Make Windows Invincible! (a tutorial)


The Internet is no longer safe, especially if you're a Windows user like I am. Old news, of course, but I stress this fact as being of a gravity which even some of the more advanced users have yet to fully appreciate. A few years ago, I would have told you to simply install AVG Free AntiVirus, Spybot Search & Destroy, and Kerio or ZoneAlarm Free, possibly setting Ad-Aware SE aside for a follow-up.

This is not nearly enough anymore. Even Kerio (now Sunbelt), with some of the finest inbound exploit protection a personal firewall can offer, free or paid, is still vulnerable. And most of the old, classic scanners are doing little to nothing against the new surge of blended threats, combining the strengths of multiple families of malware which at one time could have been easily distinguished from one another. These mutated parasites can prove much harder to hunt down than their predictable ancestors, as well as harder to remove. And there's more to it than that.

According to Google, more legitimate Web pages are now infected with drive-by downloading keyloggers than ever before. With increasing numbers of people taking their finances online, tech-savvy thieves have found it much safer to rob individuals from behind a computer and a proxy tunnel, than to try robbing a physical bank and making their getaway before the wailing of sirens surrounds them. Web rating tools remain useful to advise of a site's trustworthiness, but no longer can you expect not to get infected just because your SiteAdvisor button is green.

On these pages I offer pictorial, step-by-step instructions for locking down the core of your Windows operating system to help prevent remotely executed code from running on your computer. Every single mouse click is illustrated, in effort to make this procedure as easy as possible to follow. The only steps I omit from my instructions are these:

• Scanning your computer for preexisting infections.
• Installing traditional security software help detect hidden threats in files and media that you download from dodgy Web sites or e-mail.

In these instances, what I have to offer are suggestions only. Final decisions I leave entirely to you. Which scanners to use for disinfection, and which products to install for real-time protection, tend to be matters of personal preference; also, not all products are compatible with all others. Depending on these variables, as well as your level of skill, more or fewer options may be available:

1. For average users, I recommend running quick scans on your system with Norton, F-Secure, ESET, MSRT, and Trend Micro. There are many other free scanners available, but these five should catch most, if not all parasites that may be lurking around unbeknownst to you. If you are an advanced user, you could go even deeper with tools like HijackThis and GMER.

Note: A lot of malware these days are really tough to remove, even in safe mode. If your computer is severely infected, another solution would be to scan it with an antivirus rescue CD. I'm aware of six vendors that offer free rescue disc images: Kaspersky, BitDefender, Avira, F-Secure, Panda, and Dr.Web. If you don't know how to burn an ISO image to CD, you can learn here. And if you're still not brave enough, at least Avira offers an alternate download that will burn the CD for you. It's best you use a clean computer to download and burn the CD image, if one is available.

2. Next, and before moving forward with the lockdown procedure, I recommend installing a basic defense apparatus consisting of traditional PC firewall, antivirus, and antispyware software. There are freebies available for those on a budget, limited though they are. One of my most trusted sources for consultation in freeware is Gizmo's Best-ever Freeware Utilities List, where you will find explanatory reviews and open forums full of insightful tips.

Once you've completed the above two steps, you'll be ready to lock down your system. I strongly advise you to come back and read the information in Step 3 at your earliest convenience, and share it with every single person you know who uses the Internet. Even if my lockdown method is not for you (or for them), Step 3 is for everyone!