Proactive Security - Part 2 (Windows 7 or Vista)

Although this is a stout defense system, I no longer trust it enough to use it for online banking and other business except for a few select credit card transactions. [See Part 3.]

1. Nothing is more important for online security than a firewall. Your computer may be attacked within seconds without it. I use the Windows 7 firewall in cascade with a router that includes a state-inspection hardware firewall.

I suggest a Linksys BEFSR41 (wired router) or WRT54GL (the wireless router I use) for your hardware firewall. Both of these include state-inspection firewalls.

2. I run Windows 7 as a Standard User [give the page time to load], which makes Windows 7 much more secure.

It is essential to set User Account Control (UAC) to "Always notify". [Start > Control Panel > Action Center > "Change User Account Control settings."] Most malware attacks are blocked under a Standard User account with this UAC setting. Do this for both your Standard User and Administrator accounts.

Installing programs: I quickly change my account type to "Administrator" rather than using "Switch User". Saves a lot of grief.

Process:
1) Click your account icon, located just above your account name at the right side of the start menu, and it will take you directly to the User Accounts control.
2) Click "Change your account type", supply an Administrator password and change your working account to "Administrator".
3) Install and start the new program(s). (I find it good practice to right-click the install file, and select "Run as administrator" to make sure there are no residual access restrictions.)
4) Don't forget to change your primary account back to "Standard User".

---------------------------------------------
It was never practical to run Windows XP as a Standard User — called "Limited Account" in XP. Windows 7 and Vista make it much more practical. That allows me to eliminate the intrusion prevention program (Online Armor) that I needed for my Windows XP security setup.

3. Since no defense is "bullet-proof", I keep my data backed up. I also create up-to-date drive images, using the Windows 7 "Backup and Restore" facility for that.

4. I run Sunbelt Software's new VIPRE, which combines antivirus and antimalware scanning protection. This is the only major security program I use with Windows 7. VIPRE was designed from the ground up to minimize drain on system resources. And their support people are all located in Tampa Bay, Florida. ;-)

"You can't put two four cylinder engines together and try to make a V8, you actually have to design something from scratch." — Alex Eckelberry, Sunbelt CEO

---------------------------------------------
Make sure that you uninstall any other antivirus/antimalware programs before you install VIPRE. Also, let VIPRE disable Windows Defender (which Microsoft may replace with another program some day).

VIPRE uses a unique virtual "sandbox" to run unknown files. If they exhibit malicious behavior, it's contained within the sandbox, which is deleted. Nothing is allowed to change the underlying computer system. [review]

5. Keeping up to date on security threats and remaining vigilant is nearly as important as having a stout firewall. I strive to do that at all times. ;-)

6. I do virtually all my browsing with Mozilla Firefox, and I have the WOT (Web of Trust) Firefox add-on installed. WOT looks for bogus links in webpages, and also in Gmail, Windows Live Hotmail and Yahoo! Mail. Don't surf without it. [advisory tale]

Now there's something for you Internet Explorer users too. It's called "SmartScreen Filter", and the protection it delivers is very similar to that from WOT. That is, if you wait for the upcoming release of IE8. Or you could install RC1, the first "release candidate" for IE8, which should be refined enough for you to take a (small) chance on.

7. I maintain tight security settings for Firefox, Thunderbird and other internet-facing programs. [detailed instructions]

8. I use Gmail, which blocks executables and scans attachments for viruses.

9. I keep Windows and all key programs -- not just internet-facing ones -- patched and up to date. It used to be that keeping Windows patched was the only thing that was critical. Now, cyber criminals are targeting programs that connect online — browsers, email clients, security software, instant messaging programs, media players — and also programs that open attachments — Word, Excel and PowerPoint, Adobe Reader, photo viewers, etc. I use Secunia's (free) "Personal Software Inspector" (PSI) to monitor all my software for updates. [how to use] [Secunia Forum] [alternatives]

10. I run F-Secure's Online Scanner once a week to check for rootkits and other malware that might have snuck in. It requires small custom add-ons for Firefox or Internet Explorer. Be sure to read the FAQ before installing the Online Scanner.

11. I've switched to OpenDNS: Your DNS server is a critical your Internet security. The DNS server that your ISP provides is usually just an afterthought. It is seldom up to date, and often not secure. The OpenDNS.com service is run as a business, not a burden, and the operators are passionate about what they do. OpenDNS also speeds up website acquisition, and pro-actively improves security by blocking phishing and other malicious sites. Real people there examine suspected phishing sites to determine if they are legitimate or scams. [instructions] [more] [video]