How Do I Make My Desktop Totally Secure

[robertq]

Hi,

I have a Desktop system with Win XP ( PRO ).

I have a Broadband Connectionfrom my telephone company that uses a modem to connect.

I have installed following software for security but no other Hardware for Security. I want to know, how secure my system is & what else do I need to make it more secure.

Nod 32 antivirus
Zone Alarm PRO Firewall with spyware
Super Antispyware

I am not sure how good Zone Alarm & Super Antispyware are so any suggestions would be appreciated.

Please help. I am not a techy.

I heard that using an extra hardware ( I think a Router ? ) helps but I do not know what kind of Router & which Brand & what Specs I need. Also where do I connect that Router to ? Any graphical illustration would help a lot.

Not all brands are available where I am located.

Thank You.

 

[kimsland]

Security is not just based on an Antivirus or firewall or Spyware application

It is based on:

User activity - Where you surf; and what you use\download and general activity online
Operating System - Without a doubt Linux wins hands down, and it's free, and it can run from a bootable CD
Security Updates - You could have the best protecting programs money can buy, but if you're using XP Pro SP1 then there's little use.
Network - Having a computer part of a Network or Domain, or even using sharing programs can cause low security

At last, Hardware (as you mentioned) Certainly, ideally a hardware firewall would help
But this won't help much if you are using unprotected wireless configuration

There are other areas too banking; gaming; IP filtering; filesharing; memberships; email the list goes on and on and on


Ironically, you are most secure not on the web at all, but this defeats the purpose
Which really brings up the most valuable information of all:

What will you be generally doing with your "Desktop" ? (gaming? filesharing; etc etc)

If you just want a list of programs, I like:
Avira (free)
Comodo Firewall
Malwarebytes (regular updated scans performed)

I also use
Hosts file from mvps
Firefox
No Java
All Windows updates completed
Optimized Services
Optimized network settings
No sharing

And I keep my eye on the Modem for excessive strange, activity
I run Ghost images, to take my computer back to when I confirmed it was secure often
I always backup externally
I always browse the Web safely
I have been known to use Anonymous IP websurfing
And I never give out any personal details online (including no banking online either)



I feel this question is just way too general to answer properly

 

[DelJo63]

layered security

Security is provided in a LAYERED approach, each layer presenting a bump in the road for attackers to get over.
That said, Kimsland is correct with the comment that the USER presents the weak link
regardless of how many layers are in place.
Why? Because every time you click on a link to visit a page or open an email attachment,
you have no idea what is actually received by your computer.

First recommendation for cable and dsl users is to always place a router between your modem and the system.
This creates a NAT (Network Address Translation) LAYER to stop alll direct attacks from the Internet.
Basically, your system can not be probed and unless you add port forwarding, none
of the services on your system can be attacked. The addition of the router also
enables SPI (Stateful Packet Inspection; when available on your router) to drop all
out of protocol sequence packets (to protect your services from buffer overruns and other errors).

A good host firewall is the second layer. The XP/Pro (SP2 or higher) has a default firewall which is (barely)
better than nothing. It only controls inbound traffic which would allow a trojan
keylogger to phone home with your bank user/password Vista has a better default firewall.
Get a 3rd party firewall and it will control both in/outbound traffic
Comodo and Sunbelt are recommended.

The third layer is access control (ie black and whitelist systems) to ensure you don't
access known infected sites. ActiveX is controlled using Spywareblaster, and
bad websites using a host file

The fourth layer is your A/V product. Make sure you configure it to scan incoming email!

The fifth layer is running day-2-day using an LUA account rather than an admin account.
If this userid gets compromised, it will not be a system wide contamination and the system will still be bootable regardless

LASTLY: Stay off the online poker, p2p file sharing and porno sites; they are easily compromised and if you're
carelessly running on an Admin account, you will be infected sooner or later !

 

[DelJo63]

I heard that using an extra hardware ( I think a Router ? ) helps but I do not know what kind of Router & which Brand & what Specs I need. Also where do I connect that Router to ? Any graphical illustration would help a lot.

see http://www.garethjmsaunders.co.uk/pc/images/network/router/02_lan_router.gif

Brand names are not important, but stay with 802.11g and avoid 802.11n (non-standard and vendor specific )

A wireless router can also be used in a wired configuration and doing so will give
better performance than ANY WiFi todate.