Security is one of the most important issues in the Windows computer world. Over the years, as Windows gained popularity and as it grew to become the dominant operating system on the market, it became the prime target for hackers and other individuals who want to find ways to compromise your system. Additionally, we continue to use our computers for more and more activities, which results in a massive amount of highly valuable and confidential information stored inside. Today it is not uncommon to have personal financial information, hundreds of personal documents, and thousands of priceless digital photos all stored in our computers. As the amount of personal data stored on our computers increases, the reward to compromise a system increases as well. This creates an enormous need for a secure operating system that will keep your data safe.
According to Microsoft, Windows Vista is the most secure version of Windows released in history. While there has been a massive effort to completely rework the security model in Windows Vista, and Windows Vista is definitely the most secure version of Windows ever released, it is still not perfect. Security patches are still released to protect users from new attacks, and a lack of education on the new security features results in many users' not using them.
This chapter will help you get the most out of the new security features in Windows Vista and lock down your computer using common industry best practices to protect your computer from getting compromised.
The days when running an antivirus program on your computer alone was enough to protect it are long over. Now you need to play a more active role in the process of protecting your computer. The types of threats are changing very quickly. Currently, the most effective way to compromise a computer is by taking advantage of the human factor-that is, tricking you into running some code that will install a malicious program on your computer to help someone steal your data and take over your machine. Another effective method to compromise a computer is to exploit a known vulnerability in the operating system to break in. In this situation, a user is not up-to-date on their security patches and they are basically leaving the door unlocked so that anyone can just step right in and install and steal anything they want.
Taking an active role in securing your computer involves keeping up-to-date on the latest security news so that you know about new vulnerabilities and methods hackers are using to compromise your computer. Additionally, you need to know what to look out for to make sure that you do not fall for any undocumented hacks or tricks, as well as to make sure the known vulnerabilities are fixed on your computer.
This section is going to help you with all the aspects of actively protecting your computer. First, I show you some great ways to keep up-to-date on the latest security news. Then, I show you how to make sure that Automatic Updates in Windows Vista is working properly and that your computer has all known vulnerabilities fixed. Finally, I give you some pointers that will help protect you from falling for most undocumented and unknown hacks and tricks to compromise your computer.
One of the largest parts of taking an active role in protecting your computer's security is keeping up-to-date with the latest trends and news on active vulnerabilities. There are various Web sites and newsletters that can help you stay on top of the latest Windows security news. Take a look at the following sites and sign up for some of the newsletters to say on top of the latest security threats:
Microsoft's Security at Home Newsletter: This newsletter is targeted at less technical home users and has a lot of information on good techniques for better "human" security, as I mentioned earlier. The newsletter is free and you can sign up at http://www.microsoft.com/athome/security/secnews/default.mspx.
TechNet's Microsoft Security Newsletter: This newsletter, which targets advanced computer users, goes into more depth concerning the latest security patches released, in addition to general security news. This newsletter is also free and you can sign up at http://www.microsoft.com/technet/security/secnews/default.mspx.
TrendMicro's Security Info: This is a security Web site that will help you find out about the latest viruses, malware, and vulnerabilities for Windows Vista and popular applications that run on it. Visit http://www.trendmicro.com/vinfo/ to get the latest news.
McAfee Dispatch: This newsletter will alert you of the latest virus threats as well as keep you up-to-date with general virus-related news. The newsletter is free and can be subscribed to at http://www.dispatch.mcafee.com/us/.
US-CERT: This is the federally funded Computer Emergency Readiness Team Web site, which provides information on the latest security news and vulnerabilities for Windows Vista and every other computer software product, including applications that run on Windows. US-CERT is a very comprehensive Web site that has several RSS feeds that you can subscribe to with your favorite RSS reader or with Internet Explorer. Visit http://www.us-cert.gov to use this massive resource.
Another key part of actively protecting your computer is to make sure that all the known vulnerabilities have been fixed. Every month, Microsoft releases new security patches for all their products that fix security holes and increase the security of Windows. It is very important to make sure that your computer is set up to automatically download these new security patches and that it is working properly. With the new Windows Update feature in Windows Vista, this is easier than ever before.
Updating Windows Vista is quite simple and is something you need to do every month. Follow these steps to make sure that Automatic Updates in Windows Vista is working properly and that you have the latest security patches installed:
Click the Start button and then Control Panel.
Under the Security section, click Check for updates.
Make sure that your computer has the latest security patches installed. Click Check for updates from the top of the left menu, as shown in Figure 14-1. If any updates are available, make sure you install them right away by clicking Install Updates.
Figure 14-1: Updating Windows Vista with Windows Update
Now that your computer is up-to-date, make sure it stays that way by making sure Automatic Updates is set up and running. Click Change Settings to bring up the Automatic Updates details.
Make sure that the Install updates automatically box is selected, as shown in Figure 14-2. I also like to adjust the install time from 3:00 AM to a time I know my computer is going to be on. Because my computer is usually on when I am at lunch, I use 12:00 PM for my update time.
Figure 14-2: Configuring Automatic Updates in Windows Vista
After everything is set, click OK to save your changes.
Windows is now up-to-date and will remain up-to-date when Microsoft releases new security patches for Windows Vista.
As I mentioned earlier, one of the easiest ways to break into a computer to install malware or steal data is through the human factor. This works by taking advantage of the fact that we do not usually read the fine print for an application that we download or are just click-happy and click Yes on any dialog box that pops up. If you exercise a little caution and follow the upcoming recommendations, you can take the human element completely out of the picture. So, let's get started.
In Windows Vista, User Account Control provides more control over what applications automatically get installed on your computer. The days of visiting a Web site and getting junk automatically installed on your computer are over. In Windows Vista, User Account Control, when configured properly, requires you to authorize almost all changes to your computer, including system configuration changes and installing new programs. To some, these prompts can become overwhelming and result in the habit of just clicking Continue on all of them that pop up. Such behavior completely bypasses the new security features in Windows Vista, allowing almost anything to completely take over your system.
The next time you get a User Account Control pop-up, click the Details arrow, as shown in Figure 14-3, to find out exactly what you are allowing.
Figure 14-3: Viewing details on a User Account Control pop-up
Internet Explorer plug-ins are notorious for bundling all sorts of extra junk along with the application, especially those by Web sites that offer some free application. There is usually a reason why the application is free. Most companies are in business to make money and they have to make money some way. They usually get paid for bundling additional software with their software. This can result in a bunch of new applications popping up on your computer when you thought you installed just one.
Most of the more popular Web sites are a little more forthcoming about what extra junk they are going to install on your computer. You can find if they are going to install any other applications by reading the user agreement that everyone just clicks right past and by paying attention to the installation options. There are usually check boxes that enable you to prevent other applications from being installed. If you are visiting a lesser-known Web site or a Web site that may have illegal or adult content, I highly recommend not installing any plug-in unless you do research and can verify it is a legitimate plug-in.
If you are using your computer and you are hit with a surprise User Account Control pop-up, one that you did not expect, be very cautious about clicking Continue and allowing the request to be granted. For example, let's say you are typing a document and all of a sudden User Account Control wants you to approve a system change. This may be a big indication that your computer is infected with some sort of malware or virus that is trying to change your system settings. I recommend doing a full system virus and malware scan immediately to make sure that your computer is clean.
One of the best ways to secure your computer is to place it behind a firewall or a router device that will protect it from malicious Internet traffic. By blocking the public access to your internal network or wide open access to your computer, you can effectively kill the potential for certain types of direct attacks.
In the next chapter, I show in greater detail how you can use firewalls to protect your computer.
Your account is safe only as long as no one has or can guess your password. Make sure that you have a password on all your accounts and that it is never written down anyplace. The next section will help you secure your computer accounts and pick complex passwords that will be hard for anyone to guess and hack with brute force techniques.