Step 3: Patch everything
In Windows 7 default settings, the Windows Update service will be appropriately configured to download and install critical Windows operating system and Microsoft application files in a timely manner. Multiple studies have shown that Microsoft software is among the most patched software in the world. But Windows has nothing built in to help you keep up with all the non-Microsoft patches. Install software or enable processes to ensure that all programs are patched -- especially your browser plug-ins . Malicious hackers are quickly moving to less frequently patched third-party programs to silently exploit the end-user.
Step 4: Install anti-spam and anti-malware software
The biggest threat to client systems is the Trojan horse -- fake Outlook patch, fake anti-virus scanner, fake codec for that must-see Britney Spears video -- that dupes the end-user into downloading and executing malicious software. Long gone are the days when you could rely on bad grammar and misspellings to point out the bad stuff. Today, even the most knowledgeable security people can be fooled. Unless you (or the end-user you are administrating) can tell the difference between good and bad software with perfect accuracy, you should install and use up-to-date anti-spam and anti-malware software.
Step 5: Enable the SmartScreen Filter in Internet Explorer 8
When you first start IE8, one of the startup wizards asks if you want to enable the SmartScreen Filter, which checks a local database or a Microsoft site to see if surfed Web sites have been previously marked as legitimate or malicious. SmartScreen also checks for many predefined malicious behaviors such as cross-site scripting . SmartScreen results in a slight, just noticeable delay when enabled. The savviest security users may want to disable this setting, while most users should make sure it's enabled. If you're already running IE8, check by selecting SmartScreen Filter from the Safety menu.
Step 6: Take an inventory
Over time, most systems accumulate more and more -- often unnecessary -- programs that end up exacting a toll on memory resources. Without an active cleanup of your system, it will become slower, more prone to crashing, and stocked with additional attack vectors for bad stuff to exploit.
To fight software creep, periodically inventory the software and services running on your system, and remove what isn't needed. You can manually inspect your system or use a utility like Microsoft's Autoruns , a free download. Autoruns will list every program and service running on your system and allow you to disable what is not needed with a click of the mouse. My advice is to do your research before disabling anything you don't recognize, so you don't cause yourself unexplainable operational issues later on, after you've forgotten what you disabled.
Step 7: Back up your data
We've all been using computers for a long time now, and we know that stuff happens. It's good to have a multiyear computer warranty, but to minimize the damage when your computer crashes, make sure to back up your irreplaceable data. Windows 7 includes a reliable backup program that you can set up at Control Panel > System and Security > Backup and Restore. Or just search on the keyword "backup" in Help and Support to learn everything you need to know about Windows backups.
This article covered the items that should be done to make an already secure Windows 7 system more secure. If your OS and all applications stay fully patched and you don't get tricked into running Trojan horse executables, you will have significantly less risk than the average user. Don't fall into the trap of disabling the Windows 7 defaults (UAC, Internet Explorer's Protected Mode, Windows Firewall, and so on). Many well-meaning advisers don't have access to the cumulative customer experiences that Microsoft does.
This story, "Seven Ways to Secure Windows 7" was originally published by InfoWorld.