Tip

How to secure Windows: System security pre- and post-installation

This tip will be the first of a series of articles on how to secure Windows. Make sure to check back each week for new Windows "how-to" advice.

Windows has garnered something of

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

a reputation with both the media and the IT security industry for being a lot less than perfect. To be fair, it is a reputation well-earned. Windows and related products are designed first and foremost for ease of use.

Everything else, and that includes security, comes further down the feature list. Of course, that is not to say that there aren't numerous things that can be done to improve Windows system security.

How to secure Windows: Preinstallation
Securing Windows really needs to start even before installing the OS. Sounds daft, but stick with me. Barack Obama came under fire during the U.S. presidential election campaign for using the phrase "lipstick on a pig" but that is exactly what installing Windows without giving prior consideration to security issues is like in terms of securing your computer.

Settings can be tweaked all day long after the event, but if you've put Windows on a pig it will just turn into a Windows-powered pig.

Avoid the 'oink factor' by always ensuring the following:

The Internet connection must be robustly secured, via router firewall for example, before installation.

Only install Windows onto a clean machine; never upgrade, as this can leave potential permission weaknesses with regards to Windows Registry keys and files.

Always make sure the machine is set to boot from the hard drive only, and create separate system and data partitions upon it.

How to secure Windows: Post-installation
OK, once installed, regardless which version of Windows is in use, there are some security best practice defaults that bear repeating:

  • Apply all hotfixes, patches and updates as a No. 1 priority.
  • Never, never leave a password entry blank and always, always make it a strong one. Administrator accounts are a magnet for malicious hackers, so protect them with the strongest possible passwords.
  • Talking of which, use the Security Policy tool in Windows XP and later versions of Windows to rename the real administrator account to something less obvious, while creating a decoy administrator account that has no group memberships and no real power.
  • If a service is not explicitly allowed, then access to it should be blocked or the service itself disabled. Certainly disable file and print sharing for Microsoft networks (NetBIOS and SMB services) barring a good reason not to do so.
  • Configure built-in antivirus and malware software, or alternatively, install and configure your own preferred choice in security software. With either choice, be sure to keep the software updated!

About the author:
Davey Winder has worked as a freelance technology journalist for nearly 20 years. He is based in South Yorkshire.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in September 2008

 

COMMENTS powered by Disqus  //  Commenting policy

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.