This article will be updated as long as computers exist. But this is a good start to secure your computer with basic and simple ways.
Virus Scan your USB Drive
Your USB drive has been places and to many computers. The more computers its been plugged into, the more chances its going to pick something up that won’t sit well with your computer. Keep it clean and secure!
Keep Software Updated
Many software releases include service packs and updates. Some of these updates include security fixes, whereas some include new features. What you want to do is update only when security patches are involved. If the update includes new features, then new vulnerabilities can also exist — making the update a security risk. It is a good idea to always look at the changelog before updating.
Never Use Admin Account
One of the most recommended things to do is to never ever use an administrative account on Windows or Linux. You should always be on a restricted, or semi-restricted, account. This helps prevent exploits from running that require administrative status and can limit their activity. Privilege escalation vulnerabilities can get around this, unfortunately, but it can very well help you regardless.
Install AntiVirus (AV) Software
Most people say that they do not need antivirus software. Do you surf the internet? Then you can run into viruses at any time. Any website you go to has the potential to be hacked and have malicious scripts run as soon as the page is loaded. Antiviruses help combat against web based viruses, spyware, etc — pretty much all types of malware. Keep the auto protect features on and keep their definitions up-to-date.
One of the most important things you can do is keep up-to-date on your operating system’s patches and fixes. Holes in your operating system are often the most exploited by worms. Do your part to keep yourself safe by updating through your Window’s Windows Update.
Disable Unused Services
If you have ANY unused services, disable them. Having a service active that isn’t used allows for more possible exploitation attempts. For example, on Windows operating systems many worms exercised vulnerabilities that used DCOM. Disabling the DCOM service dealt with this issue and prevented exploitation attempts to begin with. Consequently, internet service providers (ISPs) also took action later during that time, but many were infected who had the service enabled.
Uninstall Unused Programs
This tip also means “don’t install programs you won’t use”. These programs can contain vulnerabilities themselves. Now, under normal circumstances this isn’t an issue since often the program must be running to be exploited. However, under certain circumstances, such as with programs that have their own URI (similar to the “http://” in an URL or “ftp://” in an FTP connection), these vulnerable programs can be activated by the exploit itself.
Turn Off Extra Features in Software
As the above mentions, the introduction of new features in software is a security risk usually. A lot of the time you can avoid such problems by disabling the unused feature (if the software allows it). For example, most instant messaging (IM) software has file sending, chat invites, and other things. If you disable these settings, you may be able to avoid any possible vulnerabilities that relate to those specific components of the software DEPENDING on how the program deals with them after they’re disabled. A vulnerability may still occur depending on how the software is programmed, but on some occasions it will not.
Avoid Unknown Websites
Websites are sometimes created with malicious agendas in mind. Avoiding any website you don’t know or have never heard of is a good way to help keep safe. Googling for information on such websites is highly recommended if you really must go to them.
Install Firefox With Adblock Plus & NoScript
Install Firewall (Software & Hardware)
Most people have a router to power their internet. This acts as a hardware firewall and does an amazing job at keeping most computers safe. For extra protection, it is recommended that you install a software firewall as well. These don’t only keep people from trying to connect to you and send malicious data, but they also prevent your computer from communicating to the outside world when you do not wish for it to. They alert users upon connection requests – local and remote – and can help detect malware indirectly (i.e. if a program you downloaded tries to connect to the internet even though it has no visible reason to, it could have a backdoor hidden in it).
Don’t Use Alpha/Beta Software
We are hesitant to recommend this one since many software developers need testers…However, vulnerabilities are often at their highest when the software is in such a stage. Be careful. Be safe.
Watch Out for Security Advisories
Even when all the security in the world protecting your computer your defenses can be penetrated in a matter of seconds when attacked by a brand new vulnerability. Some vulnerabilities don’t reach advisory status until it’s too late, but on many occasions you can get lucky and find information that could allow you to protect yourself (such as a temporary manual patch) until a real patch is issued.
Password Protect Your BIOS
Though also a local vulnerability, a lot of harm can be caused if the BIOS are left unguarded. Someone could hurt your hardware, change the boot order to allow for booting from CD, etc. If someone can boot from a CD using your computer, then they can run a different operating system or a set of boot tools to do a numerous amount of malicious activities, such as stealing files, password retrieval/cracking, etc.
Submit Unknown Files to Online Multi-Virus Scanners
You never want to open anything without scanning it for viruses. We personally like to view exe’s under a hex editor, whereas other people prefer viewing files with Ollydbg or even running them in an emulated environment (such as through Wine) for testing purposes. Not everyone can do such tasks, however, and even if they could, they may slip up and miss something. An online multi-virus scanner we highly recommend is Jotti’s Malware Scan. It uses over 20 virus scanners to scan every file you submit. There is a 15mb limit per file though so it won’t work on bigger files without some effort being put in (i.e. chopping up the file into parts and submitting each piece part by part).
Turn Off LM Hash (Windows)
LM hash, or LAN Manager hash, is created by Windows automatically. This is more of a local vulnerability, but people can download the LM hash from your computer, then use a cracker to find out what your password is. (Change the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nolmhash equal to the value 1. The value change keeps your computer from storing the hash file in the first place. [If you don’t know how to open up your registry, then we suggest that you do not try this])
Put Lock on PC Case
This is a local, physical vulnerability for the truly paranoid to deal with. A lock should be put on your computer case to prevent people from opening it. Why would they want to open it? To snag your hard drive, to reset your BIOS, etc. Locks can be broken or picked, but at least they can slow down the attacker or force them to figure out a new means of obtaining what they want.
Boot From CD/USB Disabled
As mentioned above, if someone can boot up to your computer using a CD, then they can do loads of harm. The same exists with booting up with USB drives. Protect yourself!
Install Encryption Boot Software
Computer using such software have their hard drive’s data protected until after the password is supplied during boot. This disallows people from retrieving the contents of a hard drive after stealing it. Such software is commonly found on corporate computers, especially laptops since they are mobile and can be stolen easily.
Know of any other good suggestions? Know of any better ways than what we listed? Leave a comment!