20 easy steps to secure Windows

Lock down your PC with these essential Windows security tips

Browser settings

Type in 'tips for securing your computer' into any search engine, and it's surprising how many times some curiously similar basic advice crops up. They're almost always the same tips, in the same order, looking as if they've been cut and pasted from site to site.

But you already know how to enable your firewall, that you must install antivirus software before venturing online and that you need to enable automatic Windows updates. So what can you usefully do beyond this to help secure your network?

PC Plus magazine has compiled a list of 20 tips designed to give you a more secure computing environment.

1. Add a password

Enabling passwords is possibly the single most important thing you can do if your computer is used by several people. More to the point, if your computer is stolen, being able to boot Windows and log in without a password is like leaving your front door unlocked.

To add a password, go to the Control Panel and double-click 'User Accounts'. Click on the administrator account, then 'Create a password'. Enter and confirm your password, and also enter a password reminder phrase. Make this as cryptic as you can, because anyone can see it.

2. Banish the defaults

Almost all wireless routers require an administrator password before a user can log into the device and modify the configuration settings. However, the default password is weak because lists of such passwords are available on the internet. We recommend that you change the default password. It may not be an account that you log into very often, so try to make it a memorable password.

3. Lock Guest accounts

Some people like to give access to the Windows 'Guest' account when others need temporary unsupervised use of their computer. However, when you enable this account, it has no password by default. If you decide to make use of it (after all, it's not inherently less secure than other non-privileged accounts), make sure that you give it a password. If you're not using it, disable the account completely in the Control Panel.

4. Plug open ports

Open ports on your firewalls are vulnerable to attack in ways your antivirus software won't necessarily detect. To close them, double-click 'Windows Firewall' in the Control Panel. On the Exceptions tab of the pop-up window, untick the services you no longer use. If you know you won't be using a service again, select it and click 'Delete' to remove the exception for good.

5. Force the issue

You can easily force users to have passwords in Windows. On the Start menu, right-click on 'My Computer' and select 'Manage'. This brings up the Windows Management Console. Expand 'Local Users and Groups' and select the Users folder. Right-click the account you want to change and select 'Properties'. A box will pop up giving a number of tickboxes for controlling the account's password. Untick 'Password never expires' and tick 'User must change password at next logon'. This will force the user to change their password (thereby setting it) the next time that they use the machine.

6. Shun auto complete

If you share your computer with others, it's a very good idea not to store account credentials for websites in your web browser. The details may be stored securely, but if your browser automatically fills in your log-in details every time you visit a site, all the encryption in the world won't stop another user from logging in as you.

In Internet Explorer, click on the Tools menu and select 'Internet Options'. On the Content tab of the subsequent window, click the 'Settings' button in the Auto Complete section and a smaller window will pop up. Here, you can set options to stop the browser from using auto complete for sensitive items. Back on the General tab, press 'Delete' and select the data types that you wish to delete.

In Firefox, select 'Options' from the Tools dropdown menu, select the Privacy tab and unclick 'Remember what I enter in forms and the search bar'. Next, click the 'Settings' button. The subsequent window will allow you to specify what you want to delete.

7. Use WMA encryption

If you have an unsecured Wi-Fi network, who knows what the neighbours might be up to? However, standard WEP encryption is no longer considered secure as plenty of tools now exist to crack it. Instead, you should be using WMA to secure your network. You'll have to read your equipment manuals to find out how to enable it, but once it's enabled, cheapskate neighbours will finally have to buy their own broadband connection.

8. Learn to spot spam

You may be savvy enough not to fall for email phishing scams, but how clued-up are the others who use your computer? It only takes one malicious attachment to be opened and all your good security practices will have been for nothing. Make sure that everyone understands this and train them to delete all spam unopened.

9. Stay up-to-date

So-called 'drive-by' attacks on web browsers are incredibly common, and becoming more so. Some exploits work via unpatched vulnerabilities in your web browser, so to avoid this scan regularly for security patches. Internet Explorer is updated automatically by the Windows Update service. In Firefox, simply click 'Scan for updates' on the Help menu.

10. Get a better firewall

The firewall supplied with XP does not block outgoing connections (the firewall supplied with Vista does), so if you become infected with malware that sends spam or launches denial of service attacks, the firewall won't stop it. It's a good idea, therefore, to install a third-party firewall with more features, such as Zone Alarm.