Security Tweaks

There are a few security tweaks you can apply to fine-tune your computer security. Most people don't care about getting into the guts of Windows and making little adjustments but you should consider these just to put the icing on the cake.

#1 User Account Control

User Account Control or UAC was introduced in Windows Vista. Due to the increasing number of threats on the Web, it was added as a security measure that could interrupt certain programs from running and ask the user if it was okay. Unfortunately, people hated it because it constantly nagged you for nearly everything you did.

Windows 7 softened this up quite a bit but it can still be annoying. So, should you use it? For most people, I say yes, this should be one of your security tweaks. The number of drive-by malicious downloads is increasing. So are fake antivirus and antispyware programs (Rogueware). Both of these threats can many times be stopped cold with UAC. If you see a warning from Windows about a program that wants to run and you aren't installing anything yourself, click "NO" to the dialog and run away from that web site.

UAC is turned on by default on new computers but many people turn it off because it annoys them. I know it's painful but if you're not at least a moderately knowledgeable user, you should make sure it's turned on. It could save you just when you hate it the most. For Windows 7, click Control Panel -- User Accounts -- Change User Account Control Settings.

#2 Adobe Reader Security Settings

Adobe Reader is one of the most often exploited programs running on your computer. It's used to open documents with the .pdf extension. Reader has grown up since the early days and can now handle all kinds of active content, including JavaScript.

Many exploits of Reader rely on JavaScript to get a foot in the door. And just like a pesky door to door salesman, once he's in, it usually gets worse from there. Most people don't use all the features of Adobe Reader that it has turned on by default. So, I recommend a couple of things:

First, make sure you have the latest version. It's amazing how many people have a version of Reader that is YEARS old. That also means that it has many un-patched security risks. Get the latest version by visiting Adobe here.There are a couple of things to know about this, though.

Before you download, un-check the box offering a free McAfee scan unless you really want the scan. Adobe downloads the Reader using its own download manager and it gets installed first. But there are security risks with the download manager itself so one of your security tweaks should be to remove it after you install Reader. Go to the program remover in control panel for this.

Also, Reader comes with its automatic update feature turned on by default. This is a good thing but if you have Secunia PSI installed, it will tell you if Reader needs to be updated so you could turn the Adobe updater off. I'll get to this next.

Okay, now let's do a couple of security tweaks. Open Reader by finding it in the Programs menu in the Start Menu. Vista and 7 users can just type Reader into the search box in the Start Menu--it's quicker. Then go to Edit -- Preferences -- JavaScript. Un-check the "Enable Acrobat JavaScript" checkbox.

Go to Updater. If you don't have PSI running, choose "Automatically Install Updates". This is probably already selected, but just check it anyway.

Adobe Reader is integrated into your browsers by default. That means you can open web pages that happen to be PDF files and they will display directly in the browser. This can be a bad thing. Even if other security tweaks are in place, a malicious PDF file can infect you through this handy feature. So, you might consider turning it off. If you do, you can still open the document but it will open in the standalone Reader application instead. Go to "Internet" and un-check "Display PDF in Browser".

#3 Create a Standard User Account

When you first set up your computer, you'll most likely have an Administrator account. This allows you to do anything you want from that account such as install programs and change system settings. But that means that malicious programs can to if they are downloaded inside an Administrator account.

Consider setting up a Standard User account as one of your security tweaks and using it for most computing tasks. You can still run most programs and change settings associated with your Standard account. But it could prevent some malware from changing security settings and installing things you don't want. When you need to do Administrator duties, just log out of the Standard account and into the Administrator account. You can set one up by going to Control Panel -- User Accounts -- Manage Another Account -- Create a New Account (Win 7).

#4 Encrypt Your WiFi Signal

Even though I deal with this elsewhere on the site, I wanted to put it here too because it continues to amaze me how many unprotected wireless signals are bouncing around our neighborhoods. If you ran down to Best Buy and bought a wireless router and hooked it up without setting any encryption, you're missing one of the most important security tweaks and you're a bad little monkey.

You need to know that in many cases I can pull up in front of your house, connect to your computers, upload and download whatever I want and steal your identity from the comfort of my car. Now, you don't want that, do you?

There are several types of encryption available but you can forget about WEP, it's not recommended today. You want WPA2 Personal. If you don't know how to set this up, call someone who does and get it done right away. I'll work on some video tutorials for YouTube as soon as I can.

#5 Disable AutoPlay/AutoRun

When you use a USB stick--also known as a flash drive--or a homemade CD/DVD, the auto-run feature of Windows can automatically open a program on it. You can disable that feature to avoid having malware run as soon as you plug it in. There's a nice tutorial by the US government's US-CERT office here.

A lot of malware gets installed this way and no one is immune. I just read an article about a security conference in Australia where IBM handed out free, promotional USB sticks. The bad news is that they were carrying a virus and a worm. Talk about embarrassing. A huge corporation at a security conference infecting the attendees. So, yes, it can happen to you.

#6 Facebook Security

Facebook is a monster now and continues to change its default security settings so that more and more of your identity is visible to the whole world. Many, many people get infected through Facebook mainly due to social engineering tactics that malware authors are using.

There's such a buzz around the whole social networking thing that people just forget that they're exposing their identities when using Facebook. There are a number of security tweaks that I recommend you make to make sure your identity and your computer are safe. You can read about this here.

On that page you'll see a link to a couple of tools that will adjust your security settings to their most private level. I highly recommend doing this immediately.

#7 Browser Security

Since your web browser is the major entry point for malware, it makes sense to lock it down as tightly as possible. Personally, I use Firefox. One reason that I do is that it has nice security tweaks such as a script-blocking add-on called NoScript that blocks all scripts by default. This is a good thing in my opinion because scripts are a major method of exploiting your browser.

As you visit web sites, you can selectively allow zero or more scripts with a simple mouse click. Also, Firefox notifies you if you need to update any of its add-ons so that you stay up to date on security patches. NoScript updates come out regularly which makes me feel much better.

By preventing scripts from executing upon first visiting a site, you can inspect things first and then allow any necessary scripts and no others. You can also temporarily allow them which means that the next time you visit, you'll have to allow them again. While this can get a little annoying, I'm use to the process now and it's quick and painless for the benefits it offers.

IE8 has a similar feature built in but it seems to be lacking in some areas. Chrome is supposed to have NoScript support in version 5 but it's not here as of May 2010 so I recommend Firefox for the time being.

There's also a page devoted to browser security here.

I'll be adding to this page regularly so check back often.