In this thread I'll clear up some urban myths about computer security then give you a step-by-step guide to improving your computer's security in less than a minute.
If you don't care about what, why and who, just skip to the spoiler for the instructions.
First off, this guide doesn't apply solely to Windows 7 with SP1 installed, but it's highly recommended. Using XP/Vista or having an outdated OS (Operating System) will get in the way of security.
1. "There are convenient software solutions that protect you."
Let's get this straight. Having a secure system is neither effortless nor achieved by a single security program. Not even if they market it as a "suite."
2. "I use MacOS/Linux because of its security."
The 2 reasons why MacOS/Linux are supposed to be more secure than windows systems are:
a) Unlike windows, user accounts don't have admin rights by default.
b) Currently, there are far too few clients using these OSs for them to be a viable target for widely spread attacks.
For that reason, I contacted a friend and specialist at Symantec research labs and got a very informative heads up on the current technical state of malware. As a sidenote, the hacked user doesn't care if it's called a virus, trojan, malware, spyware or badware, and in reality, every attack is a combination of all of these, so we just stick to "malware". He has access to basically every kind of exploit that ever has been recorded.
I specifically asked if there was any malware that meets the following criteria:
- Can spread via networks without user interaction, i.e. clicking a link or opening email attachments.
- Can't be detected by current AV (Anti-Virus programs)
- Has the ability to gather and identify personal and crucial data such as account names, passwords, credit card information, etc ...
- Can use your network to send this data to the creator of the malware
- Does not need admin-rights to be executed.
The simple answer, there are none
. This statement is valid as of March 18, 2011.
However, this picture changes drastically when you alter #1 and #5 of the criteria.
The single most important factor in your system's security is still your online behavior.
If you open email attachments that you didn't ask for, or click on links to collect the million dollar cash prize you just won in a lottery you didn't enter, no one on this planet can help you.
Also, if you're running your OS with administrator-privileges, malware can mess you up even if you don't click bad links, especially if your router (aka hardware firewall) is not set up properly.
They key factor is admin-rights. Malware can't spread, gather information or send it to someone else without admin-rights. You don't need them for everyday computer work - just for installing, removing and configuring applications and system settings.
According to Secunia, the average user installs 2 new programs every year. That means that, if you don't use a user account with admin-rights, you'd have to enter your admin-password twice a year. Or whenever you're going to modify system files. I hope that wouldn't be too much of an inconvenience for you.
These measures only prevent you against common attacks, but at least nearly against all of them.
Also, funkyworms' CTH security sticky
is basically mandatory to further secure your system, it just misses the "remove admin rights from your everyday user account".
Ninety percent of critical Microsoft Windows 7 vulnerabilities can be mitigated by configuring the operating system for standard user rather than administrator,
Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
90-percent of critical Windows 7 vulnerabilities reported to date
100-percent of Microsoft Office vulnerabilities reported in 2009
94-percent of Internet Explorer and 100 percent of Internet Explorer 8 vulnerabilities reported in 2009
64-percent of all Microsoft vulnerabilities reported in 2009
Configuring users as standard users enables parents to more securely share family computers with their children.