We have arrived at the final lesson in this How-To Geek School series. We have covered all the security tools that are built into Windows, and now we would like to some general tips that will improve the security of your computing experience.
We will start by sharing some recommendations on how to share folders in your home network in a secure manner so that outsiders who gain access to your network don’t have an easy time accessing your shared resources.
We will then show you how to improve the security of your system by making a simple change: setting Windows to require a password when resuming from sleep, so that people who steal your Windows laptop or tablet can’t log into it without a password.
Another recommendation we will share is to use VPN servers when connecting to public WiFi and we will also show you how to create VPN connections in Windows. We will move on to the topic of crapware, how to avoid it, and how to remove it when it manages to creep its way into your Windows device.
Last but not least, we will show you how to deal with suspicions files and get a second opinion from different antivirus engines before running them. We will also talk a bit about the benefits of running such files in a virtualized environment, so that your operating system is safe, in case your suspicions turn out to be well-founded.
Stop Sharing Folders Without a Password
In our How-To Geek School about Windows Networking we discussed in detail how network sharing works in Windows. However, we have left the discussion about security to this series. If there’s one thing you should remember about sharing on the network securely, it is this: never turn off password protected sharing. Force all network users who want to access what you are sharing to use the Homegroup or a username and password. This way, if an unwanted guest has access to your network, your shared data is safe from prying eyes.
Also, when sharing something on the network, using the Sharing Wizard or other tools that were covered in the Windows Networking class, avoid sharing with the user ‘Everyone.’ This user means anyone with or without a user account on your computer. Folders shared with this user account are easily accessed by anyone on your network, including unwanted guests who may have received or obtained access.
If you want to have a secure experience as well as an easy way to share folders on your home network, it is best to use the Homegroup feature. With it, you can quickly share just about anything, and your shared resources are accessed only by computers that know the Homegroup password and that have joined the Homegroup. Unwanted guests are left in the dark, unless they crack the Homegroup password and join it as well.
To learn more about the Homegroup and the way it works, read our How-To Geek School about Windows Networking.
Secure Windows by Requiring a Password When Waking from Sleep
If you are using a laptop or a tablet with Windows, we highly recommend that you set Windows to require a password when it wakes from sleep. If your device gets stolen or it is used temporarily by someone who should not have had access to it in the first place, setting this will make sure these people don’t get easy access to your data. We would recommend setting this up even on desktop computers where you want to make sure that only you have access to it, like your work computer.
You can change this setting both from the Control Panel and from PC Settings if you use Windows 8.x. If you want to use the Control Panel, open it, and go to “Hardware and Sound,” and from there click, “Power Options.”
On the left-hand column, look for the link that says, “Require a password on wakeup,” and click on it.
The System Settings window is now opened. Its settings are not editable at first, as they require administrator permissions in order to be modified. All user accounts are allowed to view them by default. If you are logged on as an administrator, then click on the link that says, “Change settings that are currently unavailable.”
Once the list of settings is editable, go to the “Password protection on wakeup” section and check the box that says “Require a password,” and then press, “Save changes.”
From now on, Windows will require a password each time it resumes from sleep.
If you are a Windows 8.x user on a device with touch, this process will be quicker if you use PC settings. Open it and then tap on “Accounts.”
Go to the “Sign-in options” section where you will find several settings related to the way you sign into Windows 8.x.
Look for a setting that says, “Password policy.” The default value is “Password is not required when waking this PC from sleep.”
If that is the case for you, tap the “Change” button and the setting is changed to “Password required when waking this PC from sleep.”
You can now close PC Settings as your setting is automatically saved.
Use VPN When Connected to Public WiFi
When you are connected to public WiFi networks that everyone can access, the data that you transfer to and from the Internet can be easily sniffed by others. In order to protect yourself, it is best to use a VPN service and connect to it.
VPN services protect your traffic from prying eyes by creating an encrypted tunnel through which information is transmitted. They can also bypass filters and firewalls and give you access to location-restricted or blocked websites.
There are many VPN services out there and we encourage you to do a bit of research and find a service that works best for you. If you need a bit of help, our team uses Private Internet Access and CyberGhost. They are both friendly services that are reasonably priced. CyberGhost also has a free plan that you can try.
Most VPN services come with their own VPN client for connecting to them. Some services may allow you to establish a VPN connection directly from Windows using the connection wizards that are built into the operating system. If you are using such a VPN service, let’s see how you can connect to it from Windows.
As always with Windows, there are two ways of doing this: if you prefer the Desktop in Windows 8.x or you are using Windows 7, then open the Control Panel and go to “Network and Internet,” and then “Network and Sharing Center.”
In the “Network and Sharing Center” click the link that says “Set up a new connection or network.”
This opens the “Set Up a Connection or Network” wizard. Select “Connect to a workplace” and press, “Next.”
You are now asked how you want to connect. Select, “Use my Internet connection (VPN).”
You are asked to enter the Internet address of the VPN server you want to connect to and a name for the VPN connection. You can also set whether you want Windows to remember your credentials or allow other people (user accounts) to use this connection. When done enabling the things that you want, press, “Create.”
At this step Windows 8.x creates the VPN connection and the “Connect to a Workplace” wizard is closed. You can move to the next step of connecting to the VPN. You will then have to enter a username and password in order to connect to it.
In Windows 7, though, the wizard is not finished yet. It now asks you to enter the username and password for the VPN server you are using. Enter them, and then select whether you want Windows 7 to remember the password, then press, “Connect.”
Windows 7 connects to the VPN service you are using. To close the wizard and enjoy your VPN connection, press, “Close.”
Getting back to Windows 8.x operating systems, you can create a VPN connection from PC Settings too. Open PC Settings and go to “Network.”
Go to “Connections” and click or tap, “Add a VPN connection.”
You are next asked to enter the details of your VPN connection:
- Select a VPN provider.
- Type the connection name that you want to use.
- Enter the name or the address of the VPN server that you want to use.
- Select how you want to sign in (in most cases it should be through a username and password).
- Type the username and the password.
- Select whether you want Windows to remember your sign-in info.
When done setting everything up, press “Save” and the VPN connection is created and available for use.
You can use the VPN connection anytime you need it. You will find it in the Networks list. To access it, click or tap the network icon in the taskbar.
In the Networks list, select the VPN connection and click or tap, “Connect.” If you have not entered your username and password when creating the VPN connection, you will be asked to enter them prior to connecting.
This is how the Networks list looks in Windows 7. Since you have stored your username and password when you have created the VPN connection, you won’t be asked to enter them again.
Avoid or Remove Crapware
Each time you buy a new desktop, laptop, or even a tablet, it comes pre-loaded with software you do not need but which vendors get paid to install. It’s just a quick way to increase the profits made with each device sale.
Also, when you install free software on your computer, that software often bundles all kinds of things you do not want: from dodgy browser toolbars to all kinds of programs that spy on your activities.
If you have bought a new device from a vendor, then you can manually remove all the programs that you won’t use, or you can try a tool named PC Decrapifier. When you run it, it asks whether your device is a brand new computer out of the box. If it is and you select “Yes,” it scans your device against a list of dozens of known crapware software and it automatically removes anything that is on the list.
Unfortunately, the list of known crapware is not that long and some of it might still remain uninstalled. However, you can run the tool again and answer “No” when asked whether your computer is brand new. When selecting “No,” PC Decrapifier shows all the desktop programs that are installed on your computer. You can select those that you do not wish to use, and PC Decrapifier will assist you in removing them as quickly as possible.
If you would like to learn more about how to use this tool, we have a detailed tutorial using a slightly older version. You can find it here.
However, the best tool for not having to deal with crapware is prevention. This is achieved only by paying attention each time you install programs from the Internet. Never go for the quick install method, and always choose carefully what gets installed on your computer. This means you must choose an advanced install. Prompts for installing bundled crapware are generally shown when you least expect them and they are made so that you can easily select “Yes.”
Pay attention to each step in the installation and refuse to install the third-party stuff that’s bundled with the program you want to use.
Scan Suspicious Files with VirusTotal for a Second Opinion
If you have downloaded a file that you are not sure about, or your antivirus finds is suspicious or possibly malicious, then you can use the VirusTotal website to confirm whether that file is infected or not. This service uses the 51 antivirus engines to analyze the files you submit and it will tell you whether they are identified as malware or they are safe. If several antivirus engines tell you that there’s something wrong with a file then you should delete it from your computer without ever running it.
To analyze a suspicious file, open your browser and go to https://www.virustotal.com.
Press “Choose file,” browse your computer, and select the file that you want to analyze and then press, “Open.”
Now press “Scan it!” and the selected file is uploaded and analyzed. You will see that most files have already been analyzed by other people on Virus Total and the results of their analysis are ready for your viewing.
Press “View last analysis” and you can view what all the antivirus engines used by Virus Total had to say about it.
If you don’t want to use your browser and you want to upload suspicious files directly from the right-click menu, you can try VirusTotal Uploader. Install it on your computer and each time you right click a suspicious file, you will have the “Send to VirusTotal” option available.
This tool quickly uploads the right-clicked file and shares the results of the analysis performed by this service.
Run Suspicious Files in a Virtual Machine or the Sandbox Provided by Your Security Suite
Another way to make sure that you don’t infect your computer when running files from untrusted sources is to use a virtual machine with another copy of Windows. You can run it there, see whether it does anything nasty and if everything is okay, use it on your computer.
Another safe way to inspect suspicious files is to use the sandboxing features of your security suite (if it has this kind of feature). Run the file there while the security suite protects your operating system from having its settings and system files changes and see whether that file is okay or not.
We have reached the end of the How-To Geek School’s Guide to Windows Security. We have covered lots of security tools and features that are built into Windows, and we have also shared some useful third-party tools that you can use to enhance the security of your system.
We hope that you have learned something useful from this class and if you have any unanswered questions, you won’t hesitate to ask them on our discussion forums.