Loading Search...

Wednesday, January 10, 2007

securing windows

in last 3 months, i have been fixing clients', friends', and families' computers totaling over a dozen times. all of them have similar (same?) problem. too much virus and/or other malware load as soon as windows start up and eats up so much resources that your cpu is always > 30% even that you just start up windows and have not start any other apps yet. so, even with pentium4 dual core or core2 duo, the computer still very very slow running any other apps.

many of them wont let you start taskman, command prompt and regedit. when you try to start one of those, it get closed instantly, or maybe your computer just reboot or just give you dummy command prompt that nothing can be done or displaying regedit in notepad, etc... some even reboot your computer when i open free.grisoft.com or other antivirus sites.

so, here i am trying to prevent thing repeats so maybe i can get less call for all the same problems again...

here's some steps you need to take to secure your windows:

  1. as soon as windows installed, create some users:
    • Administrator: default administrator users. give a good password so that no one else can use this without your approval. better yet, never use this account unless very needed to.
    • admin: give it 'Power Users' group and remove 'Administrators' group. give it good password. use it only to install apps.
    • yournamehere: give it 'Users' group and remove 'Administrators' group. you use this login on daily basis
    • guest: default guests account to let your guests use your pc
  2. install sudowin, or runasadmin or other similar tools. so that even you login as administrator, your previledges still limited.
  3. install winpatrol, softperfect personal firewall (or your favorite firewall), free AVG antivirus (or, your favorite antivirus), spybotsd and adaware. always keep them all updated.
  4. DONOT! NEVER! access internet (browsing, chat, email, downloads) as Administrator! you might want to use 1-defender
  5. NEVER download / install any software from untrusted sources. even that they claim to have most advanced antispyware or great games or free porns. search apps from trusted sources like download.com or softpedia.com
  6. if your computers used by many people (like in library or public kiosk) use shared computer toolkit
  7. use ghost or dixml to create a backup image of your installed system so you can recover fast and easy
  8. once again, always avoid login as Administrator whenever possible.
Phishing protection:
  1. use mcafee's free siteadvisor or the plus version
  2. if you use MS Outlook / Outlook Express, protect yourself from phishing emails.
that's it for now. i'll keep this instructions updated whenever possible.