Your PC or laptop will never be more secure than it is the moment you lift it out of its box: shiny, untainted and unconnected to anything that can do it any harm. To guarantee that it will remain in such a state, your only real option is to pop it straight back in the box or, at the very least, keep it away from web connectivity. But, these days, a PC without the web is less than a half a machine, and with a little judicious planning you can limit the risks to any computer.
We've put together a simple checklist of 10 key things to take care of when you first boot your new system. The basic principles apply to any computing device, but we've focused on Windows PCs for two reasons: they represent the biggest single group of computers, and they are under the greatest threat.
The key phrase here is 'limiting risk'. We don't guarantee security if you follow all of our suggestions, but we strongly suggest that you do. Virtually all internet security threats exist in order to part you from your hard-earned cash, but criminals are by their very nature corner cutters. If you make it hard for them to defraud you, they will, with luck, simply move along to the sucker down the way, letting you enjoy your new computer with peace of mind.
1. Antivirus, antispyware and firewall
It sounds simple, and it is, but you'd be amazed at the number of people who still don't get this, so we'll say it once more. As the barest minimum level of security, every PC that is capable of being online should have antivirus, antispyware and a software firewall. It's critical that each is kept up to date, and that regular scans are scheduled.
The good news is that getting hold of good-quality security software has never been easier.
All the important security vendors sell their wares in bundles known as "internet security suites", and each of these will contain at least antivirus, antispyware and a firewall. What's more, you can download, install and purchase them direct from the internet – although if that is your plan of action we suggest it is the first thing you do when getting online. Indeed, you may not even need to go that far, as most PCs ship with a trial version of a security suite, and your broadband supplier may even supply such software free of charge.
Proceed with caution here, however. Not all security programs are of the same quality, and the trial bundled on your PC is there principally because the software maker paid good money to the PC builder for the opportunity to collect your renewal fee when the trial expires. Read PC Advisor's security software reviews and our Group test: what's the best security software? story before making a decision, and don't skimp on this purchase – it could be the most important investment you make in your PC's career.
2. …and all the other aspects of a good internet security suite
As we stated in the first tip, not all security software programs are equal. You could, should you choose to, grab individual antivirus, antispyware and firewall programs, perhaps even without paying a penny. And this might work fine, although you may find that programs from different vendors work against each other, rather than in concert.
You'd also be missing out on the additional benefits that a good, modern internet security suite offers. We're talking about behavioural security software and crowd-sourced antimalware, in conjunction with and in addition to traditional signature detection.
As a first line of defence, signature-based detection is unsurpassed. This is where the software signature of any program that tries to infiltrate your PC is compared to a database of known malware. Thus can the vast majority of viruses, Trojans and other assorted filth be expelled from your PC with the minimum of fuss.
The trouble is that it takes very little effort to slightly alter a known virus to make it undetectable to traditional antivirus, and that's principally what cybercriminals spend their time doing. Signature-based detection should be seen as a time- and resource-saving triage tool: a means of weeding out the majority of malicious programs, without having to do much work. It is at this stage that behavioural security software should be employed, as well as the crowd-sourced opinions of a large group of PC users who have encountered a suspect file.
Top-level security suites all contain these types of features, with a varying degree of success. Again, we'd urge you to check our security software reviews and our Group test: what's the best security software? story, and if you don't want to shell out for high-end software, at least additionally use a relatively inexpensive behavioural program such as Malwarebytes Anti-Malware Free as a second line of defence.
3. Remove crapware, trials
Your PC may well arrive with all manner of 'free' software on it. Far from the boon this can seem to the unwary purchaser, it is usually an extension of the economic necessity that means you get a trial of security software. It's there because the software maker is paying the PC vendor to put it there, because it's the best way of selling software to new PC owners.
There's nothing essentially insecure about trial software, although it is an irritant. However, the 'pay-me' pop-ups that they trigger can be confusing and if you get used to them you may fail to spot an infection, while out-of-date software can contain holes for scammers to exploit. Try free tools such as PC Decrapifier, or Revo Uninstaller to rid yourself of this junk and start afresh.
4. Keep software up to date
It isn't only unwanted trials that can fade into antiquity, leaving you with a leaky PC. Lots of software requires regular updates to close loopholes exploited by malware writers. Popular programs such as Adobe's Flash, as well as Microsoft's own Windows operating system, require regular patching, and those that don't update are vulnerable to attack.
Where possible, set your preferences to automatically update important programs, and never put off performing a critical update. If you're unsure of how to do this, a free program such as Secunia PSI will take the load.
5. Take account of accounts
One of the simplest ways of boosting PC security is to prevent damaging changes from being allowed. To do so is simple: with any new Windows PC you should first create an administrator account, and set it so only that account can make critical changes to the system. Next add a password-protected standard user account, and make sure this is the one you use. As other users are added, they too can have standard user accounts, but the administrator account should be used only when you need to make significant changes.
This helps to prevent human intervention causing problems – of which more later. More importantly, it means that even if your PC is infested, it will be running in a standard user account, which can limit the damage.
NEXT PAGE: secure your network and browser, System Restore, and physical security >>