How to protect my computer?

"How to protect my computer?" is a question often asked of us. There are lots of security vendors in the market each pushing their own proprietary security software.

Although the software we mention here is for Windows the techniques we present are applicable irrespective of the Operating System running on your computer.

We present here a minimalistic approach to security. There are other tools that you can apply like an Intrusion Detection System, which we are not mentioning here.In our experience

Also realize that there is no such thing as absolute security once your computer is connected to the Internet . The possibility that a clever way around your defense mechanisms is found always exists. Anybody or any software that claims otherwise is deluding you.

As far as we know the only way to be absolutely sure that your computer is secure is to place it in an electromagnetically shielded room with no connections to any network.

With that said, the following measures will give you a reasonable level of security.

1. Ensure that you start from a clean system

Once a virus or other malware has infected your system, it is very difficult to ensure that the system is clean. So it is best if the following measures are applied to system known to be free of malware. Besides software malware you should also make sure the system is free of any hardware keyloggers.

If you receive a computer or phone from somebody who would be interested in knowing your actions, that computer or phone may have such logging features installed by default.

2. Use a virtualization or sandboxing software

You can go for a heavy virtualization software like Virtual PC, VMWare, VirtualBox or QEMU. Alternatively you can go for a light virtualization solution in the form of software like Sandboxie or Returnil. Right now our preferred solution is Sandboxie.

Set up at least three virtualized environments

  • One virtual environment for your secure financial transactions
  • One virtual environment for your important known sites, web hosted email accounts.
  • A separate virtual environment for casual browsing. You should delete all stored files in this environment regularly.

3. Run a modern advanced firewall with IP feed

A modern advanced firewall protects your security as well as your privacy by guarding against

  • Incoming data seeking to attack your computer's services
  • By preventing access from and to malicious sites
  • By preventing leakage of information by installed programs. For example, let us assume that a malicious program sneaks in carried on a USB stick or a program that you downloaded off the web. The malicious program reads your private data off your files and then tries to send it to its host site.

A good firewall has a constantly updated malicious IP address feed that it uses to block incoming traffic to you.

4. Back and encrypt your computer data regularly

You need to backup your data so that you have it in case your
  • computer hard disk crashes
  • a virus or malware wipes out your hard disk
  • your computer is stolen
  • a natural disaster destroys your hard disk

regularly. The data should be encrypted to guard against critical data loss should a physical loss of computer or hard disk happen.

5. Ensure that access is restricted to trusted people only

An untrusted person may install hardware or software malware on your computer and defeat all your precautions. It only takes a few seconds to install a hardware keyboard logger.

More steps to "protect my computer"

The following steps are optional but good to carry out nevertheless.

  • Use Firefox Web Browser with NoScripts add on
  • Optional: Use a spyware blocker
  • Optional: Turn off the computer when not in use

Even more steps to "protect my computer"

If your threat perception is very high you can take even more steps to "protect my computer". Such steps would include

  • Always booting up using a CD or DVD to a known clean operating system
  • Deploying an Intrusion Detection System
  • Storing critical data in a separate encrypted disk which is physically attached only when necessary.

These steps reflect our current understanding of the steps needed to "protect my computer". As threats evolve we will update these steps.

Return from How to protect my computer? to Security and privacy software