Collaboration

10 things you still should do to a new PC before you log in to Facebook

When you get a new PC, one of the first things you want to do is connect it to the Internet. But that is a very bad idea. We list 10 things you need to do to prepare your new PC for the Internet.
When I wrote this article for TechRepublic in September 2005, we were living in the era of Windows XP. Much has changed since then, but the general idea that users should take steps to protect a new PC BEFORE connecting it to the Internet is still sound advice. Feel free to add and subtract from the 10 items on this list to make it more applicable to current technology.

It is only natural: when you get a brand-new PC, especially one with broadband capabilities built in, you want to connect to the Internet and see it in action. For many, the browser and the World Wide Web are the "killer-apps" of the modern PC -- the Internet is what you have a PC for, everything else is just extra fluff.

However, connecting to the Internet with a new unprotected and unpatched PC is practically inviting the nefarious and malicious to infect your PC. According to research published by Sophos in July 2005, there is about a 50% chance that an unpatched PC will be infected with malicious software within 12 minutes of connecting to the Internet. Once infected, it is almost impossible to get a PC clean again without completely reinstalling the operating system. (I wonder if there is still a 12-minute window.)

To prevent the frustration that comes with reinstalling Windows, you should take the necessary steps to update, configure, and patch your new PC. Keep in mind that no matter how new your PC is, it will most likely need patching and it will definitely need to be properly configured. Here are 10 basic things you should do before attaching the Internet to a new PC.

1. Make a starter CD-ROM

Before you disconnect your old computer, take a few minutes to burn a starter CD-ROM that contains the latest version of your favorite antivirus software. I prefer to keep this simple and inexpensive by using AVG from Grisoft, but if you like Norton or McAfee those will work just as well. (I prefer to use Microsoft Security Essentials now -- AVG's nagging became distracting.)

To save time later, you should put other security applications on this disk like Spybot Search & Destroy, AdAware, etc. It would also be a good idea to include any updated drivers you might need -- drivers for your video card for example. Just like Windows, your video card drivers are likely to be a little old also. You should also put drivers on this disk for peripherals that you will be connecting to your new PC, like cameras, scanners, printers, and game interface devices. Having all these device drivers residing on a single CD-ROM means you will not have to go to the Internet to retrieve them as you set up your new PC.

2. Remove the promotional apps

After going through the initial setup process where Windows identifies devices, you may be asked to register and/or activate your copy of the Windows operating system -- hold off on that for now, you can always do that later. The first thing to do is to clean up the mess that shipped with your PC. You should remove all the promotional and trial software that you do not intend to use from your new PC. This is usually the first thing I do, because invariably one of those apps will ask if I want to activate it or register it -- a process that usually involves accessing the Internet. (Sometimes they don't ask--they just assume I want them on my pristine PC). At this point you should have no connection to the Internet at all, wireless or not.

The applications to be deleted are usually ISPs advertisements like AOL and Earthlink, an antivirus app from a competitor of your current application (something you should already have ready on your CD-ROM), trial versions of Money or Quickbooks, etc. If you are not going to use these, go to the Add/Remove Programs applet in the Control Panel and remove them completely. (I had a Toshiba notebook that had an unseemly amount of unnecessary Toshiba toolbars and an application from Best Buy that started every time the notebook booted. It all had to go.)

3. Install antivirus software

Install the antivirus software that you burned onto a CD-ROM in step 1. The assumption is that any PC purchased after this document is published will have Windows XP SP2 installed, but if SP2 is not installed, you could have that update ready on your disk too. In fact, if you know how, you could have some of the more important Windows patches and updates on your disk also. This would be a good time to install anti-spyware software too. (Windows 7 will most likely be the installed OS today.)

4. Turn on a software firewall

Windows XP SP2 comes with a modest but still useful software firewall. Before you start surfing the Internet you should turn it on, or you can install an alternative third-party software firewall like Zone Alarm. Any alternative firewalls should have been included on the startup CD-ROM you made in Step 1. (Windows 7 has a much better installed firewall than XP. The Windows 7 firewall should be on by default, but it never hurts to check.)

5. Install printers and other peripherals

Before you connect to the Internet it is a good idea to install your other peripherals to your new PC. Performing this step means that when you do connect to the Windows update page, it will see your devices and make suggestions for new Microsoft-tested (WHQL) drivers if they are available.

6. Establish a password for the administrator account

One of the most glaring security vulnerabilities in any new Windows-based PC is that it ships with a wide open administrator access to the root directory. You never want anyone but you to have unfettered access to the admin settings on your PC. And while a password could easily be bypassed by a skilled cracker, it will deter the less determined intruder.

7. Create a new user account with a password

This is almost as equally important as password protecting your administrator account. For general day-to-day activities, you do not want to be using your admin account. Instead, you should be using a user account that is also password protected (a password that is different from the one you are using for the admin account, please). This adds another layer of protection for your new PC because a user account does not have the same all-access permissions as an admin account. In some cases, malicious software will be thwarted by this level of permissions restriction alone. (Steps 6 and 7 could be combined for Windows 7. For notebooks especially, you should always have to log in with a password. Sure it can be slightly inconvenient, but it is absolutely necessary.)

8. Turn off unnecessary Windows services

Microsoft has been doing a better job of this with the release of SP2, but there are still numerous unnecessary Windows services and processes running by default on most PCs. If you'd like to see how many there are just perform the three finger salute (CTRL-ALT-Delete), click Task Manager, and then select the Processes tab. All those applications, services, processes, etc. are operating in the background on your PC. The problem is that many can actually open access to your PC to the outside world without your knowledge or active consent. That access is usually justified for what the process is supposed to be doing, it is just that many times your PC doesn't need that process at all. Web servers, network messengers, debuggers are all processes you probably don't need on your personal PC. (Check out this TechRepublic download for an in-depth examination of these services and for some suggestions for which can be deactivated.) (This is a power user tip and was very important in XP, but with Windows 7 there are less unnecessary services to worry about. You could skip this step and not be too concerned.)

9. Establish a system restore point

Now that you have performed the first eight steps you should take a moment to establish a system restore point. To manually create a Restore Point, you launch the System Restore utility by clicking Start | All Programs | Accessories | System Tools |System Restore and then follow the steps in the wizard. This step will establish a fall-back point if something happens to go haywire later.

10. Install and configure a router

This last step may seem like an unnecessary added expense to some, but in this age of viruses, worms, and other nasty Internet infections, a router standing between you and the outside world coming at you at broadband speeds offers another significant layer of protection. Connecting a PC directly to the Internet means that the PC gets its own IP address, which means it can be seen by every sleazebag with malicious intent. By adding a router to your broadband setup, the router gets the visible IP address and gives your new PC an internal address. In addition, routers have hardware firewalls and other features that help block the bad guys before they get to your new PC. (This step is really a given now. I don't think anyone would connect directly to the Internet today. In 2005 it was more common than you might remember, and routers were a bit of a mystery to consumers.)

Also read:

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

37 comments
dan
dan

BACK UP your system - and like pocjoc above says back up regularily - a side note - keep your initial backup seperate from your PC - that way if you have to restore your system and the most recent does not work-which it often does not because it has become infected you can still go back to your original backup - this may be 6 months to a year old - but still a good start.

pocjoc
pocjoc

I only do one thing, backup of my data regularity, and when the windows go slown (it always happens, in more or less time...) I reinstall the system and restore the data.

KavishMultiShoppe
KavishMultiShoppe

This is what I call BDOS! Spend four hours doing this every time something happens? Show me the intelligence!

mayres
mayres

Totally agree Mark i always remove any trial packages Including MS Office and that Bloddy McAfee Trial And the Norton one Before releasing Comp to Client Lol Regards to Yourself Nice little Blog

charleswdavis6670
charleswdavis6670

For Window 7, any Windows Update, and many other program installations, i.e. OpenOffice.org automatically create restore points. Mark should spend some time before releasing old articles. Yes, he did insert a few notes on what had changed. But, it seems that he was just taking a day off while still putting out something for folks to chew on.

Cat333Pokemon
Cat333Pokemon

Wouldn't #5 work best after you already connected to the Internet? Most of the time, devices will instantly use Windows Update to get the latest signed drivers for your computer. After installing everything, you can just create a second restore point.

subhomoy.chakraborty
subhomoy.chakraborty

In the age of identity theft, This editorial has come out in the nick of time. For all readers and all users who are beyond the reach of this editorial, this shold be propagated. Without a doubt, this is absoloutely essential. PC protection is also importnat but on priority will be to protect the data and identity of the individual from any tresspassing. Remember at the end, prevention is better than cure. Completely agree to comments posted by Mark Kaelin.

info
info

when I open the task manager I see MANY processes running, most of which I have not a clue what they do. When I go to turn some off I get a scary message about stopping the process can cause system instability. Where can I find the list you refer to: "(Check out this TechRepublic download for an in-depth examination of these services and for some suggestions for which can be deactivated.)"? Thanks for your help and great article!

joe
joe

Install Ubuntu.

BirdLover
BirdLover

If you are protecting an internal network from scams and unwanted content you should check out http://www.opendns.com/ . Simple, configurable, very effective, and free!

Spitfire_Sysop
Spitfire_Sysop

This program is a relatively new form of security software that implements behaviour analysis allowing you to detect malicious code without a signature for the virus. I recommend installing it before you go on-line because it will do a start-up scan that checks your sysstem for an active firewall and anti-virus. It actually certifies your current configuration and tells you that you are doing due diligence. It also has an on-demand component that scans only for rootkits. This is all free. They are a very forward thinking company and I hope to see them continuing to innovate in the future. http://www.threatfire.com/download/ Warning: The initial scan sets a baseline that it will work agenst. For this reason they say that it's effectiveness is diminished when installed in to a system that is already infected. Although it does look for rootkits, some are very hard to find while they are running.

etafner
etafner

My goodness, what's wrong with TechRepublic? Reissuing old articles over and over. The only, very only thing you have to do is apply ALL software updates for your operating system and put a modest firewall up. Everything else is useless if your base operating system is not updated. You don't even have to have an antiv??rus software installed if your software is updated. Disable unecessary Windows services is nonsense as well, you might end up disabling five services of a list of near one hundred, saving less than a tens of MBs of RAM, you won't reduce the attack scope of your machine if just one is bugged or with known holes. My opinion is a bit harsh, but this is the essential approach for any platform.

Neon Samurai
Neon Samurai

These are good steps and most have changed only slightly to keep up to date with Win7 first steps. I'm just not sure why this 10 things list referse to "before connecting to facebook" versus simply been a general list of steps before connecting to any network.

Mark W. Kaelin
Mark W. Kaelin

Recently, Jason Hiner gave me a notebook to review, but I couldn't because it was so full of pre-installed garbage software that it was worthless. I did a clean install of Windows 7 and it is now a decent notebook, but nothing special. Did the last PC you bought have to be "cleansed" of crappy pre-installed software? What other advice would you give to users firing up a new PC? What additional steps would you take to prepare a PC for accessing the Internet?

Neon Samurai
Neon Samurai

www.blackviper.com - he does a list of Windows services for each version; what they do, can they be shot off. next you'll want to do some exploring: - right click on "My Computer" - select "Manger" from the mouse menu - explore Computer Management (Local) -> Services and Applications -> Services Here you can set services to automatically on (at bootup), manually on (if needed by another service), disabled (Telnet should be disabled by default already). Task Manager gives you a view of what is running but does not actually control how the services are started. If you end a services it will only remain off until you reboot next. If your tuning your primary computer.. go slow. If you don't fully understand what a service does, consider leaving it at it's system default setting. In winXP for me; disable themes, disable indexing, disable .. there are some others but it's hometime for me now

flotsam70
flotsam70

LOL. Didn't see that one coming. But sure, go ahead and install Ubuntu, right next to Windows (or as a VM in VirtualBox, VMware Server or Virtual PC). The longer I work with computers, the more OS-agnostic I become. Most (if not all) OSes have a role and I don't think getting all religious about any one OS does much good to anyone.

CharlieSpencer
CharlieSpencer

I've been using this product for at least three years. However, that's the only quibble I have with your comment, and I endorse your recommendation. Because Threatfire isn't a conventional anti-virus application, it can be installed without conflicting with them. In my experience it plays well with MSE, McAfee, and Avast. Note that the free version is 'nagware', and about once a month it will suggest upgrading to the pay version. The popup takes a single click to close. I find that a worthwhile exchange for the service provided.

sh10453
sh10453

You don't even have to have an antiv??rus software installed if your software is updated? ... I absolutely disagree with this statement. Just think about the countless EXE or RAR or ZIP files most typical users download & install without the slightest idea how harmful such files are, or such web-sites are, to say the least. Let's be responsible when we suggest an advice, especially when it is security related.

Neon Samurai
Neon Samurai

It's primarily about security. Each extra running service is a potential point of entry in an attack. It also has to do with proper setup of a computer; installing only what software is required for the intended use not installing all possible software available encase the user finds a use for something two years from now. Since you can't install only what is wanted with Windows, you have to install all of Windows and disable what is not wanted. Deny all, permit only required VS allow all, deny what proves to be bad after the fact. For me, I have two scripts servicesoff.cmd, serviceson.cmd. Both disable services that I don't want runnign all the time. Respectively, they enable or disable services I need running for temporary situations. I don't need Windows Update service running 24/7/365; I only need it running when I do updates so... serviceson.cmd, visit Windows Update, servicesoff.cmd. Granted, this is with winXP. I've not yet updated my required service list for Win7. Blackviper has his lists up on the site though so I'll be doing a Win7 Tuning day soon.

jfuller05
jfuller05

That's all the regular computer user does on the internet. My wife, I consider a basic computer user, 90% of the time only uses the internet for facebook. The other 10% is checking email and watching videos on youtube. I'm sure most users are like her because my clients usually ask me to fix their computers so they can use facebook (back in the day the request was, "fix my computer so I can check my email).

Spitfire_Sysop
Spitfire_Sysop

I can honestly say that I have never purchased a complete computer from anyone for any reason. I started with hand me down systems that were all some assembly required (The 386 and 486 had the hard drives removed before they were discarded) so I have always started with the OS install. Ever since I could afford the parts I have been buying them one by one.

info
info

Thank you for your help. I think I will back everything up and restore the desktop to the original xp settings. I think that will wipe out most of the garbage I have accumulated over the many years. I still love xp and I am too old to learn and migrate to newer windows garbage!

Neon Samurai
Neon Samurai

I'll have Debian, Backtrack and Windows all booted. The second two (client) mount the working folder on the first (host) so the mash of three OS are actually working in the same directory of files. Debian for general software and tools that installed fine. Backtrack for it's tools (BT specific, modified kernel mod requiring, hard to install on Debian, whatever..). Windows for Cain/Abel and other Windows only tools. (this setup gets more complex when I start adding in pentarget VMs mixing between bridged, compartimentalized network spaces. Virtualbox.. what fun.) I'd say in general, the more OS a tech can be familiar with the better. Each has advantages.

etafner
etafner

Sure, Neon Samurai, the focus is security. My take is that you can run as much services as you want, as long as they are all updated. All OS updates are either bug corrections or security fixes (... at least the 'critical' updates) so the main thing is keeping it all updated. I guess this is a mindset we all (technically skilled people) have: we forget that we have software to work for us, specially the software we paid money for. If you have to manage the software so deeply, tinkering here and there all the time, I guess we wouldn't pay for it. It's like washing your car or having it washed for you, you usually pay for someone to wash it. We should position ourselves more and more as end users (but as a good thing). It's like this: you bought software and you want to use it and make it do things for you, not otherwise. What do you think? :-)

Neon Samurai
Neon Samurai

my brain no worky very fast that day either.

Mark W. Kaelin
Mark W. Kaelin

But at some point it stopped being fun and started being more of a hassle, Just like automobile engines - computers got more complicated and I lost interest in putting them together. Makes me kind of sad now that I think about it.

Neon Samurai
Neon Samurai

"what do you think".. so I must respond. I think efficient build goes towards both security/stability and resources. Security should be obvious; more stuff running makes for a larger attack surface. Instead of standing sideways with fists up, your standing full frontal with arms behind your back. Install and run only what you actually need to achieve a smaller attack surface or otherwise stand sideways towards the attacker. Stability relates to security very directly. At worst; an executable vulnerability initially represented by the crash bug. At best; a denial of service vulnerability resulting from the crashing bug. Both are security concerns. It's not just about being fully patched and up to date with what the developer has chosen as important enough to fix. Available patches do not address undiscovered, unreported or ignored vulnerabilities. Consider Javascript and Flash which both provide methods for exploiting the user *by design*; flash cookies and browser attacks. Both of these run only "as needed" and are only installed because they are required at times (thanks noscript). How about PDF executable code exploits; that's a *feature* designed into the PDF spec; you can't patch it, it's working the way it's inteded to. In terms of bloat; I think installing and/or running everything available because "what the heck, it was on the install disk and I keep patches up to date" is about the same as installing a huge flat billboard stand on the back of my truck just encase, next year, I end up contracting out as one of those driving signs. Or, mounting wielding gear and a mini crane to the back of my VW Bug just encase I find a need to do industrial wielding at the park on the weekend. The office admin does not have AutoCAD installed "just encase". I've done it both ways. I've installed everything because it was on the install media and I wanted to play with it. I've installed daily additions from download.com when one could still keep up with the daily "new" category; three email clients on the same mail account just to see how the compared. Flash, Java, Realplayer and everything else just encase I ran into that kind of media at some point later. Now, it's all about the clean build for me. Install what actually use with additional apps installed later when needed. Services turned off or uninstalled where possible if I'm not using them. My system build begins with the most minimum possible install followed by adding in only what I expect to use. Minimum Debian, the required parts of Xorg, the required parts of KDE. About the only place now that I "install all" is with hardware firmware since the total size is something like 23 Meg or less (Debian) and firmware remains dormant unless being injected into the relevant hardware component during bootup. My basis comes from experiences resulting in some wonderous cludged steaming piles and strong security principals: identify and reinforce the weakest link - unrequired additional software provides a "weakest link" for potential issues least privilege - each running service is a potential user account running with privaledge; don't run it if you don't need it compartmentalization - lots of unrequired running code means lots of potential for one item issue taking down another due to the inter-mingling spagetti keep it simple - unrequired running code adds unrequired complexity privacy - do you know what all that unrequired code does? (some of the 10 software security principals for those interested)

CharlieSpencer
CharlieSpencer

Why run the Windows Tablet service on my W7 system when I have a desktop? In my case, it's a waste of processor cycles. There are other examples, but that's the first one that leaps to mind.

etafner
etafner

Spitfire, that article is from 2008. In IT years it's like decades in evolution ;-) Of course, what you mention is what I know as "days of risk", but I'm sure you will agree that applying the patches/updates is the essential step. What the article you linked shows is exactly what I mean. If you are browsing the web, just so little can any security software do. And what I meant was an antivirus solution, not a complete security suite that inspects your browsing. Of course it helps having one and nowadays we have a few free options even from Microsoft, but you still can run without one a browse the web on most known sites with no harm. And you can ask any security software vendor, they will say to keep your OS updated alongside their software.

Spitfire_Sysop
Spitfire_Sysop

Security patches by nature are always one step behind. Your assertion that no security software is required to protect a fully patched copy of Windows is not only absurd but malicious when this disinformation is spread. Haven't you read the articles about known exploits existing in the wild for months without a patch? I think the record was a security hole that existed in Win2000 was finally patched in Win7. You would think that the bugs wouldn't carry over that far but you'd be wrong. Take a look: http://www.switched.com/2008/11/17/microsoft-finally-fixes-8-year-old-security-flaw/

AnsuGisalas
AnsuGisalas

The W7 gadgets seem a bit on the pale side...

Mark W. Kaelin
Mark W. Kaelin

There are some old Vista tools that work with Windows 7, but not a all-in-one download like PowerTools.

Neon Samurai
Neon Samurai

I'm not close to ready to give up self assembly but in terms of complexity, I think it has increased. For me it comes down to routing wires and managing cooling. - are wires out of the way of air flow channels - are wires run cleanly around the case in general - what wires require difficult bends to reach a port - can I get at wires later when adding/removing components - is air moving along air flow channels effectively - are cooling fans working together or creating conflicting air flows With my last assembly (moved my gear into an Antec Lanboy Air): - power cables to the GPU board had to take an interesting route with an uggly 180 bend just before GPU connection - fourth SATA power header left in an aquard location so that cable is only powering hard drives on header 1, 2, 3 - that same power cable hits the drives upside down so I use a large amount of cable to hang over the HDD block doing a 180 at the bottom to connect the drives up. The alterantive would have been mounting HDD upside down for a clean wire run that hits drives teh right way (I didn't want to leave my green boards upward to collect dust though). I'm now replacing the drives in that machine so I have some odd temporary wiring to support the extra hard drive as I migrate data from one to the other. - One of the front panel USB wires comes with a standard big square USB end instead of standard internal header ends. I'm left with an ugly wire diagonally across the case and out a hole on the back so it can 180 back into an external rear usb port.. booo! If I had a slot available, I'd consider buying an internal usb port board just to clean up the wiring a bit. Oh. the Lanboy lacks a 3.5 slot so if your doing a floppy drive or 3.5 sized multi-card reader or similar.. you'll need to track down a 3.5 to 5.25 drive bay adapter. Overall though, the Lanboy is a fantastic chassis. I won't likely find a replacement I can't live without for a while. I could be worse. the wiring gymnatics required to get the floppy cable from motherboard into the recessed floppy slot in the Antec P180 is a scary pig of a thing. Nearly everything about that case is fantastic but this was one of the short comings. The greatest source of grief from that build was actually the motherboard/gpu/sound combination. The Striker 2 is a gaming motherboard that ships with onboard sound not supported by most games I tested it against; a gaming motherboard without gaming quality sound (other than that.. great MB). Here's the issue though, two mini-pci slots, two long pci slots, three PCI-E slots for GPU. The soundcard could only fit in the top mini-pci slot which, along with case width, blocked the GPU. The GPU could instead fit in the second PCI-E slot but that blocks the hauppauge from fitting in the primary standard PCI slot. hauppauge has to go in pci slot at the bottom of the board. It additionally needs a second slot in the back for an insert with the additional ports on it. The top HDD block that is easy to access has to be left empty because the GPU extends into that space so HDD have to go in the lower drive block; power wires get an uggly rout up into the case, over a devider and down into the lower HDD block. The cooling fan between lower HDD block and PSU pretty much has to be removed when working with the PSU because there is not enough space to unplug wires from the PSU while inplace. The lower HDD block doesn't leave much room for wires either; just barely enough to tie them out of the way of the fan blades. In general, know the case, know the components you'll need to fit inside it, get used to bending wires and plan for it to be a bit of a puzzle figuring out just how everything fits together cleanly with airflow space. If only for the increase in cooling needs, it used to be much easier. buy parts, toss in chassis, plug in and boot. you might have one active cooling heatsinc on the cpu and maybe a few passive fins on other hot chips but otherwise; make sure the wires didn't get caught in a spinning fan and that you could reach around them when you had to open the case. Routing wire was a nerd art rather than an obligatory skill. I will say one thing though.. no more IDE ribbons to fold and squish in creative ways.. sata wire is so much more pleasent to deal with.

flotsam70
flotsam70

You certainly have many more options nowadays, but with things like modular power supplies, easier-to-use connectors (SATA vs IDE), screwless cases, better case design, etc., I would say it's actually easier to roll-your-own today.