As the resident IT person among my friends and family, as well as being an IT advisor at work, and despite me hardly ever using Windows, I still get quite a few phone calls asking me about securing Windows, cheap or free software for Windows, configuring wireless on Windows, etc.. I'm sure many of you are in the same boat. Anyway, I read a really useful article in the Guardian (by Jack Schofield) last week which covers a lot of the "how do I secure my Windows installation?" style questions. Here are the salient points (plus a few of my own), which should act as a checklist for me (and hopefully you too) when answering those support-desk style calls:
- If you're using broadband, get a proper router with NAT and a built-in firewall, rather than just a modem.
- Make sure you use Windows Update to keep your system patched.
- Use Firefox instead of Internet Explorer.
- If you insist on Internet Explorer, use version 7 (Windows XP Service Pack 2 or Vista).
- Use Thunderbird instead of Outlook Express. This will also help with junk.
- Use a firewall.
- The one which comes with Windows is OK.
- Kerio Personal firewall by Sunbelt Software is Jack's recommendation. There is a free (feature-hobbled) version or a full version which costs $19.95. It works with Windows 2000 or XP.
- Use an anti-spyware program.
- Spybot Search and Destroy works well but has quite a complicated interface.
- Grisoft's Anti-Malware product (which also does anti-virus) is Jack's recommendation. There is a free version which doesn't have all the features (including on-access scanning - i.e. you have to explicitly run the free version for it to detect spyware).
- Use an anti-virus program.
- There is a free (not open source) product made available by AOL called ActiveVirusShield (for Windows 98, 2000, ME and XP).
- Open source ClamWin: but this is an on-demand scanner (you have to explicitly run it on files, so it won't automatically scan things you download).
- Winpooch (mentioned in the comments) is an open source tool which integrates with ClamWin to offer anti-virus, anti-spyware and anti-malware. (Might give that a try myself.)
- Grisoft's Anti-Malware includes an anti-virus.
- Housecall is a free online tool which you could use periodically for extra peace of mind.
- If you're using anti-virus and anti-spyware, make sure you keep them up to date with new virus/spyware signatures.
- Jack mentions a tool called Cyberhawk which is a so-called HIPS (Host Intrusion Prevention System). There is another tool called Winsonar which keeps an eye on system processes and alerts you to unusual new activity.
- Turn off non-essential services. I normally do this for people, starting with Messenger (which is responsible for those annoying desktop popups advertising porn and college diplomas). I also turn off Computer Browser, Net Logon, Remote Access Auto Connection Manager, Remote Access Connection Manager, Remote Desktop Help Session Manager, RPC Locator, Server, and Terminal Services (if possible).
- Keep backups. Please.
- Buy a big USB disk. Most come with backup software these days. Make sure you back up important things regularly. If you can afford it, buy two disks, and keep two backups. If you've got the patience, copy really important stuff to CD periodically.
- Online backup is a good idea too. Chris (see comments) suggests Mozy. For the technically-inclined, Strongspace is good. I rolled my own using a cheap Dreamhost account (get a cheap Dreamhost account of your own using my referral code). It might be hard to implement on Windows, however.
You could also check out this resource which lists loads of other free tools.
Disclaimer: I take no responsibility for any issues you might experience with any of this software or which arise after you follow my suggestions.