How to secure/harden a Windows 7 System

Learn about Computer Security General Security Questions and Comments
#1

Hi all!

I’m just curious regarding security… I take privacy very serious and I would like to be sure that I’m in a safe and clean environment. How can I harden my system? Any tips, guides or informations are very appreciated. Also, how do you keep your system clean and how do you know if you and your personal stuff are safe on the internet? :slight_smile:

I have a laptop running Windows 7 Home Premium x64 SP1. Windows Automatic Updates are always on, UAC at high alert and a ‘standard’ account for daily web browsing, Skype chatting, e-mails, work and so on. Guest account is disabled.

I have Microsoft Security Essentials and the latest version (released so far) of Comodo Internet Security with Antivirus (Stateful), Firewall (on ‘Safe mode’) and Defense+ (on ‘Safe mode’). And Sandbox is enabled too. I keep MSE turned off (from services) and I only run it when I need a second opinion. I also do monthly scans with other antivirus products like Kaspersky Virus Removal Tool, Malwarebytes Anti-Malware, SuperAntiSpyware and Hitman Pro.

I had Spybot S&D to immunize my web browsers. I keep IE9 homepage as blank, default browser is Firefox and I keep Chrome for secure sites like my bank’s site, Paypal and stuff like that.

Network type is set to ‘Public’ and no sharing enabled. I’m also behind a router.

I don’t download weird apps from non-trusted sites, I don’t accept or download attachments which look suspicious or before I do I check them with virustotal.com in case Gmail or Yahoo doesn’t scan the attachment. I keep an eye for the site DNS to be sure I’m on the real and legit one and not on some fake phishing site.

I keep the ‘hide known extensions’ unchecked so I can see all extensions.

I make a backup on every season or before I do some serious updates/software installation. I save my personal data on a flash usb from time to time. i keep track of what apps I download/install and periodically I check the ‘Program files’, user folder, temp folder, ‘add or remove programs’, msconfig for startups and regedit (rarely - I kind of get lost around there).

I think that’s it so far. What do you think? Is there anything else I could do?

Thanks!

#2

I would recommend Secunia PSI also, it verifies all the installed software for critical updates About Secunia Research | Flexera

Updating plugins used by browsers is essential at this point in internet time, currently most attacks are against flashplayer/java/etc

#3

Hello , do you mean you are running mse and cis at the same time on one computer???
You better uninstall mse , because YOU MUST NEVER RUN MORE THAN ONE ANTIVIRUS PRODUCT ON ONE PC , BECAUSE THE WILL CERTAINLY CLASH!!!

#4

you can get addons for firefox , like ghostery , add block , use these disable adds on sites and keep your identity safe :slight_smile: you can use bitdefender trafficlight as an extra layer of security , to protect you from malicious sites , phising sites , and it has got a form of facebook link scanner…
use EMET , to harden your system , for cleaning : FREE tools : CCLEANER , WISE DISK CLEANER , EUSING FREE WINDOW WASHER , paid : CYBERSCRUB , WEBROOT WINDOW WASHER , PC TOOLS PRIVACY GUARDIAN…

#5

I’m probably not the person to ask, as I do virtually the opposite to the things you’ve listed :slight_smile: However, some people are fond of using:

The Enhanced Mitigation Experience Toolkit
http://help.artaro.eu/index.php/general-security/other-security-programs/microsoft-emet.html

This may also be useful:

Understanding Windows Service Hardening

#6

Use SandboxIE to sandbox your browser, and configure it to automatically empty it’s contents when you close the browser.
There are lots of other configs … eg. you can tell it to only allow your browser to run and connect to the internet, nothing else (including malware) can run/connect.

#7

Why not create a standard account and use the admin account only if needed

The standard account can help protect your computer by preventing users from making changes that affect everyone who uses the computer, such as deleting files that are required for the computer to work. We recommend creating a standard account for each user.

When you are logged on to Windows with a standard account, you can do almost anything that you can do with an administrator account, but if you want to do something that affects other users of the computer, such as installing software or changing security settings, Windows might ask you to provide a password for an administrator account.