How to Protect Yourself From Windows Threats

Figured I’d throw something up on how to protect yourself from the threats associated with running Microsoft Windows, based on some conversation yesterday. Tim was concerned about Word and Excel macro viruii and the plethora of outlook email vulnerabilities.

• Keep everything up to date. Since Windows is designed in such a way that it is happy let people execute programs on your system, making sure that you are up to date with the latest security updates via windows update is the main thing to do.
  
• Next is to spend a few hours searching out the settings that make you a sitting duck and turning them off. First place to start is in the IE settings for privacy and security. Disabling ActiveX is a good idea, but that will prevent you from going to the Windows Update site. Disabling running of unsigned ActiveX controls is a half decent compromise though. Just remember if something pops up asking you to run it that has anything to do with “Gator” say no. In fact, you probably don’t need to run any ActiveX controls that aren’t quicktime or from Microsoft for Windows Update.
  

  
  Some good pages on this:
  

  
  
  • Securing Windows XP (google search)
    
  • Securing Windows 98 (google search)
    
  • Windows 2000 Installation Checklist (google search)
    
  • Securing Windows 2000
    
  
  
• Another alternative: Get rid of it! Running an alternative Operating System such as Linux doesn’t make you free from threats, but greatly reduces them. Getting rid of Internet Explorer, ActiveX, Word and MS Office, and the MS philosophy of “ActiveX and Javascript Enabled Everything” is a huge step towards better security. Using a product such as Crossover Office will allow you to run Word and Excel under Linux if you must have them. Not sure if this means you’re still vulnerable to the macro virus threat though.
  
• Most modern linux distros such as from Redhat or Mandrake are designed for the non-tinkerer desktop user, will integrate nicely with an existing windows install, and come with all the tools a normal user will need. They come with commercial support, manuals, and you are only paying for the packaging and support, the apps are all free, both as in beer and speech.
  
• If you can’t afford to drop your OS because of some of the apps you run, you can get rid of the apps that are going to cause you potential problems.
  
  
  
  • Replace MS Office with Open Office, a free office suite that is mostly compatible with Word, Excel and Powerpoint, and has filters for importing/exporting files to and from them. The filters aren’t perfect, but they are definatly “just fine” for most work. If nothing else, download OpenOffice and check it out, see if it works for you. Chances are if any features are missing you don’t use them anyway.
    
  • Replace your email program (most likely Outlook Express or Eudora) with something that is less of a target for Windows Email Virii, such as Netscape or Mozilla (same as netscape except less ads, less crap on your desktop, and slightly newer code). As a bonus this gets rid of your next problem….
    
  • Get rid of IE. It may be fast and come with the system, but it has some security “issues”. Give Mozilla or Opera a try.
    
  • Run a virus scanner. Norton, Symantec have decent ones for a cost, or grab AVG from Grisoft for a free one. They each have good points and bad points, do a bit of searching to see what you like best about each one.
    
  • Encase your computer in a concrete block and drop it in the middle of the river. You’re never going to be completely secure, and there is no “magic bullet” to eliminate all your security problems. Keeping an eye on security updates, having a virus scanner running (and updated), and being vigilant about what you run and where you got it from are going to do you the most good.
    
  
  

So there you go.