SEARCH

How-To Geek

10 Important Computer Security Practices You Should Follow

computer-security

Antivirus programs aren’t perfect — especially Microsoft Security Essentials. If you’re relying on your antivirus alone to protect you, you’re putting yourself at risk. You should still follow basic, common-sense computer security practices.

It’s hard to make a complete list of all the little tips and best practices geeks follow every day. This is an attempt at listing some of the most important security practices that you should swear by.

Use Antivirus

RELATED ARTICLE
HTG Explains: Why You Need An Antivirus on Windows, No Matter How Careful You Are
Whenever antivirus software is mentioned, someone always seems to chime up and say they don’t need an antivirus because they’re... [Read Article]

Even if you’re careful, you should use an antivirus. It’s possible you may be infected by a zero-day vulnerability in a browser plugin like Adobe Flash or your web browser itself. Even if you keep your browser updated, you may be infected by a new, unpatched vulnerability just by visiting a web page.

Now, this isn’t extremely common — but it does happen. An antivirus is an important layer of protection, as it will help protect you even in the face of such vulnerabilities.

avast-antivirus

Leave UAC Enabled

RELATED ARTICLE
HTG Explains: Why You Shouldn’t Disable UAC
User Account Control is an important security feature in the latest versions of Windows. While we’ve explained how to disable... [Read Article]

User Account Control was obnoxious when Microsoft introduced it on Windows Vista, but it’s much less intrusive on Windows 7 and 8. It’s at its worst when setting up a new computer and installing your favorite software — but, after you set your computer up, it won’t bug you too much. UAC helps prevent malicious software from modifying your system without permission. Like antivirus, it’s an important layer of protection.

Leave the Firewall Enabled and Configure It Correctly

Windows has a built-in firewall, so you don’t need to install a third-party firewall. However, you should leave the built-in firewall enabled. The firewall blocks unsolicited incoming connections, protecting Windows and the other software on your computer from malware that exploits unpatched vulnerabilities in system services that listen to the network. This is how worms like Blaster spread so quickly in the early days of Windows XP and why such worms can’t spread as quickly anymore.

You should also configure your firewall correctly — when it pops up and asks you whether you’re on a Home, Work, or Public network, choose the appropriate answer. If you select the Home option when you’re connecting to Wi-Fi at a coffee shop, your laptop may make your shared Windows files available to other people on the coffee shop’s network. The Public option prevents other people from accessing shared resources.

Uninstall Java

Most web users have an outdated, insecure version of Java running. It’s therefore extremely easy for them to be infected by just visiting a web page. Java has seen a constant stream of massive security holes. The most tragic thing about the Java situation is that Java applets are so rare on the web these days that few people actually need Java installed.

If you have Java installed, visit your Control Panel and uninstall it. If you do actually need Java for something, you’ll be prompted to reinstall it — but you probably don’t.

If you do need Java installed — to play Minecraft, for example — you’ll want to disable the Java browser plug-in to protect yourself.

RELATED ARTICLES
How to Protect Yourself From Java Security Problems if You Can’t Uninstall It
For years, Java has been the top source of browser exploits. Even after a recent emergency patch, Java is still... [Read Article]
How to Protect Yourself From Java Security Problems if You Can’t Uninstall It
For years, Java has been the top source of browser exploits. Even after a recent emergency patch, Java is still... [Read Article]

Keep Your Software Updated — Automatically if Possible

All the software we use every day is likely riddled with security issues. These security issues are constantly being found — whether we’re talking about Windows, Internet Explorer, Mozilla Firefox, Google Chrome, the Adobe Flash plugin, Adobe’s PDF Reader, Microsoft Office — the list goes on and on.

Software companies regularly release security patches for such software. Worse yet, the patches release notes themselves may give information to attackers that helps them develop attacks on unpatched machines. It’s important to install such software updates as soon as possible after they’re available.

To do this, leave Windows Update set to automatically update — or at least set it to alert you to new updates and install them quickly. Internet Explorer, Mozilla Firefox, Google Chrome, Adobe Flash, and Adobe Reader all have automatic-update features — leave them enabled so you’ll always have the latest version without having to worry.

Browser plug-ins are a significant security issue. To be completely sure that you don’t have outdated browser plug-ins, visit Mozilla’s plug-in check website — yes, it works in other browsers and not just Firefox.

windows-update

Be Careful About Programs You Download and Run

This one may seem obvious, but so much of the malware Windows users encounter seems to be as a result of accidentally downloading and installing bad software. Be careful about the programs you download and run. Only download and run trustworthy software. Get the software from its official website — if you want to download VLC, download it from VLC’s official website. Don’t click a “Download VLC” banner on another website and download it from someone else that may bundle malware or adware along with it.

The same goes for software that arrives via email attachments — don’t open executable email attachments.

And, when downloading software, be sure to watch out for advertisement banners disguised as “Download” links that will take you elsewhere and try to trick you into downloading possibly malicious software.

Be aware that there are many different types of “programs” — for example, screensavers in .SCR format are essentially just programs and could contain harmful malware. We’ve got a list of 50+ different types of file extensions that are potentially dangerous on Windows.

open-file-security-warning-header

RELATED ARTICLES
How to Avoid Installing Junk Programs When Downloading Free Software
The web is littered with traps for novice users when downloading software, from fake “Download” buttons that are actually advertisements... [Read Article]
50+ File Extensions That Are Potentially Dangerous on Windows
Most people know that .exe files are potentially dangerous, but that isn’t the only file extension to beware of on... [Read Article]

Avoid Pirated and Cracked Software

When you acquire pirated or cracked software from peer-to-peer networks or shady websites, you’re taking a big risk. By running an .exe file from such locations, you’re trusting the distributor to not do anything harmful. Worse yet, the cracks you may need to run to make such software work properly are made by software-cracking groups. You can’t know if they’ve included malware or not.

Downloading pirated software and cracks is just a bad idea from a security standpoint. We’ve probably all seen people download files from peer-to-peer networks and become infected as a result.

Downloading unauthorized software is much riskier than pirating music or videos — software is machine code that can be tampered with. A video is just a media file that can play or not play — although untrustworthy individuals often try to disguise malicious programs as videos so less-experienced users will run them.

Beware Phishing and Social Engineering

RELATED ARTICLE
Online Security: Breaking Down the Anatomy of a Phishing Email
In today’s world where everyone’s information is online, phishing is one of the most popular and devastating online attacks, because... [Read Article]

Browsers and email clients try to protect you from phishing attacks, but they’re not perfect. A phishing attack is the web equivalent of someone calling your phone, claiming to be your bank, and asking for your credit card number. Your bank would never call you and ask for this information, just as they would never email you and ask you to send the information in an email.

Be very careful when disclosing personal information online. Ensure you disclose it only to legitimate individuals and websites. To access your bank’s website, go directly there — don’t click a link in an email that claims to be from your bank, but may actually direct you to an imposter site.

Don’t Reuse Passwords

Password re-use is a huge problem. If you use the same password everywhere, a leak at one website would mean that your username, password, and email address are known. Attackers could then try your password along with your username or email address on other websites, attempting to gain access to your accounts. They could even try the password and email combination to get into your email account — so if you use the same password on your email account, you’re in trouble.

Such password leaks are happening with alarming frequency. If you use a unique password everywhere, you wouldn’t have to worry if your passwords ever did end up leaked. For help using unique passwords, you may want to use a password manager that makes this easier on you.

RELATED ARTICLES
Why You Should Use a Password Manager and How to Get Started
The majority of people use very weak passwords and reuse them on different websites. How are you supposed to use... [Read Article]
How To Check If Your Account Passwords Have Been Leaked Online and Protect Yourself From Future Leaks
Security breaches and password leaks happen constantly on today’s Internet. LinkedIn, Yahoo, Last.fm, eHarmony – the list of compromised websites... [Read Article]

Use Secure Passwords

Password managers can also help you use secure passwords, which are reasonably long and ideally contain some combination of letters, numbers, and symbols. Password leaks have shown that many people use alarmingly simple passwords, such as “password”, “letmein”, and “12345″ to log into their favorite websites. It should be obvious — these passwords definitely aren’t secure.


There’s no way to make a complete list of all the best computer security practices, so we’re sure we’ve missed some important ones. Feel free to leave a comment and share other important tips people should follow.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 10/10/13

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!