Why Another Book on Windows Security?

There must be over a dozen Microsoft Windows security books on the market, each purporting to be THE book on Windows security. Unfortunately, they all miss the mark for one reason or another. I even tried to convince my publisher to title this book "Everyone Else's Windows Security Book Sucks" but for sound, logical reasons they declined.

The other books contain a lot of useful information, but not a lot of useful advice. Most address the wrong problem … that of the dedicated, wily hacker, and hence, the advice they dispense leads the reader to a false sense of security. This book covers the real threat to Windows computers and offers practical guidance to protect those systems.

My advice is proven in businesses large and small over two decades. Knock on wood, not a single client following my advice consistently has ever suffered a single successful malware or dedicated hacker attack. It may happen one day, but as of the publishing of this book, my record remains intact. How do I do it? It's no secret. I have published over 150 magazine articles in the world's leading computer magazines (plus four other books on Windows security), and I speak several times a year at the largest industry conferences. But after each client consultation or public speaking engagement, somebody always asks where he or she can read about all my advice. Prior to this book, I had to recommend that they google me on an Internet search engine and look for all my separate articles and presentations. This book contains my entire library of advice in one place. This is my treatise, my opus.

A lot of the advice in this book is unheard of in most circles unless you've read my articles or attended my presentations. The rest of the world keeps following the same drab advice and wondering why they still end up infected or exploited. I've frequently shared my creative advice with Microsoft for possible inclusion in new end-user recommendation guides. I have done a fair amount of technical work for Microsoft, but with a few exceptions, most of my unique advice has been discounted.

And perhaps that is the strangest realization of all. In my perfect world, when I come up with some good advice and share it with Microsoft, I envision the security workers there testing my advice and then embracing its simplistic approaches. In the real world I do have a few advocates within the Redmond-based company, but more often I get complete rejections of my advice without any testing done to prove or disprove its efficiency. Microsoft is full of very smart people, perhaps the smartest collection of people I've ever come across in any company. But like many large organizations, they suffer from a groupthink mentality that I can only liken to the pre-9/11 thinking of our intelligence agencies. My good ideas are only but a small cry within a very large bureaucracy where a thousand other good ideas are contending to be heard.

That's not to say that some of my ideas haven't been adopted by Microsoft. Some have, but they aren't spotlighted like they need to be in order to make Windows users more secure. Other ideas in this book were invented by Microsoft and heavily promoted since day 1. For example, the single best way to protect your Windows computer against malicious compromise is using NTFS permissions. As Chapter 3, "NTFS Permissions 101," will reveal, sometimes the best advice is so commonplace it is ignored. If everyone followed the default security permissions' guidance that Microsoft has been promoting since Windows NT 3.1 in 1993, perhaps 70–90% of all viruses, worms, and trojans would have been defeated. This book will reemphasize great advice, old and new, and teach you the way Windows really works.

Other chapters, like Chapter 5, "Protecting High-Risk Files," and Chapter 6, "Protecting High-Risk Registry Entries," are a little off the mainstream, but worth their weight in gold. They are why I am well compensated to consult with companies valuing computer security. I've even heard how some of my advice would make a Windows system unsupportable—as if my advice would somehow permanently impair a computer system. I'll teach you how to take any advice I recommend and remove it with three clicks of the mouse. When you remove my "damaging" advice and the software problem you're still trying to solve still isn't resolved, critics will have to look for the real problem.

What I do have is a compendium of good, practical advice. Even better, the vast majority of the advice can be implemented with just the tools that Microsoft put in Windows for free. I promise you that if you follow any of my advice, your Windows network environment will be substantially less at risk for attack than before. In the process, I will simplify explanations of complex technologies and discuss how Windows really works. Your knowledge, computers, and networks will be significantly stronger. And automated malware and hackers will look elsewhere for easier targets.