Did you just buy a computer and wonder how can you make it secure?
Here are some steps which you can follow to make this computer really yours. Really yours means that you can start using it and storing personal information on it without having to be afraid of someone snooping in it.
1. (Re)Install the operating system you want.
If the computer is coming from a source which you don’t know, like a local computer store, I strongly suggest to reinstall the operating system. When starting the install, you will be prompted to format the hard drive. Do that! Doing this, ensures that no hidden rootkits or surveillance software runs on it.
2. Install security software
Installing an antivirus or a security suite from the very beginning ensures that no malicious software enters your freshly installed computer.
3. Enable and configure a firewall that fits your needs
If the security software you installed doesn’t have a firewall, make sure you get one. There are plenty for free, and a good start is represented by the Windows Firewall. If the firewall you installed permits to block all incoming connections (usually the highest still usable security level), then do that. It prevents that someone connects to open services of the operating system that might be vulnerable.
4. Update the operating system and all software you installed
Installing the latest updates of the operating system is a part of the process called “OS hardening”. Installing the latest patches prevents known vulnerabilities to be exploited and also fixes other bugs. Do this for all software you installed.
5. Remove unnecessary services or functions of the operating system and software
This step is also part of the OS hardening which I mentioned earlier. This operation reduces the attack surface of the computer. Less software that runs on it means automatically that there are less points that can be attacked.
6. Set a strong password
All the steps you took so far are meaningless if someone can enter your computer using your own password that can be easily guessed. We wrote before how to create a good password.
7. Use a non-administrative account
By using an unprivileged account you reduce the chances to damage the software you have installed on the computer, including the operating system.
8. Secure your browser
The browser is probably the most used program on your computer, followed probably by the email client. Make sure you make it secure by installing the latest version and change the default settings. This include, but are not necessarily reduced to:
- Deactivate the execution of active code/content.
Examples of active content are Java, ActiveX applets, Silverlight, Flash, etc. You can do this for all websites (global settings) or you can choose to enable it for some trusted websites.
- Deactivate tracking
Modern browsers have some functions that signal to websites to not track you. If your favorite browser doesn’t have that, then install extensions that do just that. A good starting point is Do Not Track from Abine.
- Deactivate cookies
You should not allow websites to track you unless you wish that. This can be also globally configured or for each individual website. There are also good extensions for all browsers that do that.
9. Connect to a secure Wi-Fi network connection
Even if this topic is subject for a dedicated article, there are some basic things which you can do to protect your computer and all other devices:
- Set a password for the network
- Change the default SSID
- Change the default settings to make it secure
- Choose an encryption algorithm like WPA2-AES or TKIP.
10. Use your computer with security in mind
Also this topic is complex enough to have a dedicated article, but here are some basic principles that you can follow.
- Do not install software from unknown or untrusted sources
- Do not execute attachments from emails
- Do not visit websites you don’t know where are suspicious
- Do not install codecs, viewers or programs that would enable you to see something out of ordinary. Most of the time these programs are malicious.