It is only natural: when you get a brand-new PC, especially one with broadband capabilities built in, you want to connect to the Internet and see it in action. For many, the browser and the World Wide Web are the "killer-apps" of the modern PC -- the Internet is what you have a PC for, everything else is just extra fluff.However, connecting to the Internet with a new unprotected and unpatched PC is practically inviting the nefarious and malicious to infect your PC. According to research published by Sophos in July 2005, there is about a 50% chance that an unpatched PC will be infected with malicious software within 12 minutes of connecting to the Internet. Once infected, it is almost impossible to get a PC clean again without completely reinstalling the operating system. (I wonder if there is still a 12-minute window.)
To prevent the frustration that comes with reinstalling Windows, you should take the necessary steps to update, configure, and patch your new PC. Keep in mind that no matter how new your PC is, it will most likely need patching and it will definitely need to be properly configured. Here are 10 basic things you should do before attaching the Internet to a new PC.
1. Make a starter CD-ROMBefore you disconnect your old computer, take a few minutes to burn a starter CD-ROM that contains the latest version of your favorite antivirus software. I prefer to keep this simple and inexpensive by using AVG from Grisoft, but if you like Norton or McAfee those will work just as well. (I prefer to use Microsoft Security Essentials now -- AVG's nagging became distracting.)
To save time later, you should put other security applications on this disk like Spybot Search & Destroy, AdAware, etc. It would also be a good idea to include any updated drivers you might need -- drivers for your video card for example. Just like Windows, your video card drivers are likely to be a little old also. You should also put drivers on this disk for peripherals that you will be connecting to your new PC, like cameras, scanners, printers, and game interface devices. Having all these device drivers residing on a single CD-ROM means you will not have to go to the Internet to retrieve them as you set up your new PC.
2. Remove the promotional apps
After going through the initial setup process where Windows identifies devices, you may be asked to register and/or activate your copy of the Windows operating system -- hold off on that for now, you can always do that later. The first thing to do is to clean up the mess that shipped with your PC. You should remove all the promotional and trial software that you do not intend to use from your new PC. This is usually the first thing I do, because invariably one of those apps will ask if I want to activate it or register it -- a process that usually involves accessing the Internet. (Sometimes they don't ask--they just assume I want them on my pristine PC). At this point you should have no connection to the Internet at all, wireless or not.The applications to be deleted are usually ISPs advertisements like AOL and Earthlink, an antivirus app from a competitor of your current application (something you should already have ready on your CD-ROM), trial versions of Money or Quickbooks, etc. If you are not going to use these, go to the Add/Remove Programs applet in the Control Panel and remove them completely. (I had a Toshiba notebook that had an unseemly amount of unnecessary Toshiba toolbars and an application from Best Buy that started every time the notebook booted. It all had to go.)
3. Install antivirus softwareInstall the antivirus software that you burned onto a CD-ROM in step 1. The assumption is that any PC purchased after this document is published will have Windows XP SP2 installed, but if SP2 is not installed, you could have that update ready on your disk too. In fact, if you know how, you could have some of the more important Windows patches and updates on your disk also. This would be a good time to install anti-spyware software too. (Windows 7 will most likely be the installed OS today.)
4. Turn on a software firewallWindows XP SP2 comes with a modest but still useful software firewall. Before you start surfing the Internet you should turn it on, or you can install an alternative third-party software firewall like Zone Alarm. Any alternative firewalls should have been included on the startup CD-ROM you made in Step 1. (Windows 7 has a much better installed firewall than XP. The Windows 7 firewall should be on by default, but it never hurts to check.)
5. Install printers and other peripherals
Before you connect to the Internet it is a good idea to install your other peripherals to your new PC. Performing this step means that when you do connect to the Windows update page, it will see your devices and make suggestions for new Microsoft-tested (WHQL) drivers if they are available.
6. Establish a password for the administrator account
One of the most glaring security vulnerabilities in any new Windows-based PC is that it ships with a wide open administrator access to the root directory. You never want anyone but you to have unfettered access to the admin settings on your PC. And while a password could easily be bypassed by a skilled cracker, it will deter the less determined intruder.
7. Create a new user account with a passwordThis is almost as equally important as password protecting your administrator account. For general day-to-day activities, you do not want to be using your admin account. Instead, you should be using a user account that is also password protected (a password that is different from the one you are using for the admin account, please). This adds another layer of protection for your new PC because a user account does not have the same all-access permissions as an admin account. In some cases, malicious software will be thwarted by this level of permissions restriction alone. (Steps 6 and 7 could be combined for Windows 7. For notebooks especially, you should always have to log in with a password. Sure it can be slightly inconvenient, but it is absolutely necessary.)
8. Turn off unnecessary Windows servicesMicrosoft has been doing a better job of this with the release of SP2, but there are still numerous unnecessary Windows services and processes running by default on most PCs. If you'd like to see how many there are just perform the three finger salute (CTRL-ALT-Delete), click Task Manager, and then select the Processes tab. All those applications, services, processes, etc. are operating in the background on your PC. The problem is that many can actually open access to your PC to the outside world without your knowledge or active consent. That access is usually justified for what the process is supposed to be doing, it is just that many times your PC doesn't need that process at all. Web servers, network messengers, debuggers are all processes you probably don't need on your personal PC. (Check out this TechRepublic download for an in-depth examination of these services and for some suggestions for which can be deactivated.) (This is a power user tip and was very important in XP, but with Windows 7 there are less unnecessary services to worry about. You could skip this step and not be too concerned.)
9. Establish a system restore point
Now that you have performed the first eight steps you should take a moment to establish a system restore point. To manually create a Restore Point, you launch the System Restore utility by clicking Start | All Programs | Accessories | System Tools |System Restore and then follow the steps in the wizard. This step will establish a fall-back point if something happens to go haywire later.
10. Install and configure a routerThis last step may seem like an unnecessary added expense to some, but in this age of viruses, worms, and other nasty Internet infections, a router standing between you and the outside world coming at you at broadband speeds offers another significant layer of protection. Connecting a PC directly to the Internet means that the PC gets its own IP address, which means it can be seen by every sleazebag with malicious intent. By adding a router to your broadband setup, the router gets the visible IP address and gives your new PC an internal address. In addition, routers have hardware firewalls and other features that help block the bad guys before they get to your new PC. (This step is really a given now. I don't think anyone would connect directly to the Internet today. In 2005 it was more common than you might remember, and routers were a bit of a mystery to consumers.)
Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.