Securing Windows


There are two ways to reduce security issues when running Windows: Either by running it natively, or running it on top of a virtualizer.

Things to do when running Windows Natively



  1. When pulling a new Windows PC out the box, do no connect it to the Net, and clone its partitions to a DVD or external drive that will be put in a safe place in case you need to reinstall Windows to a pristine state
  2. In addition to the NAT router, Windows should have a software firewall to check outgoing connections
  3. Anti-malware software with automatic, daily update of its virus dictionary and system check
  4. web proxy like Privoxy to remove suspicious stuff in web pages
  5. If not using online services like Gmail, SPAM filter like POPFile
  6. Use two accounts: Administrative account to manage software, and regular account to use software
  7. Enable Windows Update
  8. Do not run programs that you don't know to be safe. Besides regular executable files like EXE, COM, or BAT, this also includes attachments that can contain executable code like DOC, XLS, SCR, or PIF. Set up your antivirus to scan attachments before they are listed in your e-mail client, and set up your e-mail application so that it doesn't execute attachments unless you double-click on them
  9. Keep daily backups of your data (documents, e-mail addresses, etc.), on a removable media like a USB key, and a remote server. SyncBack is a recommended backup software for Windows
  10. Make regular restoration points

Running Windows through a virtualizer

Windows network ports