Securing Windows

Windows is the most popular and most targeted operating system but a lot of the more common attacks on it are trivial to defeat. This guide will cover some  simple steps to secure Windows and keep your system safe.

Reducing Attack Surface

This should be the first step to securing literally any operating system. Code is attack surface, running code is valuable attack surface, internet facing code is a gold mine.

First thing’s first go ahead and run msconfig.exe. Disable startup applications you have that aren’t important like some toolbar service. Don’t disable applications looking to update.

You can also look in services.msc and disable what you don’t need. Personally, I don’t print from my computer, so right away I can disable the Printer Spooler service. This service has been involved in many infections and an exploit in it allowed for Stuxnet to propogate. There are other services like Computer Browser that you might want to disable. Don’t disable anything without understanding what it is, I suggest you check this wiki out for explanations:

http://www.blackviper.com/windows-services/

I don’t know who that guy is or why that site is the way it is… but the wiki is fine.

You should also uninstall any programs you don’t really run. Maybe you have Java installed but you don’t really know why – get rid of it. Java’s a massive hole on your system. Maybe you have 5 torrent clients for no real reasons, remove 4 of them. Just get rid of what’s on your computer if you don’t need it.

Run EMET

I’ve posted about EMET twice now with an explanation as to what EMET is and a guide to set it up. I highly suggest you follow that guide to the letter.

EMET is probably my favorite tool for Windows security. It’s not going to prevent every exploit ever but pretty much any automated exploit is dead in the water and even a targeted attack will be more difficult against a service running EMET.

If you follow my guide you’ll have many of the critical applications running EMET.

Stay Patched

Staying patched is the easiest way to stay secure. It’s a lot easier for bad guys to exploit known vulnerabilities than to come up with new ones. Even if you’re running EMET and you’ve reduced attack surface if your system is full of vulnerabilities that are well known to every skiddy and hacker out there you’re going to be an easy target.

Set Windows to automatically update.

Guide to set up automatic Windows updates here.

You should also check for browser and plugin updates frequently as these are very commonly exploited.

If you use EMET, uninstall and disable unnecessary software, and keep your system up to date you’re going to avoid most threats for Windows. This isn’t all you can do to secure Windows but if I’ll recommend the above three tips every single time. They’re pretty universal for securing Windows users.

3 thoughts on “Securing Windows

  1. Pingback: A Tip For Those Looking To Lock Down Windows « insanitybit

Leave a Reply

Your email address will not be published. Required fields are marked *