TechSpot

How Do I Make My Desktop Totally Secure

By robertq
Feb 16, 2009
Topic Status:
Not open for further replies.
  1. Hi,

    I have a Desktop system with Win XP ( PRO ).

    I have a Broadband Connectionfrom my telephone company that uses a modem to connect.

    I have installed following software for security but no other Hardware for Security. I want to know, how secure my system is & what else do I need to make it more secure.

    Nod 32 antivirus
    Zone Alarm PRO Firewall with spyware
    Super Antispyware

    I am not sure how good Zone Alarm & Super Antispyware are so any suggestions would be appreciated.

    Please help. I am not a techy.

    I heard that using an extra hardware ( I think a Router ? ) helps but I do not know what kind of Router & which Brand & what Specs I need. Also where do I connect that Router to ? Any graphical illustration would help a lot.

    Not all brands are available where I am located.

    Thank You.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Security is not just based on an Antivirus or firewall or Spyware application

    It is based on:

    User activity - Where you surf; and what you use\download and general activity online
    Operating System - Without a doubt Linux wins hands down, and it's free, and it can run from a bootable CD
    Security Updates - You could have the best protecting programs money can buy, but if you're using XP Pro SP1 then there's little use.
    Network - Having a computer part of a Network or Domain, or even using sharing programs can cause low security

    At last, Hardware (as you mentioned) Certainly, ideally a hardware firewall would help
    But this won't help much if you are using unprotected wireless configuration

    There are other areas too banking; gaming; IP filtering; filesharing; memberships; email the list goes on and on and on


    Ironically, you are most secure not on the web at all, but this defeats the purpose
    Which really brings up the most valuable information of all:

    What will you be generally doing with your "Desktop" ? (gaming? filesharing; etc etc)

    If you just want a list of programs, I like:
    Avira (free)
    Comodo Firewall
    Malwarebytes (regular updated scans performed)

    I also use
    Hosts file from mvps
    Firefox
    No Java
    All Windows updates completed
    Optimized Services
    Optimized network settings
    No sharing

    And I keep my eye on the Modem for excessive strange, activity
    I run Ghost images, to take my computer back to when I confirmed it was secure often
    I always backup externally
    I always browse the Web safely
    I have been known to use Anonymous IP websurfing
    And I never give out any personal details online (including no banking online either)



    I feel this question is just way too general to answer properly
     
  3. jobeard

    jobeard TS Ambassador Posts: 13,426   +317

    layered security

    Security is provided in a LAYERED approach, each layer presenting a bump in the road for attackers to get over.
    That said, Kimsland is correct with the comment that the USER presents the weak link
    regardless of how many layers are in place.
    Why? Because every time you click on a link to visit a page or open an email attachment,
    you have no idea what is actually received by your computer.

    First recommendation for cable and dsl users is to always place a router between your modem and the system.
    This creates a NAT (Network Address Translation) LAYER to stop alll direct attacks from the Internet.
    Basically, your system can not be probed and unless you add port forwarding, none
    of the services on your system can be attacked. The addition of the router also
    enables SPI (Stateful Packet Inspection; when available on your router) to drop all
    out of protocol sequence packets (to protect your services from buffer overruns and other errors).

    A good host firewall is the second layer. The XP/Pro (SP2 or higher) has a default firewall which is (barely)
    better than nothing. It only controls inbound traffic which would allow a trojan
    keylogger to phone home with your bank user/password :( Vista has a better default firewall.
    Get a 3rd party firewall and it will control both in/outbound traffic :)
    Comodo and Sunbelt are recommended.

    The third layer is access control (ie black and whitelist systems) to ensure you don't
    access known infected sites. ActiveX is controlled using Spywareblaster, and
    bad websites using a host file

    The fourth layer is your A/V product. Make sure you configure it to scan incoming email!

    The fifth layer is running day-2-day using an LUA account rather than an admin account.
    If this userid gets compromised, it will not be a system wide contamination and the system will still be bootable regardless :)

    LASTLY: Stay off the online poker, p2p file sharing and porno sites; they are easily compromised and if you're
    carelessly running on an Admin account, you will be infected sooner or later !
     
  4. jobeard

    jobeard TS Ambassador Posts: 13,426   +317

    see http://www.garethjmsaunders.co.uk/pc/images/network/router/02_lan_router.gif

    Brand names are not important, but stay with 802.11g and avoid 802.11n (non-standard and vendor specific :( )

    A wireless router can also be used in a wired configuration and doing so will give
    better performance than ANY WiFi todate.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.