Just a few tips for Home PC users.
Date : 01/03/2014
If the listing below is too trivial for you..., I am sorry for that.
It's for Home PC's, that is, fat clients only (PC/Laptop with Windows + local apps + data)
- Use a regular account for daily work, AND NEVER AN ADMIN account. If you do work as an Admin, you REALLY make it much more EASY for Malware.
Malware has much more opportunities to change systemfiles/processes using the Admin credentials.
- Your regular account (normal account) MUST have a complex password, like for example using a few Capital letters,
one or more numbers, maybe special characters like "!", a minimum lenght of 9, and still easy to remember for you. E.g.: "1LoveB33r!"
- NEVER disable or weaken UAC (User Access Control). If you disable it, you REALLY make it much more EASY for Malware.
If somebody tells you to shut off UAC, that person is COMPLETELY WRONG.
- Very Trivial Remark (I am Sorry): Make sure Automatic Updates is "on", or update regularly. Vulnerabilities that were discoverd, MUST be patched.
- Keep the Firewall ON. If you disable it, you make it much more EASY for Malware.
Don't just open up ports for no good reason.
- Very Trivial Remark (I am Sorry): Have AV software installed, and keep it up to date.
- Treat any unknown USB media, or DVD etc.. with healthy suspicion. Or Better: do NOT use it.
- Very Trivial Remark (I am Sorry): Occasionally, you might receive mails from criminals. It's really quite easy to see that they are fake. Get rid of it.
- Be carefull of letting websites "check your machine" and all that. It might simply activate malware.
- Very important: When you get an unexpected UAC dialogbox: answer NO or CANCEL.
- Very important: Keep the original media safe. If you don't have it, get or create a bootable DVD for your OS.
It's important to be able to boot from other media.
- Very important: Get or create a Linux Live DVD. This way, you can always boot from DVD to that OS and salvage data.
Or you might even do some analysis after booting to that OS.
- Very Trivial Remark (I am Sorry): XP, even with SP3 + recent updates, is too weak and too old. Step over to Win7 x64, or Win8x.
- Make a "system state backup" once in a while.
- Very Trivial Remark (I am Sorry): Backup your data frequently (e.g. to usb disk, another PC etc..).
- Keep your PC/Laptop business-like. Do not install tons of tools, utilities etc..
- More advanced / If you are interrested: If you like, you might try to investigate how you can "sandbox" applications.
- If you are interrested: do a web search on DEP, ASLR, EFI boot, UAC, Trusted Installer. These are all features that enhance security.
Let them work for you as much as possible.
- VERY USEFULL TIP: do a web search on Drive By Install.
- Create another account for your PC. Then, don't use it. If your PC is infected, some malware starts from a user home directory,
or other user bound structures, and by logging on with the reserve account, maybe it works OK, and you can take actions from there.
- Surf anywhere you want, but "certain catagories of sites" are simply quite risky.