This is the first in a series on how to keep your PC healthy, happy, and secure. This series will be posted over the next few months, and then kept in archive for referral. In part 1, I will focus on the most basic piece of the equation, Windows.

Screenshot, Windows update, macro, 30 deg

“Windows updates should be installed within 24 hours.”

Ask yourself, “What is the most important part of a house?”  It’s not really the walls … we humans lived a long time without walls.  The roof?  You could argue that shelter is the entire point of a house.  And a roof will play an important part at the end of this series.  But to me, the most important part is the part that makes all others exist: the foundation.  Without a solid base to build upon, a wall, a window, a second floor, and a roof can’t exist.

Your computer also has a foundation, from which everything else is built upon: your operating system.  And for about 95% of you, that’s Windows.  Throughout this guide, I will discuss things like installing anti-virus products or practicing good behavior, but all of it can be rendered moot if that foundation, Windows, is left insecure.

First and foremost, you should install all Windows updates, and they should be installed within 24 hours of them appearing to you.  Let me explain why.  When Microsoft publishes an update, they’re patching a hole that they’ve found within Windows.  Assuming the bad guys have not already found these holes before, MS releasing an update tells them where each hole is and how to exploit it.  Within minutes (yes, minutes), they will begin trying to exploit each hole to get malicious software (“malware”) inside as many machines as possible.  If you don’t apply the patch ASAP, you will leave a wide-open hole in your PC that even anti-viruses can’t stop.

Why can’t anti-viruses stop it?  An anti-virus, like any program, relies on Windows to not lie to it … if they ask for a file, Windows goes and gets it for them.  But if that foundation, Windows, is infected, malware can serve up a bogus file to the anti-virus.  “See? This file is fine! (whistles)… No problem!”  An anti-virus has no way to verify that file isn’t accurate, because Windows handles all access to the files.  And this is one of just a thousand ways that an infected operating system could lie to an anti-virus.  An infection could also use a rootkit, which prevents Windows from even being able to see a piece of malware, even though it’s still in memory and on the hard drive.  So if you don’t keep that foundation solid and secure, you’re toast.  No matter how good an anti-virus suite you purchased, no matter how vigilant you are in your behavior…

“I have a spare computer that is 13 years old … and I installed Vista on it with no problem.”

Another important part of keeping Windows up-to-date also means using a modern-day version of Windows.  By “modern” I mean Vista, 7, 8, or 8.1.  These are modern because they are still being updated by Microsoft.  Notice that XP is not on that list.  So, are you using Windows XP?  I was afraid you were.

Windows XP, released in 2001, is 13 years old.  In case you didn’t hear, in April of 2014, Microsoft stopped publishing patches for it.  As I stated above, that means if you’re using Windows XP, you’re vulnerable to attack.  I strongly, strongly advise (can I stress that any more?) that you upgrade to at least Windows Vista.  And yes, your computer can probably handle it.  I have a spare computer that is over 13 years old (for the geeks: an AMD Athlon XP 2000 system with 1GB of RAM and Radeon 9250 video card), and I installed Vista on it with no problem.  I have no doubt that if you’ve got an XP computer with at least 1GB of RAM, you can run Vista just fine.  Just don’t bog it down with a bunch of stuff you don’t need (more on that in another post).

But if you’re stuck with XP, and absolutely, positively cannot upgrade, I’d highly advise doing the following.  First, stop using Internet Explorer.  IE is (not) kept up to date by Windows update, so it’s just as vulnerable as Windows is.  Instead, download and use Google Chrome.  Besides being more secure and constantly updated, Chrome has an interesting feature in that it includes its own version of Java and Flash inside it, meaning they’re always kept up to date.  For this reason, you can then uninstall Flash and Java.  I will talk more about this in the next part of this series, but basically security-wise, Java and Flash are about as air-tight as a screen door.

Second, switch your primary account to a limited user account.  The details of this are kind of long, but basically you’ll want to create a new account, make that account an administrator, and give it a password.  Log into that new account, and downgrade your everyday account to a limited user.  Keep in mind, this is a double-edged sword.  As a limited user, you won’t be able to install new software, unless you switch to the administrator account.  However, as a limited user, malware can’t install itself either.  This should keep you safe from most attacks hitting XP now.  Not all, but most.

 

I hope that you see how important a foundation Windows is.  If you don’t keep it up to date, you’ve already lost the war against malware.

About the Author

Derek Moore - Co-owner, Technician
Has over 20 years experience in technology.  Began programming software by age 13, and repairing and custom-building PCs by age 15.  Graduated with B.S. in Computer Science.  Most recently worked as a software developer...  “I've always enjoyed helping people and solving problems, and with MCS, I get to do both.”