Guide for Home PC Security

At least once a week, I'm asked by someone about how to keep their home computer or network secure.  I do my best to explain it as simply as possible, but it's quite a bit of info to take in all at once.  Because of that, I decided to write it down for reference.

Security is a group of things working together, as well as how we approach our computer activities in general.  Adding each layer of security together adds up to a more secure computer and network.  This layered approach is known as "Defense in Depth".  Please note that no system, no matter how complex, is never 100% secure against every possible threat.

Security starts with you, the computer user.  By being observant and questioning what you see, most security issues can be headed off before they become problems.  Phishing (pronounced the same as fishing) is a technique that crooks have been using for many years to gain information from people and companies.  They get people to give out information that they normally wouldn't give a stranger.  This isn't  just limited to computers; questionable companies and crooks have been phishing by postal mail for years.  One example of many that I've seen is the mail from random companies trying to get you to renew your factory warranty on your vehicle.  It looks professional and genuine, but really isn't the real deal (Anecdotally, one time, they tried to get me to renew the warranty on a 13-year old car that I was the 4th owner of).  The same can be applied to email and web pages.  If you get a message from Facebook, Twitter, etc. saying you have a new message or friend, it might actually not be from Facebook.  It could be a crook sending a real-looking message in attempt to get your account info.  The safest thing to do is to go directly to facebook.com, twitter.com, etc. and log in that way.  The same applies to eBay, PayPal, and other accounts.

Sharing computers can be a security risk.  You might feel willing to let a friend use your computer, but are you certain that they know how to use it safely?  They could inadvertently browse an infected web page or accidentally install some malware that came in their Hotmail/Gmail/Yahoo Mail.  On the flip side, using someone else's computer can be just as hazardous.  If you use someone else's infected computer, there is a chance that any account you log into or any information you give out while on that computer might be intercepted by a third party.  Treat computers like a toothbrush; do you let other people use your toothbrush, and do you use other people's?

Use different passwords for different things.  The usual response that I get to this is that it's hard to remember all the different passwords.  Yes, it's a challenge.  However, it helps a great deal.  Let's think of this example: Bob uses the same password for his email and Twitter.  His twitter account gets hacked, and the thieves find his email address.  Using the email address and the password from Twitter, the attacker get into Bob's email.  Taking a peek through Bob's email, they see his bank's monthly newsletter.  From there, they log into Bob's bank account and siphon off his money.  Was keeping his passwords the same and easy to remember worth his savings?  Most likely not.  Try to make passwords complex.  In many cases, you can use phrases instead of words.  For example, "I don't like having to use complex passwords!" is more secure than "Newpassword123".  Your email password is the most important to keep safe, as most accounts use the contact email to send password reset requests to.

Let's take a look at the network side of computer security, starting from the outside.  Think of your network as a house, as many security basics apply to a network as well as a house.  Your hardware-based firewall(often your router) is like a front door.  It allows our data out when we need, and only allows traffic in that we want to have come in.  Without this, we might as well just leave our computer on the front lawn overnight and see what happens.  Not sure if you have a hardware firewall?  If you have more than computer accessing the Internet at the same, you more than likely have one.  In addition to the hardware firewall, a software-based firewall is greatly recommended.  All current versions of Windows come with the Windows Firewall, which is turned on by default.  Why do we need another firewall?  We need them for two reasons: 1) There's always a chance that something could get past the first firewall and 2) If an attacker or infected computer is on the home network, they're on our side of the front door.

Many home networks use wireless networking.  It's important to secure it by using a wireless key on it; if there isn't one, someone can access your network and potentially your computers.  Think of it as a lock on the door.  People with the correct key can get in; others can't.  There are a few different types of ways to secure(encrypt) your wireless network.  WPA2 is the current best encryption method.  Other methods, such as WPA and WEP, are less secure.  In fact, WEP's about as useful as an old-fashioned skeleton key.

 Anti-malware (including antivirus) is an important part of computer security.  Traditionally, antivirus was enough to secure a computer, but in today's environment, threats come about much more quickly, and in smaller numbers.  It's important for a computer to have not only antivirus for existing threats, but anti-malware that can observe what programs are doing on a computer and identify unwanted behavior.  There are several products on the market, all of which have their strong and weak points.  Of the paid products, I've had incredible Luck with Webroot.  It gives solid protection for computers, as well as takes up very little resources when running.  There are free alternatives as well.  Microsoft puts out Microsoft Security Essentials, which is a blend of Windows Defender, Windows Firewall, and antivirus.  This is included in Windows 8.1 and later.  Panda Cloud Antivirus, when coupled with Windows Defender, provides balanced protection against both new and existing threats, as well as behavioral detection.

Updates are your friend.  Most major products (Windows, Adobe Reader, Firefox, Chrome, etc.) put out updates on a regular basis, usually to patch security holes.  Keeping all the software up to date on your computer reduces the risk of your computer being compromised by a software vulnerability.  Most software manufacturers update to a new version of software within 3-4 years.  After a new version comes out, updates to the older versions are often few and far between.  With that in mind, expect to update software that you purchase every 3 or 4 years.

Don't use your computer as an administrator.  Out of the box, Windows sets up the default user as an administrator, able to make major system changes.  This is useful for setting up software and such, but isn't good overall for keeping security.  Change the default user's password and create a standard user for normal computer use.  That way, if the normal user gets infected, it's less likely that the entire computer will get infected as well, resulting in much easier cleanup.

Lastly, it's up to you to notice problems when they happen.  If your computer's acting strangely, there's probably a reason why.  Most of the modern malware is designed to not be noticed, but there is sometimes a general slowing of the computer.  Other ones pop up messages trying to get you to pay money to 'disinfect' your computer, when really it's the virus that's telling you you're infected.  To put it simply, anything out of the ordinary might in fact be something else.

Takeaway: Using a multi-layered approach to security, along with awareness, goes a long way.  Do you have any useful tips or habits not mentioned here?  Leave some feedback and discuss.

(Updated 2015-01-01 for relevancy)