There are general security tips that apply to all operating systems, of course, but each operating system platform provides its own security challenges. The following tips are tailored to Microsoft Windows XP.
- Disable dangerous features. Microsoft Windows systems come with a number of features enabled by default that do little or nothing for convenience, but introduce significant security risks. Among these are Autorun, the Guest account, and even Automatic Updates -- because letting someone in Redmond, WA decide when changes should be made to your system, when he has no idea what software you're running and you haven't tested the updates yet, is a bad idea. Microsoft Windows provides many features that are activated by default and either poorly conceived from a security perspective or, at best, unnecessary for the vast majority of users. Each of these features introduces its own risks, and any that you do not need should be deactivated.
- Disable unneeded services. In addition to local operating system features, you should disable unneeded services. Almost exactly one year ago, my article 10 services to turn off in MS Windows XP provided a brief checklist of services to turn off -- or to ensure you know why you're leaving them on, at least. The list is not comprehensive, of course, but it is a good start.
- Employ good email security practices. Make use of some basic email security tips to ensure you do not invite the bad guys to read your email, flood you with spam, and take advantage of you through phishing techniques.
- Install and maintain malware protection software. Regardless of the reason for it, the fact remains that malware is a significant threat to Microsoft Windows systems, and running one without malware protection is irresponsible. Research your options for antivirus and antispyware protection carefully, and choose well. Don't let your malware protection software's signature databases get out of date because the software only protects against the threats it can recognize, and don't rely on your choice of antivirus software from six years ago because there's no such thing as a trusted brand.
- Update more than just MS Windows. In the world of Microsoft Windows, the majority of the software most people run on their computers often comes from third-party vendors without any connection to Microsoft's own software distribution channels. This means that when you install something like Adobe Photoshop or Mozilla Firefox you have to track security updates for these applications separately from the operating system. Just getting your Microsoft updates every month doesn't always cover it -- sometimes some third party application needs to be updated, too. You need to keep track of what's installed and whether or not it has received any updates if you want to maintain security for your system, because security goes beyond the core operating system.
- Research and test your updates. It's important to keep your system updated so that security vulnerabilities that receive patches from Microsoft and other software vendors will not remain open to exploit. It's also important, however, to ensure that you research and test your software updates before applying them to a production system. All too often, users and sysadmins discover that untested updates are a cure worse than the disease, as they break functionality, open additional vulnerabilities in the system, and even occasionally undo the benefits of previously applied updates. Others may have tested the updates, or have simply applied them and run into problems, so researching others' experiences can help you plan for such issues as they arise; testing them yourself by installing them on a test system before doing so on your production system is a next necessary step to ensure that your system in particular will not develop problems as the result of a bad update.
- Investigate alternatives to your default application choices. Should you be using a Web browser other than Internet Explorer, such as Google Chrome, Mozilla Firefox, or Opera? Is the multiprotocol IM client Pidgin with the OTR encryption plugin a better option for your instant messaging needs -- including security -- than the native clients for AIM, MSN, Y!M, ICQ, and gTalk? The only way to be sure is to determine your own needs and make an informed decision. Don't settle for default applications without knowing the consequences of that choice.
- Use a quality desktop firewall. Desktop firewalls are in many respects applications like any other, but they deserve special mention for MS Windows security. Furthermore, even Windows servers are in effect desktop systems, so don't let the fact that a given computer is a "server" deter you from installing a good "desktop" firewall application on the system if you can spare the CPU cycles and RAM. On an actual end user desktop system, desktop firewall software is even more important. Relying on the defaults you get when you buy the computer is a good way to get your system compromised without even knowing it. The Windows Firewall provided with MS Windows after Service Pack 2 is certainly better than nothing, but one can almost always do better. Look into alternatives to the Windows Firewall, and select the option that best suits your needs.
- Research your options before assuming MS Windows XP is what you need. The same principles that apply to applications may also apply to operating systems. Different OSes can provide different security and functionality benefits. Are you really certain that MS Windows XP is the operating system you need? Have you investigated other alternatives? What about MS Windows 2000 or Vista? Have you checked into the possibility of MacOS X, FreeBSD, or Ubuntu Linux for a workstation? What about OpenBSD, OpenSolaris, or OpenVMS for a server?
- Protect yourself the same way you would with any other operating system. In last year's article, 10 security tips for all general-purpose OSes, I laid out a list of security tips that apply for good security practice in the use of any general purpose operating system -- including MS Windows.
Installing MS Windows XP is only the first step to using it. If you stop there, you're likely to run afoul of the various security threats roaming the wilds of the Internet. Make sure you take care to configure your system to best protect you against the dangers that lurk around every corner.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.