)

Although this is a stout defense system, I do not use my everyday computers for online banking and other business except for credit card transactions. I use a dedicated computer for sensitive transactions. [See Part 3.]

I don't assume your security needs are the same as mine. They probably are not. My preemtive approach is based on many years of working with security as a hobby. I think it provides protection that is nearly as good as it gets without extreme measures.

1. Nothing is more important for online security than a firewall. Your computer may be attacked within seconds without it. I use the software firewall included in VIPRE Premium [see below] in cascade with a router, which also serves as a hardware firewall.

I am using Linksys WRT54GL (wireless) routers which include state-inspection firewalls.

It's critically important to set your router up securely.

The Windows 7 firewall is an adequate alternative to the VIPRE firewall.

2. I run Windows 7 as a "Standard User", which makes Windows 7 much more secure.

My blog post provides instructions for setting up a Standard User account.

Microsoft also provides instructions, but they leave out a critical step. ;)

3. I keep Windows and all key programs -- not just internet-facing ones -- patched and up to date. It used to be that keeping Windows patched was the only thing that was critical. Now, cyber criminals are targeting programs that connect online — browsers, email clients, security software, instant messaging programs, media players — and also programs that open attachments — Word, Excel and PowerPoint, Adobe Reader, photo viewers, etc. I use Secunia's (free) "Personal Software Inspector" (PSI) to monitor all my software for updates. [how to use] [Secunia Forum] [alternatives]

4. I use a different, strong password for each of my online accounts. Using weak passwords, and using the same password for multiple accounts are easy habits to fall into, but they leave your accounts virtually unprotected. It may be awkward, but you need a different, strong password for each one of your online accounts. A robust password manager is essential too, because you'd never be able to remember a different, strong password for more than a few accounts.

5. Since no defense can be truly "bullet-proof", I keep my data backed up. I also create up-to-date drive images, using the Windows 7 "Backup and Restore" facility.

6. I run VIPRE Antivirus Premium, which combines antivirus and antimalware with intrusion protection plus a 2-way firewall. This is the only major security software I use with Windows 7.

I recommend that you use the standard version of VIPRE, or not activate Process Protection in the premium version, unless you're prepared to handle significant interaction with questions and notices.

Make sure that you uninstall any other antivirus/antimalware programs before you install VIPRE. Also, let VIPRE disable Windows Defender (which Microsoft may replace with another program some day).

VIPRE uses a unique virtual "sandbox" to run unknown files. If they exhibit malicious behavior, it's contained within the sandbox, which is deleted. Nothing is allowed to change the underlying computer system. [review]

VIPRE was designed from the ground up to minimize the use of system resources. And their support people are all located in Tampa Bay, Florida. ;-)

7. Keeping up to date on security threats and remaining vigilant is nearly as important as having a stout firewall. I strive to do that at all times. ;-)

8. I do virtually all my browsing with Mozilla Firefox, and I have WOT (Web of Trust), AdBlock Plus, and NoScript Firefox add-ons installed. They all block malicious websites in one way or another. Don't surf without them. [advisory tale]

I haven't evaluated this list yet, but you might want to look at The Top 8+ Security & Privacy Extensions For The Chrome Browser if you're using it.

There's something for you Internet Explorer users too. It's called "SmartScreen Filter", and the protection it delivers is very similar to that from WOT.

9. I maintain tight security settings for Firefox, Thunderbird and other internet-facing programs.

10. I use Gmail: Google blocks executables and scans attachments for viruses. And, as mentioned above, WOT screens for malicious links in Gmail.

11. I use OpenDNS instead of my ISP's DNS service. OpenDNS pro-actively improves security by blocking access to phishing and other malicious sites. Real people there examine suspected phishing sites to determine if they are legitimate or scams.