Three ways to improve Windows security
Part one of the "10-Step Security" refresh focuses on keeping Microsoft's Windows XP and Windows Vista operating systems patched and protected.
Three years ago, I attempted to condense PC security into 10 steps you could finish in about an hour. After a recent false-positive on a virus scan, I returned to that advice and realized that those tips are sorely out of date.
I'll re-examine the first three tips here and will cover the rest in posts later this week.
Step one: Set Windows to download and install updates automatically.
I don't do that anymore. Windows updates often cause problems, so I set Windows to download but not install updates. Then I wait a couple of days before actually applying the patches to see whether there are any reports of problems related to the fix. If all is quiet on the update front, I install the patches. I don't have to worry about forgetting because Windows will keep a little update icon in my system tray.
To change your Automatic Update settings in XP, click Start > Control Panel > Security Settings (in Category view) > Automatic Updates. Select "Download updates for me, but let me decide when to install them" and click OK. You'll find more about XP's automatic-update settings on Microsoft's Help site.
To access Vista's update controls, press the Windows key, type windows update, and press Enter. Click "Change settings" in the left pane, choose "Download updates but let me choose whether to install them," and click OK.
Step two: Visit the Windows Update site (or Microsoft Update, as the case may be) to download updates manually if the PC has been off for a long while.
Both the online scan and downloaded program will check Windows and many applications on your PC to ensure that you're using the latest versions available. The client-based scan recognizes more programs than the Web-based service.
Step three: Enable Windows' built-in firewall.
This tip is way out-of-date. On the good side, the defenses built into Windows XP and Vista have improved considerably over the last three years. Unfortunately, they haven't improved enough to trust the safety of your system and private information to Windows alone. In my opinion, you simply have to use a security suite.
In the absence of a commercial security suite, you should activate the firewall and other security features in Windows Defender. But that's just not good enough. There are plenty of free antivirus programs, bidirectional firewalls, and anti-spyware programs. You'll also find a lot of security add-ons for the Firefox browser.
The problem is in managing several different security programs, any of which could conflict with some other app on your PC or with Windows itself. That's one of the principal advantages of a security suite: you can be pretty sure the various components will work well together, and you're dealing with only one vendor, for better or worse.
You can compare the virus-detecting ability of various security programs by perusing AVTest's most recent results, which include tests of the 2009 editions of most big-name security apps.
Next up are steps four, five, and six, which include keeping your browser safe. That will be the subject of my next post.