Preemtive Security - Part 2 (for Windows XP)

Although this is a stout defense system, I do not use my everyday computers for online banking and other business except for credit card transactions. I use a dedicated computer for sensitive transactions. [See Part 3.]

1. Nothing is more important for online security than a good firewall. Your computer may be attacked in seconds without it. I use a router that includes a state-inspection hardware firewall in cascade with the Windows XP Firewall.

2. I run internet-facing programs with reduced rights. This is an essential part of online security for Windows XP. You are much more secure running as a "Normal" user (reduced rights). But it's just too frustrating to to do that because so many Windows programs won't run right unless you're running under an Administrator account. The compromise is to run as an Administrator, but reduce the access rights of your internet-facing programs. I use Online Armor to reduce program rights, but there are good alternative methods

3. I keep Windows and all key programs -- not just internet-facing ones -- patched and up to date. It used to be that keeping Windows patched was the only thing that was critical. Now, cyber criminals are targeting programs that connect online — browsers, email clients, security software, instant messaging programs, media players — and also programs that open attachments — Word, Excel and PowerPoint, Adobe Reader, photo viewers, etc. I use Secunia's (free) "Personal Software Inspector" (PSI) to monitor all my software for updates. [how to use] [Secunia Forum] [alternatives]

4. I use a different, strong password for each of my online accounts. Using weak passwords, and using the same password for multiple accounts are easy habits to fall into, but they leave your accounts virtually unprotected. It may be awkward, but you need a different, strong password for each one of your online accounts. A robust password manager is essential too, because you'd never be able to remember a different, strong password for more than a few accounts.

5. No defense is "bullet-proof". I keep my data backed up, and I make up-to-date drive images (I use TrueImage) as insurance. No defense system is complete without precautions like these.

6. I run GFI's VIPRE, which combines antivirus and antimalware scanning protection. This is my only supplemental security program for this security setup. VIPRE was designed from the ground up to minimize the drain on system resources. And their support people are all located in Tampa Bay, Florida. ;-)

"You can't put two four cylinder engines together and try to make a V8, you actually have to design something from scratch." — Alex Eckelberry, Sunbelt CEO

Make sure that you uninstall any other antivirus/antimalware programs before you install VIPRE. Also, let VIPRE disable Windows Defender (which Microsoft may replace with another program some day).

VIPRE uses a unique virtual "sandbox" to run unknown files. If they exhibit malicious behavior, it's contained within the sandbox, which is deleted. Nothing is allowed to change the underlying computer system. [review]

7. Keeping up to date on security threats and remaining vigilant is nearly as important as having a stout firewall. I strive to do that at all times. ;-)

8. I do virtually all my browsing with Mozilla Firefox, and I have WOT (Web of Trust), AdBlock Plus, and NoScript Firefox add-ons installed. They all block malicious websites in one way or another. Don't surf without them. [advisory tale]

I haven't evaluated this list yet, but you might want to look at The Top 8+ Security & Privacy Extensions For The Chrome Browser if you're using it.

There's something for you Internet Explorer users too. It's called "SmartScreen Filter", and the protection it delivers is very similar to that from WOT.

9. I maintain tight security settings for Firefox, Thunderbird and other internet-facing programs.

10. I use Gmail: Google blocks executables and scans attachments for viruses. And, as mentioned above, WOT screens for malicious links in Gmail.

11. I use OpenDNS instead of my ISP's DNS service. OpenDNS pro-actively improves security by blocking access to phishing and other malicious sites. Real people there examine suspected phishing sites to determine if they are legitimate or scams.

Important Tips:

How to work with this security setup

There are some tricky aspects of making this security setup work for you. Online Armor, and other powerful security software, locks things down to the point that you sometimes can't do some ordinary tasks with your computer. I've provided some tips to remove some of the obscurity that makes it difficult for many users to work with this setup and those programs.

Tips for working with this security setup >>>

Bulletproof your browser:

And other internet-facing programs