Windows Desktop & Laptop Security Checklist

This is what I do to secure my fresh Microsoft Windows 7 & 8 installations. I don't guarantee this process or its principles will make any information system completely secure, but this is good enough for me.

  1. Encrypt Entire Hard Drive: I use TrueCrypt. This is not for people who forget their passwords, because if your hard drive is encrypted, forgetting the key is the same as smashing the hard drive with a hammer - all your data is irretrievable.
  2. Configure Users: The basic principle here is use an underprivileged user as much as possible.
    1. Activate the default Administrator account.
    2. Set a password on the default Administrator account.
    3. Turn all other user accounts into standard accounts. (Especially the one that will be used the most.)
  3. Turn on User Account Control (UAC): This way, if something needs to be run as an Administrator, it can be. A window will appear asking for the Administrator account's password.You don't even need to log out of the standard user.
  4. Turn on Automatic Updates: Use the automatically download and install setting.
  5. Turn on Windows Firewall
  6. Back up your hard drive
  7. Connect to Internet
  8. Windows Update: Manually check for and install updates until a check results in no other updates. Be sure to install Microsoft Security Essentials - that's your antivirus software.
  9. Download and install a browser other than Internet Explorer: I prefer Firefox because of the fantastic anti-tracking and anti-advertisement plugins, and because I don't think Google really needs to know more about my browsing patterns than it already does.
  10. Download and install only the programs that you will be using in the next week. If a program goes unused for a week, remove it! You can always download the latest version when you need the software again.
    This prevents unused software (that's more likely to be out of date because it's unused) from becoming a security problem.
  11. Download and install an update checker, like the one available from http://filehippo.com. This will help keep the software that you do have installed up to date.

For those who object to using Microsoft's antivirus software, keep in mind that antivirus software is reactive. You don't need it unless you already have an infection, and if you're infected, there's no way to know that you're cured - besides a complete reinstall or a restore from a known clean backup, like the one created above. It's actually much quicker than running a dozen different antivirus utilities, and at the end of it you know that your machine is clean.