Windows 7 comes with four security features enabled by default:
- Windows Firewall is turned on.
- Windows Defender protects your computer against spyware in real time and by scanning your PC on a schedule.
- User Account Control is turned on.
- The Administrator account is disabled.
However, even though these are the default settings, they're important enough not to be left to chance. The next four sections show you how to check that these crucial security settings really are enabled on your PC.
Is your Windows Firewall on?
By far, the most important thing you need to do to thwart crackers is to have a software firewall running on your computer. A firewall is a security feature that blocks unauthorized attempts to send data to your computer. The best firewalls completely hide your computer from the Internet, so those dastardly crackers don't even know you're there! Windows Firewall is turned on by default, but you should check this, just to be safe:
- Select Start.
- Type firewall and then click Windows Firewall in the search results. The Windows Firewall window appears. Check the Windows Firewall State value. If it says On, you're fine; otherwise, continue to step 3.
- Click Turns Windows Firewall On or Off. The Customize Settings window appears.
- In the Home or Work (Private) Network Location Settings section, activate the Turn On Windows Firewall option.
- In the Public Network Location Settings section, activate the Turn On Windows Firewall option.
- Click OK.
Is your Windows Defender on?
I've been troubleshooting Windows PCs for many years. It used to be that users accidentally deleting system files or making ill-advised attempts to edit the Registry or some other important configuration file caused most problems.
Recent versions of Windows (particularly XP) could either prevent these kinds of PEBCAK (problem exists between chair and keyboard) issues or recover from them without a lot of trouble. However, I think we're all too well aware of the latest menace to rise in the past few years, and it has taken over as the top cause of desperate troubleshooting calls I receive: Malware, the generic term for malicious software such as viruses and Trojan horses.
The worst malware offender by far these days is spyware, a plague upon the earth that threatens to deprive a significant portion of the online world of its sanity. As often happens with new concepts, the term spyware has become encrusted with multiple meanings as people attach similar ideas to a convenient and popular label. However, spyware is generally defined as any program that surreptitiously monitors a user's computer activities -- particularly the typing of passwords, PINs, and credit card numbers -- or harvests sensitive data on the user's computer, and then sends that information to an individual or a company via the user's Internet connection (the so-called back channel) without the user's consent.
You might think that having a robust firewall between you and the bad guys would make malware a problem of the past. Unfortunately, that's not true. These programs piggyback on other legitimate programs that users actually want to download, such as file sharing programs, download managers, and screensavers. A drive-by download is the download and installation of a program without a user's knowledge or consent. This relates closely to a pop-up download -- the download and installation of a program after the user clicks an option in a pop-up browser window, particularly when the option's intent is vaguely or misleadingly worded.
To make matters even worse, most spyware embeds itself deep into a system, and removing it is a delicate and time-consuming operation beyond the abilities of even experienced users. Some programs actually come with an Uninstall option, but it's nothing but a ruse, of course. The program appears to remove itself from the system, but what it actually does is a covert reinstall -- it reinstalls a fresh version of itself when the computer is idle.
All this means that you need to buttress your firewall with an antispyware program that can watch out for these unwanted programs and prevent them from getting their hooks into your system. In versions of Windows prior to Vista, you needed to install a third-party program. However, Windows Vista came with an antispyware program named Windows Defender, and that tool remains part of Windows 7.
Many security experts recommend installing multiple antispyware programs on the premise that one program may miss one or two examples of spyware, but two or three programs are highly unlikely to miss any. So, in addition to Windows Defender, you might also consider installing antispyware programs such as Lavasoft Ad-Aware and PC Tools Spyware Doctor.
Windows Defender protects your computer from spyware in two ways:
- It can scan your system for evidence of installed spyware programs (and remove or disable those programs, if necessary).
- It can monitor your system in real time to watch for activities that indicate the presence of spyware (such as a drive-by download or data being sent via a back channel).
If the real-time protection feature of Windows Defender is turned off, you usually see the Action Center message shown in figure 14.3. Click that message to launch Windows Defender and turn on real-time protection. Otherwise, select Start, type defender, and then press Enter.
In the Windows Defender Status area, check the following values:
- Scan Schedule. If you see Do Not Auto Scan, it means that Windows Defender isn't set up to scan your system for spyware automatically.
- Real-Time Protection. If you see "Off" here, it means that Windows Defender is actively guarding against spyware activity.
Follow these steps to ensure not only that Windows Defender is set up to automatically scan your system for spyware regularly, but that it's also actively monitoring your system for suspicious activity:
- Click Tools.
- Click Options.
- Click Automatic Scanning.
- Activate the Automatically Scan My Computer check box.
- Click Real-Time Protection.
- Activate the Use Real-Time Protection check box.
- Click OK.
For the scanning portion of its defenses, Windows Defender supports three different scan types:
- Quick Scan. This scan checks just those areas of your system where it is likely to find evidence of spyware. This scan usually takes just a couple of minutes. This scan is the default, and you can initiate one at any time by clicking the Scan link.
- Full Scan. This scan checks for evidence of spyware in system memory, all running processes, and the system drive (usually drive C:), and it performs a deep scan on all folders. This scan might take 30 minutes or more, depending on your system. To run this scan, pull down the Scan menu and click Full Scan.
- Custom Scan. This scan checks just the drives and folders that you select. The length of the scan depends on the number of locations you select and the number of objects in those locations. To run this scan, pull down the Scan menu and click Custom Scan, which displays the Select Scan Options page shown in Figure 21.6. Click Select, activate the check boxes for the drives you want scanned, and then click OK. Click Scan Now to start the scan.
Windows Defender settings
By default, Windows Defender is set up to perform a Quick Scan of your system every morning at 2:00 a.m. To change this, select Tools, Options, Automatic Scanning, and then use the controls to specify the scan frequency time and type.
The rest of the Options page offers options for customizing Windows Defender. There are six more groups:
- Default Actions. Set the action that Windows Defender should take if it finds alert items (potential spyware) in the Severe, High, Medium, and Low categories: Recommended Action Based on Definitions (Windows Defender's default action for the detected spyware), Ignore, Quarantine (disables the threat without removing it), Remove, or Allow.
- Real-Time Protection. Besides toggling real-time protection on and off, you can also toggle security agents on and off. Security agents monitor Windows components that are frequent targets of spyware activity.
- Excluded Files and Folders. Use this section to specify files or folders that you don't want Windows Defender to scan.
- Excluded File Type. Use this section to specify file extensions that you don't want Windows Defender to scan.
- Advanced. Use these options to enable scanning inside archive files, email messages, and removable drives.
- Administrator. This section has a check box that toggles Windows Defender on and off, and another that, when activated, allows you to see Windows Defenders items (such as allowed programs) for all users accounts on the computer.
Windows Defender will often warn you that a program might be spyware and ask whether you want to allow the program to operate normally or to block it. If you accidentally allow an unsafe program, click Tools, Allowed Items; select the program in the Allowed Items list, and then click Remove from List. Similarly, if you accidentally blocked a safe program, click Tools, Quarantined Items; select the program in the Quarantined Items list, and then click Remove.
Is your User Account Control on?
I'll be talking about User Account Control in detail in Chapter 18. For now, let's just make sure it's enabled on your system:
- Select Start, type user, and then click Change User Account Control Settings in the search results. The User Account Control Settings dialog box appears.
- Make sure the slider is set to anything other than Never Notify at the bottom. See Chapter 18 to learn about the different settings. If you're not sure what to go with, for now choose Default (second from the top).
- Click OK.
- Restart your computer to put the new setting into effect.
Is your Administrator Account disabled?
One of the confusing aspects about Windows 7 is that the Administrator account seems to disappear after the setup is complete. That's because, for security reasons, Windows 7 doesn't give you access to this all-powerful account. However, there are ways to activate this account, so it pays to take a second and make sure it's still in its disabled state.
You can do this in several ways, but here's a quick look at two of them:
- Using the Local Security Policy Editor. Select Start, type secpol.msc, and then press Enter. In the Local Security Policy Editor, open the Local Policies, Security Options branch, and then double-click the Accounts: Administrator Account Status policy. Click Disabled, and then click OK.
- Using the Local Users and Groups snap-in. Select Start, type lusrmgr.msc, and then press Enter. In the Local Users and Groups snap-in, click Users and then double-click Administrator. In the Administrator Properties dialog box, activate the Account Is Disabled check box, and then click OK.
These methods suffer from a serious drawback: They don't work in all versions of Windows 7, in particular Windows 7 Home Basic and Windows 7 Home Premium. Fortunately, we haven't exhausted all the ways to activate Windows 7's Administrator account. Here's a method that works with all versions of Windows 7:
- Select Start, type command, right-click Command Prompt, and then click Run as Administrator. The User Account Control dialog box appears.
- Enter your UAC credentials to continue.
- At the command line, enter the following command:
net user Administrator /active:no
How to secure Microsoft Windows 7
Part 2: Confirm crucial Windows 7 security settings are enabled
Part 3: Manage Microsoft Windows Firewall