We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Without fail, each month and year brings with it doom-laden tales of unproven but seemingly unfixable threats to our PCs, our browsers and our peace of mind.

Web-borne nasties we thought had been banished forever invariably come back with a vengeance, while safe actions and innocuous sites suddenly turn out to have been harbouring dangerous payloads or harvesting our personal data.

While ensuring your antivirus application is up to date, regularly applying Windows Update patches so any issues in your operating system (OS) are quickly addressed and being careful about which links you click on will all help, there are many other steps you can - and probably should - take to protect your PC.

Rather than focus on these aspects of PC security, which you know about and know you have to deal with, we thought we'd take a look at other protective measures. We start with a rundown of easy ways to ensure Vista's security is all it should be, before looking at data encryption and password protection, keeping your wireless network safe and preventing unwanted access.

And it's not just desktop PCs that need to be kept secure. Most of us use mobile devices to get online these days, so we've also taken a look at how to ensure you don't get hijacked while surfing the web, and outline ways to safeguard your laptop so its contents can't be accessed when it's not in use.

NEXT PAGE: Secure Vista in 10 easy steps

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Secure Vista in 10 steps

While Windows Vista may be Microsoft's most secure operating system (OS) to date, it's by no means completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the web through the Windows Firewall, or for some nefarious bot to tweak your browser settings without you knowing.

By making a few judicious changes using the security tools within Vista - and in some cases by adding a few pieces of free software - you can lock down your OS like a pro.

Windows Security Center

The Windows Security Center displays the status of your system firewall, Automatic Updates, malware protection and other security settings. Click Start, Control Panel, Security Center, or click the shield icon in the Taskbar. If any settings are highlighted in red or yellow, your PC isn't fully protected.

For example, if you've yet to install an antivirus program on your machine, or if your current software is out of date, the Malware section of the Security Center should be yellow. Windows doesn't offer built-in antivirus, so you'll want to install your own. For a good, free option, try AVG Anti-Virus.

Windows Defender diagnostics

The Malware section also covers antispyware protection, for which Vista includes Windows Defender. The antispyware protection included with your antivirus program usually trumps Microsoft's protection, but there are several good reasons to keep Defender enabled. One is that each antispyware program uses a different definition of what is and is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Startup Programs is perhaps the most useful. Click on any name in the left window and full details will appear in the right pane. Highlight the entries to remove, disable or enable any of the programs listed.

NEXT PAGE: More ways to secure Vista

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Secure Vista in 10 steps: part II

Tweak the Start Menu

Vista keeps track of the documents and programs you launch in the Start Menu. This can be convenient, but it can also compromise privacy on shared machines. There's an easy way to tweak this setting.

Right-click the Taskbar and select Properties, Start Menu. Deselect ‘Store and display a list of recently opened files' and ‘Store and display a list of recently opened programs'. Click ok.

Get two-way firewall protection

No desktop should be without a firewall. And even if the Security Center says you're protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious - and that's good. But outbound protection isn't enabled by default. That's a dangerous situation if some new malicious software finds its way on to your PC.

Microsoft did include the tools for a true two-way firewall with Vista, but finding the setting is complicated. (Don't go looking for the Windows Firewall settings dialog box.)

Click the Start button. In the search field, type wf.msc and press Enter. Now click the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules. Click Windows Firewalls Properties and, for each profile shown in the resulting dialog box, change the setting to Block and click ok.

Enabling the two-way firewall will, however, block all applications from accessing the internet. Before leaving Windows Firewall with Advanced Security, scroll down to and click Outbound Rules. Click New Rule, Select Program, then browse to an application that requires internet access. On the next screen select ‘Allow the connection', then name each rule you create. You will need to create a new rule for every app that accesses the internet.

Ultimately, we recommend adding a more robust third-party firewall. Try either Comodo Firewall Pro or ZoneAlarm. These free apps fare very well in independent firewall testing and both can be found in PC Advisor Downloads.

Lock out unwanted guests

When you declare a user as administrator, by default Vista allows outsiders unlimited guesses at their password. It's possible to restrict the number of guesses, however.

Click Start and type Local Security Policy. Choose Account Lockout Policy, Account Lockout Threshold. Enter the number of invalid logins you'll accept.

Now click ok and close the dialog box.

Audit your attackers

Having followed our previous step, it's now possible to enable auditing to log any failed access attempts. Click Start, type secpol.msc and press Enter. Click the secpol icon.

Click Local Policies, Audit Policy, then right-click ‘Audit account logon events policy' and select Properties. Tick the Failure box, then click ok and close the window.

Use the Event Viewer (Click the Start button, type eventvwr.msc into the search box and press Enter) to view the logs under Windows Logs and Security.

NEXT PAGE: Even more ways to secure Vista

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Secure Vista in 10 steps: part III

Secure Internet Explorer settings

The Windows Security Center will also report whether your Internet Explorer (IE) 7.0 or Internet Explorer 8.0 security settings are at their recommended levels. If the screen shows this section as red, it's possible to adjust the settings within the browser itself.

From IE's menu bar click Tools, Internet Options, Security. In the Security tab, click Custom Level. You'll now see a window with all the security options for the browser.

If any are below the recommended level, these options will be highlighted in red. To change an individual setting, click the appropriate radio button. To reset them all, use the button near the bottom of the tab. You can also change the overall security setting for IE from the default ‘Medium-high' setting to the recommended ‘High'.

Use OpenDNS

Domain Name System (DNS) servers act as a phone book. When you type pcadvisor.co.uk in the address bar, for instance, Internet Explorer sends that common-name request to your ISP's DNS servers to be converted into a series of numbers, or an IP address. DNS servers have come under attack, with criminals seeking to redirect common DNS addresses to servers that their interests control. One way to stop such abuse is to use OpenDNS, a free service that speeds up page lookups and has an integrated phishing filter.

Go to Start, Control Panel, Network and Internet, and then click Network and Sharing Center. Under the tasks listed on the left, click Manage Network Connections. In the Manage Network Connections window, do the following. Right-click the icon representing your network card and choose Properties. Click Internet Protocol Version 4, then Properties. Select the ‘Use the following DNS server addresses' radio button.

Type in a primary address of 208.67.222.222. Type in a secondary address of 208.67.220.220 and click ok.

NEXT PAGE: Live with UAC

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Secure Vista in 10 steps: part IV

Live with User Account Control

One area where some people might want to see the Windows Security Center turn red is User Account Control (UAC) - Vista's most controversial security feature. Designed to keep rogue remote software from installing automatically (among other things), UAC has a tendency to thwart legitimate software installations by interrupting the process several times with unnecessary messages.

In Windows 7 you'll be able to set UAC to the level you want. Until then, Vista presents a few options.

One is to disable UAC. This isn't an option we recommend. Instead, install TweakUAC (on our DVD or from tweak-uac.com), a free utility that offers the ability to turn UAC on or off as well as an intermediate ‘quiet' mode. In the latter mode, UAC will no longer hassle those running administrator accounts.

Check your work

Keep tabs on your system's security with the System Health Report. This diagnostic tool takes input from the Reliability and Performance Monitor and can highlight potential security problems.

Open Control Panel and click System. In the Tasks list, click Performance. In the resulting Tasks list, click Advanced tools. Now click the option to generate a health report.

The report will list any missing drivers, confirm whether your antivirus protection is installed and declare whether UAC is turned on. You may want to run this report once a month to make sure everything's still good.

NEXT PAGE: Internet and wireless security

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Internet and wireless security

It's no secret that the web can be a dangerous place. It's vital that you protect your computer from both inbound and outbound threats by employing up-to-date antivirus software and a firewall that monitors and prevents any information leaving your PC that shouldn't.

Restrict wireless access

We like the idea of keeping a Wi-Fi network open so that visitors can access the web. But you'll want to restrict access to minimise the risk of stolen data. A Wi-Fi network without a password sends information in the clear, meaning that anyone nearby can read it. Here are several ways to close your network's windows to keep pests out.

Hide the SSID: The simplest way to keep people off your network is to make it vanish. Connect to your Wi-Fi router's settings page, and visit the wireless settings. Set it to hide your service set identifier (SSID) broadcast. You'll have to manually type the SSID when connecting a device but it won't be listed for casual eavesdroppers either, since the network isn't listed for you. Be aware that it's easy to find hidden networks with a few more steps, so this will only stop opportunists.

Set a password: If your network is open (it doesn't require a password), sending data flying through the air is akin to shouting out your personal information at a party. Anyone who wants to listen to your ramblings can do exactly that. Instead, encrypt the transfer with a password, scrambling the data.

There are several methods of encryption, all slightly different. Wired equivalent privacy (WEP) is the weakest and most easily cracked by a hacker. Wireless protected access (WPA) provides better protection, while WPA2 is better yet for most simple networks. Enable this security in the router settings - it's probably listed as WPA2 Personal if you're using consumer hardware.

Filter by MAC address: You can allow only known wireless clients into your network by referencing a table of unique MAC addresses. While this identifier can be faked, it's generally a single ID assigned to network-connected hardware at the factory.

Connect the wireless client to the router as you normally would, then check on the router's list of clients. The MAC address should be listed there. Copy the address and open the MAC filter list configuration page. Add each client and activate filtering, so only devices with those known MAC addresses can connect. Remember to include mobile phones, wireless music players and any other Wi-Fi hardware as well as laptops.

Prevent neighbours piggybacking

Some routers put out signals strong enough to extend beyond the confines of an office or home. This means that your neighbours may be able to help themselves to the bandwidth you're paying for. Even if you don't mind sharing, remember that many ISPs now have caps on monthly bandwidth. ‘Loose' Wi-Fi also represents a very real security risk: if the neighbours can access your network, they may be able to access your data as well.

You could turn on your router's built-in WPA encryption, but that won't do you much good if your kids give the password to their mates. Instead, turn on MAC address filtering in your router's security settings.

You'll have to spend a few minutes entering the MAC hardware addresses for all of your devices (which you can find by typing ipconfig in the Windows command console), but after that you'll need no additional security at all. Only known devices will be allowed to connect, so a password won't be required.

NEXT PAGE: passwords and logins

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Passwords and logins

Logins are half your PC security

By now, we should all know the importance of keeping strong passwords, but don't ignore the first half of gaining entry: the login.

Thieves need the login and password to access your accounts, so make the login difficult to guess too. Avoid a simple, name-based method; add extra numbers, letters or an ID that's entirely different.

Ideally, use unique logins (and passwords) for each service to isolate any exposure if someone breaches an account. You may have to tell a customer service representative your login on occasion, but don't share the information unless you have to.

Some logins are tied directly to your email account. For ideal security, you could create an obscure email address to serve this purpose. If you're not running your own domain, a Gmail account does the trick.

If you have a hard time remembering unique logins and passwords, use a password-storing and -encrypting application such as SplashID. Once it's set up, you need remember only a single strong password to access that utility, then it reveals all of that hidden information.

Password-protecting folders

If your computer contains sensitive information, it makes sense to protect the folders where those files are stored by encrypting them or requesting a password for access. Windows offers an NTFS-based encryption tool for this, but it may not be the best way to protect your personal files.

Windows 2000, Office XP and Vista Ultimate all come with Encrypting File System (EFS). This file and folder encryption tool integrates seamlessly into the OS.

Once set up, it's fully transparent: if you're logged on with your name and password, you can access your encrypted files; otherwise, you can't.

But the EFS route can leave your sensitive data vulnerable if you walk away from your PC for a moment. And EFS's easy, transparent design complicates tasks such as backing up data securely and recovering files after reinstalling Windows.

A better option is TrueCrypt. A TrueCrypt volume looks like a file filled with unreadable gobbledegook. But when you open it in TrueCrypt and enter the password, it becomes a virtual drive on your PC.

Keep your kids safe online

Computer-savvy teenagers can probably work their way around parental-control software, so how can you prevent them from visiting inappropriate and/or malicious websites? One option is to route all internet activity through a ‘filtered' domain name server such as ScrubIT. This free service promises to block pornographic and harmful sites, and will even fix inadvertently misspelled web addresses.

Setup involves configuring your router to use ScrubIT's servers rather than those that your ISP supplies. If you're uncomfortable messing with your router's settings, Network Configuration Management, a small Windows 2000/XP configuration utility can get the job done. Vista and Mac users must do it manually.

Once router reconfiguration is complete, ScrubIT will automatically block both adult and potentially malicious sites - more than three million in all, according to the site.

Remember, however, that you will have no control over what sites are blocked. If you decide that you don't like it, an ‘unscrubit' utility on the site's FAQ page will revert your router to its original DNS settings.

NEXT PAGE: laptop security

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security

We often concentrate on ramping up the defences on one part of our PCs, but fail to secure the rest of it. PC Advisor outlines how to lock it all down.

Laptop security

Laptops are more popular than ever, especially with thieves. If you can pack yours up and stash it in your backpack or briefcase, so can anyone else with half an eye on your data, or who simply fancies a new machine.

Securing the contents is therefore a priority. Following the password-protection and encryption advice outlined on the previous page will stand you in good stead. So, too, will ensuring nothing sensitive is stored on your laptop in the first place. This is one reason why cloud computing - applications served up via a web connection, with data saved to and accessed solely online with a secure login - has potential.

However, it's possible to work locally on a computer without using any applications that are installed on the machine or saving documents to it. This can be done using a U3-compatible USB flash drive. U3 drives are bootable and can store applications that run directly off them, including web browsers, media players, word processors, spreadsheets and more.

When you insert a U3 drive in a USB 2.0 port on a host machine, entering the necessary login information gives you access to a dedicated U3 menu from which you can launch programs. And once you unplug the U3 drive, none of your documents will be left on the host PC. Both free and paid-for applications can be found and downloaded to your U3 drive at portableapps.com.

On a similar note, Yoggie has developed a way of putting an entire OS and computer on a removable memory card, so you in essence carry your whole PC in your pocket. An ExpressCard/34 version was demonstrated at January's International Consumer Electronics Show, with USB and Flash card versions likely to follow.

You can also use a USB key to store a complete security suite, or elements of it, preventing online access and networking when the key isn't plugged in and you aren't logged in. Symantec and other security vendors offer similar antivirus and firewall products to Yoggie's Yoggie Firestick Pico and FireStix.

Set up a laptop security system

If you're a seasoned traveller, you'll be used to working with your laptop in public places. But if you're not securing that laptop, you're asking for trouble. Apart from using a physical laptop lock (which you should do already), you can set up a software security system on your laptop using free software designed to deter thieves and recover laptops if they get pinched.

Laptop Alarm, once switched on, will set off a loud alarm if anyone unplugs your power cord, moves your mouse or tries to shut down your computer. And since no security system is complete without a security camera, try Yawcam. This free app turns your laptop's webcam into a motion-sensing security camera that's capable of uploading photos of potential thieves to the FTP server of your choice.

LaptopLock is another great freebie that focuses on retrieval and extra security for stolen laptops. With LaptopLock you can delete files, encrypt data and log the IP address of your stolen laptop - all remotely.

Lock your laptop as you walk away

BtProx monitors the proximity of your computer to your mobile phone or other Bluetooth device, and automatically locks the computer when that device goes out of range. Pop off for a minute and simply take that device with you - your computer will be safe.

BtProx can also launch any application at the same time that it issues the lock command, so you could set it up in combination with Yawcam, for instance.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Security masterclass index

  1. 20 ways to secure your PC from net threats
  2. Secure Vista in 10 steps
  3. Secure Vista in 10 steps: part II
  4. Secure Vista in 10 steps: part III
  5. Secure Vista in 10 steps: part IV
  6. Internet and wireless security
  7. Passwords and logins
  8. Laptop security