Your PC or laptop will never be more secure than it is the moment you lift it out of its box: shiny, untainted and unconnected to anything that can do it any harm. To guarantee that it will remain in such a state, your only real option is to pop it straight back in the box or, at the very least, keep it away from web connectivity. But, these days, a PC without the web is less than a half a machine, and with a little judicious planning you can limit the risks to any computer.
We've put together a simple checklist of 10 key things to take care of when you first boot your new system. The basic principles apply to any computing device, but we've focused on Windows PCs for two reasons: they represent the biggest single group of computers, and they are under the greatest threat.
The key phrase here is 'limiting risk'. We don't guarantee security if you follow all of our suggestions, but we strongly suggest that you do. Virtually all internet security threats exist in order to part you from your hard-earned cash, but criminals are by their very nature corner cutters. If you make it hard for them to defraud you, they will, with luck, simply move along to the sucker down the way, letting you enjoy your new computer with peace of mind.
1. Antivirus, antispyware and firewall
It sounds simple, and it is, but you'd be amazed at the number of people who still don't get this, so we'll say it once more. As the barest minimum level of security, every PC that is capable of being online should have antivirus, antispyware and a software firewall. It's critical that each is kept up to date, and that regular scans are scheduled.
The good news is that getting hold of good-quality security software has never been easier.
All the important security vendors sell their wares in bundles known as "internet security suites", and each of these will contain at least antivirus, antispyware and a firewall. What's more, you can download, install and purchase them direct from the internet – although if that is your plan of action we suggest it is the first thing you do when getting online. Indeed, you may not even need to go that far, as most PCs ship with a trial version of a security suite, and your broadband supplier may even supply such software free of charge.
Proceed with caution here, however. Not all security programs are of the same quality, and the trial bundled on your PC is there principally because the software maker paid good money to the PC builder for the opportunity to collect your renewal fee when the trial expires. Read PC Advisor's security software reviews and our Group test: what's the best security software? story before making a decision, and don't skimp on this purchase – it could be the most important investment you make in your PC's career.
2. …and all the other aspects of a good internet security suite
As we stated in the first tip, not all security software programs are equal. You could, should you choose to, grab individual antivirus, antispyware and firewall programs, perhaps even without paying a penny. And this might work fine, although you may find that programs from different vendors work against each other, rather than in concert.
You'd also be missing out on the additional benefits that a good, modern internet security suite offers. We're talking about behavioural security software and crowd-sourced antimalware, in conjunction with and in addition to traditional signature detection.
As a first line of defence, signature-based detection is unsurpassed. This is where the software signature of any program that tries to infiltrate your PC is compared to a database of known malware. Thus can the vast majority of viruses, Trojans and other assorted filth be expelled from your PC with the minimum of fuss.
The trouble is that it takes very little effort to slightly alter a known virus to make it undetectable to traditional antivirus, and that's principally what cybercriminals spend their time doing. Signature-based detection should be seen as a time- and resource-saving triage tool: a means of weeding out the majority of malicious programs, without having to do much work. It is at this stage that behavioural security software should be employed, as well as the crowd-sourced opinions of a large group of PC users who have encountered a suspect file.
Top-level security suites all contain these types of features, with a varying degree of success. Again, we'd urge you to check our security software reviews and our Group test: what's the best security software? story, and if you don't want to shell out for high-end software, at least additionally use a relatively inexpensive behavioural program such as Malwarebytes Anti-Malware Free as a second line of defence.
3. Remove crapware, trials
Your PC may well arrive with all manner of 'free' software on it. Far from the boon this can seem to the unwary purchaser, it is usually an extension of the economic necessity that means you get a trial of security software. It's there because the software maker is paying the PC vendor to put it there, because it's the best way of selling software to new PC owners.
There's nothing essentially insecure about trial software, although it is an irritant. However, the 'pay-me' pop-ups that they trigger can be confusing and if you get used to them you may fail to spot an infection, while out-of-date software can contain holes for scammers to exploit. Try free tools such as PC Decrapifier, or Revo Uninstaller to rid yourself of this junk and start afresh.
4. Keep software up to date
It isn't only unwanted trials that can fade into antiquity, leaving you with a leaky PC. Lots of software requires regular updates to close loopholes exploited by malware writers. Popular programs such as Adobe's Flash, as well as Microsoft's own Windows operating system, require regular patching, and those that don't update are vulnerable to attack.
Where possible, set your preferences to automatically update important programs, and never put off performing a critical update. If you're unsure of how to do this, a free program such as Secunia PSI will take the load.
5. Take account of accounts
One of the simplest ways of boosting PC security is to prevent damaging changes from being allowed. To do so is simple: with any new Windows PC you should first create an administrator account, and set it so only that account can make critical changes to the system. Next add a password-protected standard user account, and make sure this is the one you use. As other users are added, they too can have standard user accounts, but the administrator account should be used only when you need to make significant changes.
This helps to prevent human intervention causing problems – of which more later. More importantly, it means that even if your PC is infested, it will be running in a standard user account, which can limit the damage.
NEXT PAGE: secure your network and browser, System Restore, and physical security >>
Here are 10 simple tips that every new PC or laptop owner should follow to secure their PC.
6. Secure your network & browser
There are a couple of things that can reduce the risk before you even venture online. The first thing to do is secure your wireless network. Most PC users will be running home wireless broadband via a router provided by their ISP. Although all should come with WPA, WPA2 or WEP security, in many cases such routers come with a default password such as '1234' or '0000'.
Make sure your Wi-Fi is secure, ideally with WPA2, and change the password to something no-one can guess. Then use a web browser with robust security and privacy settings, such as Internet Explorer, Chrome or Firefox, and ramp up those settings to the max.
7. Set up System Restore
A System Restore point is a sort of bookmark that's created whenever you make a significant change to your PC. Windows Updates create restore points, as does the installation of many programs. Your PC will probably also be set to create such points at given intervals – once a week or once a fortnight, perhaps – regardless of anything else going on with your PC. If something goes wrong, you can revert to an earlier point without losing your files and folders.
You can view your existing System Restore points by going to Start, Control Panel in Windows XP or Computer, Control Panel in Windows Vista and Windows 7. Click 'Performance and Maintenance' and choose System Restore from the list on the left. Choose 'Create Restore point' to manually create a point. You can give this point a name, making it easier to identify later. And when you first use your new PC, make sure System Restore is up and running.
8. Educate all PC users
Not so much of a tip as a way of life, this one. The biggest threat to any PC or network is the person using it. The easiest way to get a virus on to a system is to use greed or stupidity to trick the unwary user into downloading a file or clicking on a link. And there's no point being smug about it: we've all done it.
Human frailties will never entirely be conquered, but you can limit the dangers by setting strict ground rules with all users of your new PC, including yourself. Especially where children are involved it makes sense to set time limits, and blacklist sites that you feel are inappropriate or risky. Windows Live Family Safety is an example of a free tool that can help in this way.
Keep admin rights only to yourself, and make sure that people know before they go anywhere near your PC that downloading dodgy files will not be tolerated, passwords must be robust and varied, and anyone forwarding on a round-robin email will be summarily banned from the computer.
9. Physical security
Something close to home, as we had a break-in at PC Advisor Towers not so long ago. Actually, 'break in' is too strong a term, as someone walked in off the street and made off with a valuable laptop. Computers, particularly laptops, are easily some of the most nickable items in the home. It makes sense, then, to take two simple precautions.
Firstly, keep your computer away from any windows. Wherever possible at night it should sleep upstairs with you, and it should definitely not be visible from the street. And get a Kensington Lock, or similar, to attach your PC to something immovable. You don't want to take all the above precautions only to find that your perfectly protected PC is physically stolen.
10. Be wary and wise
None of the above tips will guarantee security for your system, but taken together they should make it less than worthwhile for a cybercriminal to gain access to your PC, your data and – ultimately – the contents of your wallet. Key to it all is a sense of vigilance.
Your new PC is there to be enjoyed – the internet is a wonderful resource, and you shouldn't live in fear. But a dollop of healthy scepticism, and a modicum of care in all things related to your PC will help to keep it, and you, safe and secure.