20 easy steps to secure Windows

11. Go invisible

Most Wi-Fi routers continually broadcast the network's name using a feature called the Service Set ID, or SSID for short. This may make setting up wireless clients extremely easy, but it also makes wireless LANs visible to any Wi-Fi devices within range. Turn off SSID broadcasting to make your wireless LAN invisible to all but you.

12. Turn off HTML

It might be pretty, but you really should turn off HTML mail in your email client. In the bad old days, it was easy to spread malware via email because programs such as Microsoft's Outlook Express had HTML switched on and ran any embedded JavaScript. Times have changed, but spammers haven't.

They're still very interested in knowing if your address is active, and all they need to gain that knowledge is for you to read an HTML email. This is because HTML allows for the inclusion of remotely stored images. When accessed from the spammer's server by rendering an HTML email, he instantly knows that you've read his message and your address is active. He can then either spam you again or, as is more likely, sell your address along with millions of others to other fraudsters.

13. Go to the source

Only install demo versions of software downloaded directly from the manufacturer's site, or from a trusted third-party site such as www.download.com. It's easy to infect software with malware and offer it for free download from a site with a similar URL to the original company. For the same reason, beware of strangers offering to give you free copies of demo software.

14. Use MAC filtering

If your wireless router supports it, use MAC filtering. This is a method of rejecting all traffic other than just that which is definitely coming from your own network cards. The IP addresses assigned when each machine boots up over DHCP are handed out on demand, but the MAC address of each network card is fixed.

A determined hacker can spoof the MAC address of a network card to try to gain access to your network, but when used in combination with WMA encryption this will be enough to put off all but the most determined of hackers.

15. Go to sites directly

Internet auction fraud is on the rise. One technique that's becoming increasingly popular is for a fraudster to ask you questions about the goods on offer and then claim to be ready to send a payment. He then crafts a fake email that's designed to look as if it came from your auction site explaining that the transaction has been cancelled due to a problem with your account.

If you click the log-in link in the email, however, you're sent to a murky phishing site to have your username and password taken. People with 100 per cent reputations and thousands of sales are being completely locked out of their accounts in this way while the malicious fraudster sells nonexistent goods and keeps the unsuspecting victims' money.

This is a very good reason to always go to the auction site directly to log in, and never to click a supposed log-in link in an email for the sake of convenience. It's also another good reason for following the advice offered in tip 12 about turning off HTML and reading your email in plain text. Any fake URLs that would normally hide behind graphical buttons are easily spotted using this method.

16. Set a BIOS password

If you own a laptop, don't overlook setting up a BIOS password. The process varies from machine to machine, but the most common way to access low-level configuration settings is by pressing either [F2] or [Delete]. From there, navigate to the security section and select to set a password; the exact wording for the option to do this will vary from BIOS to BIOS. Don't forget to choose a secure password, either.

17. Do an online scan

Every now and then, scan your computer using an online antivirus scanner. The app installed on your PC may be the best, but a second opinion is always a good idea. One such online scanner is provided by F-Secure.

Make sure you access it using Internet Explorer rather than Firefox or other non-Microsoft browsers.

18. Process Explorer

Install Process Explorer and use it instead of the default Windows Task Manager. Written by Mark Russinovich, Process Explorer is available free of charge from Microsoft. It provides far more information about a running Windows system than Task Manager was ever designed to give you, so it makes the perfect replacement.

To use Process Explorer, install it, run it and select 'Replace Task Manager' from the Options menu. Whenever you subsequently press [CTRL]+[ALT]+ [Delete], Process Explorer will pop up instead of Task Manager. If you spot a process you don't recognise, double-click on it to bring up its details. The subsequent window has several tabs. Click on Image and press the 'Verify' button. This verifies the suspect program's signature – with the developer's website if necessary.

Another useful tab is TCP/IP. This shows any connections the program has established to external servers. If you find a program that won't verify and has external connections, you may have an infestation.

19. Reduce Wi-Fi range

If your Wi-Fi router and network cards support it, turn down the transmission power to reduce the range of the network signal. It's difficult to contain your Wi-Fi signals to within just your home or office, but you can certainly go some way to reducing the range over which people can detect it.

20. Install an IDS

Finally, don't throw out that old server. Install Linux on it and install an intrusion detection system (IDS). A while ago we showed you how to use the Tripwire IDS under Linux. Such a system can help give you an early warning that your network is being probed prior to a full-scale attack.