IT Knowledgebase
< All Topics
Print

13 Step to Secure Your PC After a Fresh Windows Installation

As soon as you finish the Windows installation, we encourage you to follow the security measures below to increase your security:

1. Keep your Windows operating system up to date. 

    To get the security updates automatically, go to Control Panel and check if your automatic updating is turned on or follow the steps below:

  1. Access the search box in your Windows operating system, type update and then Windows Update.
  2. Select Change settings.
  3. Click Install updates automatically (recommended), in case it is not already selected.

After the initial installation of available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your computer against new viruses and security threats.

It is a very important step to install the latest security and stability fixes for your operating system, since cybercriminals always try to benefit from these security holes.

windows 10 up to date

2. Keep your software up to date.

     Since it is a well-known fact that malicious hackers try to exploit popular software, such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime or popular web browsers like Chrome, Mozilla Firefox or Internet Explorer, always make sure you have the latest available patches.

Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed. Simply install a dedicated solution to perform these actions for you. And most of all: follow the experts’ advice!

system_restore

    3. Create a Clean  Installation restore point. 

 You can create the Restore Point as soon as  your  Windows installation is ready and name  it Clean  installation and then you can  continue installing drivers  and applications.

 In case one of the drivers causes issues on the  system,  you can always go back to the Clean  installation restore  point.

 For more information on how to create a  restore point in  Windows, check this how-  to article.

4. Install a traditional antivirus for reactive protection. 

    Use a known antivirus product from a big security company. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update and a firewall.

To find the best solution, check the antivirus test results run by big company names in the security industry, such as AV Comparatives, PC MagazineAV-TEST or Virus Bulletin and select the best antivirus solution for your system.

In case you choose to install a security product that doesn’t include a firewall, make sure you have turned on the Windows firewall. To turn it on, go into Control Panel, select Firewall, select Turn Windows Firewall on or off, then select Turn on Windows Firewall for all options.

5. Install a security solution against spyware.

Spyware refers to that category of software which installs on your computer sending pop-ups, redirecting your browser to malicious websites or in some cases, it may even monitor your browsing history.

Usually, these are the signs a computer is infected with spyware:

  • computer is slow when opening programs or running some applications
  • pop-up windows appear all the time
  • a new toolbar may appear in your web browser
  • the Home page of your web browser has been modified
  • the search engine in your web browser has been changed
  • error messages start to appear unexpectedly

To avoid having spyware on your system, follow these good security practices:

  • don’t click any suspicious links or pop-up windows
  • don’t answer to unexpected answers or simply choose No
  • be careful when downloading free applications

How can I remove spyware from my system?

There are a number of popular anti-spyware products you can use to protect your system from malware. A few security solutions capable of removing spyware from your system are MalwarebytesSpybot Search and DestroyLavasoft’s Ad-Aware and others.

For more information on spyware and how to remove it, here are some helpful communitieswhere you can find the answers to your problems.

6. Install a proactive security solution for multiple defense layers.

    We need to say that a traditional antivirus solution cannot fully protect you against the latest malware out there. Financial malware epecially is created to steal private data and confidential information and it uses sophisticated methods to do so.

To have the best protection against financial and data-stealing malware, such as the infamous Zeus family or CryptoLocker, it is better to use a specially designed software.

Even though you are protected against traditional viruses and spyware, you still need a specially designed software to protect you against financial theft and data stealing software.

7. Back up your system.

    You updated the operating system and your system applications, you have installed additional security products for your system safety and even created a Clean installationrestore point for your Windows.

The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.

To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

We need to emphasize the importance of having a back-up solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.

Online Backup

At the same time, you could simply use your Windows Backup system. To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.

8. Use a standard user account to access your Windows operating system.

    Windows grants a certain level of rights and privileges depending on what kind of user account you have. You may have a standard user account or an administrator user account.

It is recommended to use standard accounts for your computer to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.

In case you want to install an application or make security changes, Windows will ask you to provide the credentials for an administrator account.

Top Security Tip:

Using a standard account ensures that a piece of malware which infects a limited-user account won’t do much damage as one infecting an administrator account.

We also recommend that you set a strong password for your Windows user account.

If you don’t want (or don’t have time) to use a password manager or to set a strong password, at least make sure you follow a few simple rules:

  •  the password should contain around 20 characters
  •  combine upper and lowercase letters, numbers and symbols
  •  don’t use the same password for other accounts
  •  change your password every 30 days
Windows account

9. Keep your User Account Control turned ON.

Many users have the tendency to turn off User Account Control after installing/reinstalling the Windows operating system.

We don’t recommend this. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.

UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.

In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes on the system.

UAC

10. Secure your web browser before going online.

    Since our web browser is the main tool used to access the Internet, it is important to secure it before going online.

The vulnerabilities in your web browser are like open door invitations to attackers. Using these vulnerabilities, the attackers will try to remove private information or destroy important data.

To stay safe while accessing various web pages, make sure you respect the following:

  1. Choose the latest version for your browser.
  2. Make a series of security changes in your web browser settings. For an extended explanation on how to configure your web browser, we recommend the following article.
  3. Choose a private browsing session when you access a website you are not sure about. Choosing this browsing mode will prevent authentication credentials (or cookies) from being stored.
  4. Since data stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups: 

11. Use BitLocker to encrypt your hard drive.

    Even if you set a password to your Windows account, intruders can still get access to your private files and documents. They can simply do this by booting into their own operating system – Linux, for example – from a special disc or USB flash drive.

A solution for this is to encrypt your hard drive and protect all your files. It is wise to use this degree of security if you use a laptop, which can be very easily stolen.

BitLocker is available on the latest Windows operating systems and you may turn it on at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password.

To activate BitLocker on your system, follow these steps:

  1. Click Start.
  2. Go to Control Panel.
  3. Access System and Security and click BitLocker Drive Encryption.
  4. Turn on BitLocker.

12. Lock it up!

    A final touch for the security of your system is to add a Kensington lock.

It’s so easy these days to have your mobile devices stolen, especially a laptop or a notebook, that adding a physical security measure doesn’t seem to be a bad idea.

Though Kensington locks are usually used in large places, like libraries, private companies and public offices, this doesn’t mean you can’t use one in your own home.

13. Be careful online and don’t click suspicious links

    To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you should resist the urge of clicking the link.

Most of us use shortening services for their links, such as goo.gl or tinyurl. But in some cases an unknown link may send you to a malicious site that can install malware on the system.

To make sure you are going to the right direction, use a free tool such as Redirect Detective.This tool will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.

Cr. heimdalsecurity.com/blog/fresh-windows-installation-security-guide/