A Dozen Security Resolutions for New Computers In 2010

If you are thinking of buying a new PC this holidays or want to improve your methods in securing your new computer and if you plan to wipe and start a new installation of Windows, here are some of the security resolutions that you might consider implementing.

• I will regularly backup my system drive and all partitions in external or online storage – Consider using the built-in Windows Backup in Windows Vista and Windows 7, if you do not have another back program. If you are a geek, you might want to try using ImageX tool by Microsoft, it’s free. You should also run a data backup in addition to complete PC backup: Backup your PST or any email database, images, videos, documents, password and license codes.
• I will patch the system or use patch management tool – Always remember to install the latest security fixes for Windows and installed programs. You can use Windows Update application in Vista or Windows 7 or visit Microsoft Update website. You can also manually download the updates from Microsoft Download Center or Microsoft Update Catalog websites. Automatic Update is also a feature in Windows, this is recommended settings for people who do not have time to watch or monitor for updates.
• I will install a vulnerability scanner – Some security updates are not installed properly or require a reboot to be installed successfully but there are times, a reboot prompt is not offered. There are times, a security update is not offered for some reasons. This means a vulnerability scanner is needed to make sure you don’t miss important updates and your system has reached the baseline in securing the system. You can use Microsoft Baseline Security Analyzer (MBSA), Secunia Inspectors or Belarc. Using Secunia, Filehippo Update Checker or CNET TechTracker will help to detect vulnerable and old versions in your system.

• I will use anti-malware and anti-spam in addition to using firewall and anti-virus – not all antivirus can detect or remove all types of malware. It’s recommended to install on-demand scanner or regularly run online scan to double-check that the system is free from any risk. Make sure that your anti-virus or anti-malware’s resident protection can prevent infection that is spreading through exploits and will detect rogue applications. You might want to install VirusTotal Uploader so you can quickly send a file for online scanning using several anti-malware scanners. E-mail continue to be one of the method to spread malware so make sure that your antivirus will scan the email or use anti-spam software like MailWasher to delete unwanted emails before retrieving the clean messages into your hard-drive. That is if your e-mail client’s anti-spam filter is good enough.
• I will clean-up the system and avoid duplicate programs – One way to keep the system healthy is to remove unnecessary programs that you are not using for a long time. Review the list of programs using Revo Uninstaller, CCleaner or the built-in Add/Remove Programs utility in Windows. You should clean the disk too by running the free space wipe feature in CCleaner et al.
• I will change my password every month –Always check and change your passwords every month to ensure no one will gain access especially if some applications has been found to have vulnerability with its password manager (e.g. Password Manager Disclosure vulnerability in Firefox). Also ensure that you have a strong password. Look at the video of Mr. Cluley – “Simple tips for better web password security“ or use Password Checker by Microsoft.

• I will check the security of network connection (modem or router) – Most modem and all router has control panel and this control panel is shipped with default admin and admin username and passwords. Immediately change the password of your devices to prevent anyone in hijacking your connection. Always create a strong passphrase if you are to share your connection or using many devices to share internet connection using a wireless router.
• I will review the configuration of all applications – Default settings is not recommended to use all the time. Spend some time in reviewing the settings or preferences in all applications including Windows. Take note of the default settings before making any changes, just in case! Also, if you are to install a new program, be careful in allowing the default installation. There’s many software are now bundling their installer with unwanted and unnecessary third-party applications and it’s pre-checked by default. Review every step of the way in installing any or using software.
• I am going to use monitoring tool on critical areas and add browsing protection – Some anti-virus and anti-malware do not offer an important feature in keeping the system secure: A monitoring tool or HIPS-like protection. You can use WinPatrol or TeaTimer in Spybot-S&D (not paranoid mode is recommended to non-advanced users) and/or PE Guard. It’s best also to install browser protection that will prevent loading of malicious and rogue websites. You can use Web of Trust, SiteAdvisor or TrendProtect. Or a Hosts file in system32/drivers/etc folder in Windows.

• I will review my online subscriptions – when is the last time you’ve check your health, album, online storage subscriptions? When is the last time you’ve updated the details of your newsletter or discussion forum’s subscriptions? There are many new settings that were implemented without your knowledge? A new privacy setting is maybe in place for you to uncheck or check to ensure that you are not broadcasting anything? If your membership or subscription will reveal anything online or the service has partnered with another company to provide extra features and if the services will not auto-link what you’re doing or published, you just need to review them now.
• I will not use or register to any service that I do not need – Follow me, I’ll follow you! Check out my pictures in Facebook! - If you received invitations from friends to use any services but you are not into it or you don’t need it for whatever reason, simply don’t use or register for it. Explain to your friends why you don’t want to join or use such services. If they are your true friends or followers, they will continue to visit your website or blog or will continue to be in touch with you via e-mail or any other messaging system that will not force you to join into something you don’t need or want. They will respect your decision while you continue to avoid services or software that you don’t need. That will save you time in managing unneeded accounts, in case there is hack attempts or malware infection (server side).
• I will use sandbox or virtual system applications, if I’m not using standard user account – Most XP users are not using Standard user account but using Administration user account. This is because most PC vendors have setup the XP system with administrator account. If you are using Vista or Windows 7, you are already using a user account that has fewer privileges because the User Account Control is enabled by default. It’s highly recommended to use standard user account to prevent any critical changes to the system by malware, rogue applications and buggy software which can cause instability or of course, damage and data loss. Consider using virtual environment when browsing or using the computer when the settings in using the computer are finished. You can use Windows SteadyState, Shadow Defender, Returnil, Sandboxie et al.

Have a safe and secure New Year!