Initial Setup

From software point of view there are almost no differences between a desktop PC and a laptop, except the better power saving options. So these tips apply for all Windows computers.

Most new laptops come with Windows preinstalled, however it has probably the worst security settings out of the box. Of course all Apple laptops come with MacOS X that is far more secure. On top of that there are tens of thousands of viruses, trojans, worms, spyware and other malware (malicious software) that attack a Windows PC. Being the most popular OS, almost all malware targets Windows (as it would have the most impact). All these threats are almost non-existent on MacOS or Linux.

The single most important security improvement on Windows is very easy to implement. Just make an user account and run the computer from it. Of course you will need an admin account to install software and updates, and to change some of the Windows’ settings, but it will be used only for that and never for running programs, browsing the Internet or doing work. As simple as that!
Setting a brand new Windows installation.

In Control Panel -> User Accounts create a new user and set it to be a “Limited User”. That’s it! This is the first thing to do on any new XP installation, reinstallation or system restore.

Then create a password for your current (admin) account, but don’t select the check box when it asks you if you want to make this account “private”. There is no point in hiding your files on this account since you will only use it to install software and updates.

Now every time you start the computer, log on to your user account and do whatever you need to: web browsing, email, typing, games, CDs, DVDs, etc. If you need to install or update a program, log off (Start button -> Log Off -> Log Off) and log on the admin account. After finishing the installation/upgrade, log off the admin account and log back on your user account to continue working.
Converting an existing admin account.

After you have used your computer for a while and accumulated settings, bookmarks, documents, photos, etc. making a new user account will mean transferring all files and settings over from the existing account. That can be cumbersome and hard to do, and in some cases even impossible. To avoid that, make a new admin account and convert your main account into “Limited User” account.

To do that:

1. Create new account (Control Panel -> User Accounts) for a “Computer Administrator” (the default setting).
2. Set a password on the new account.
3. Log off (Start -> Log Off -> Log Off) and log on the new account (you will see it on the blue login screen). This will make Windows finish creating the account.
4. Log off the new account and back into your main (old) account.
5. Go to Control Panel - User Accounts, click on your main account’s icon and choose “Change the type of my account”, then select “Limited User” and click “OK”.
6. Restart.

There may be some older programs that don’t like to run in a Limited User account. Best thing to do is to either update them or replace them with more contemporary software. However if you are stuck with a program like that and you have to use it, you can still run it from the user account but give it admin privileges. To do that:

Create a shortcut to that program

Right-click on the desktop and select “New -> Shortcut”, then navigate to the program and select it, usually in “C -> Program Files -> [program’s folder]” and click “OK”.

Set the program to run as the admin user

Right-click on the newly created shortcut and select “Properties”. Then click on “Advanced…” and check “Run with different credentials” checkbox. Then click “OK” and “OK” again to save the changes.

Now every time you start that program from the shortcut, it will ask you to select the account and enter the admin password and the program will run as if you are in your admin account. There is also a way to run any program as administrator while logged in as a limited user. Just hold down the “Shift” key, right-click on the program and select “Run As…”

Set Administrator passwordAnother important security setting that many people miss is creating a password for the Administrator account.
This account is build in XP and is accessible only from safe mode. To set the password (from your admin account) go to Control Panel -> Administrative Tools -> Computer Management, then double-click on “Local Users and Groups”, then click on “Users” just underneath, and finally right-click on “Administrator” on the right and select “Set Password…”. Dismiss the warning about changing the password and proceed with typing it in both boxes (the password can be the same as for your other admin account).

Antivirus. Windows just can’t live without it. There are a lot of good antivirus programs. Most of them also come in so-called “Internet Security Suites” bundled with a personal firewall, antispyware, email and anti-spam filters, parental control and what not. Most cost about $40-$70 and require yearly subscription at $30-$50. There are also a completely free antivirus programs, with free daily updates. I’ve been using AVG Free at home for over two years and haven’t had any problems so far. Regardless of which one you choose, make sure it is updated regularly (every day) and run the on-demand scanner about once per week.

Antispyware. If you are going to use Internet Explorer, you will need to invest in a good antispyware program that has real-time monitoring. If you use Firefox or Opera, you don’t need to worry much about spyware for now. The only way to get spyware in this case is if you actually download and install it yourself. Many “free” programs offered for downloading on the Internet contain spyware components. If in doubt, go to Google and type the program’s name followed by the word “spyware” and see what comes back.

Firewall. You actually need two of them. One at the router and a personal firewall on your computer. All recent routers have built-in NAT firewalls, you just need to get one. Windows XP has a built-in software firewall too, but it’s too basic and lacks outgoing connection control. For the last few years I’ve been using the free ZoneAlarm at home. It is somehow basic, but very easy to use and asks for permission every time when a new program is trying to access the Internet.

There are a lot of websites and forums on the Internet discussing the antivirus, antispyware and firewall programs available. There are also more specialized programs like antitrojan, antiexecutable, intrusion detection, etc. The bottom line is that if you use a limited user account, have recently updated antivirus, update Windows regularly, have router and personal firewall and are not using Internet Explorer, you are 99% safe. Of course if you use p2p file sharing to download programs from who-knows-where, you will eventually get infected.

Post a Comment

1 Comments

this is some good info. my problem though, is that I cannot log into anything on my laptop! I am sending this comment thru my PC.I can't comment on blogs, sign intp my bank account, etc., on my new laptop. I have enabled cookies, but don't know what else to do? can you help? don't know if this is the right place to ask this, but if it is, then thanks!