Friday, October 23, 2009

My Home PCs – Part 1 – The Basics

A number of years ago I was messing around with partitioning my hard drive and managed to completely destroy my home PC. As I was trying to remember all the software I needed to install again, I decided to take the opportunity to document them all, figuring I would do something else stupid again in the future. That started the list, I shared it with a few folks, added some of their suggestions and it grew into a nice reference. I’ve also added some good tips and techniques to protect a PC from the bad guys. Several folks, after rebuilding their kid’s PCs every few months, adopted these suggestions and all the feedback I get indicates it’s pretty solid. I decided it might be of interest to others, and hence I begin this multi-part blog, broken down into collections of related components. Part 1 starts with the basics, those things I recommend be done before you wonder off to email-land or surfing the web.

  • Apply all maintenance via the Windows Update facility, including all optional maintenance. The trick here is to run it, run it again, run it again, etc. until Windows Update is totally out of new patches. If you’re rebuilding a PC from a few years ago, this can take hours. Do it anyway. The bad guys really like taking advantage of PCs that are not patched. And make sure you have Windows Update automatically check every day and apply anything it finds. Yeah, it’s a pain to wake up in the morning and wait 5-10 minutes as you login. Do it anyway. And make sure to check Windows Update manually from time-to-time, and apply anything it finds.
  • Use a hardware firewall and never plug your PC into the box provided by your Internet Service Provider (ISP). Never count on the firewall running on your PC. Spend the $50. This will keep out those hackers that live anywhere in the world. You probably want the wireless access anyway, and these devices typically have a built-in firewall. I use a Linksys WRT54G, although several other models from D-Link and others work fine. If you have wireless access, use WPA2 if possible and follow the manufacturer’s instructions carefully. This is will keep out those hackers that live in your neighborhood.
  • The most effective method of protecting your home PC is to create a new account as a “Limited Account”. You can use Control Panel ... User Accounts to create the new account with limited privileges, leaving the account that came with the machine as the administrator. This, more than anything else you can do, will prevent viruses, spyware and adware from infecting your computer. The downside is that most software installs will have to be performed from the administrative account. This inconvenience is well worth it.
  • Load the free AVG anti-virus/anti-spyware software. This is licensed for non-commercial use only, one of the few software products I’ll recommend that can’t be used for business. It takes a bit to get through the various up-sell options presented, but starting at help a bit. AVG will automatically keep its virus signatures up-to-date, but watch for the occasional new version.
  • Since your web browser is always poking around the Internet, having a good one is very important. I use Mozilla’s Firefox, which is found at Mozilla does a good job of quickly fixing problems and pushing fixes out automatically. It also does not support Microsoft’s ActiveX, a popular attack point for the bad guys. Firefox is fast and has lots of features, and a whole bunch more via add-ons. The only downside to Firefox is that it tends to consume more and more memory the longer it runs, which means you’ll have to occasionally shut it down and restart it. Google’s Chrome browser, found at, is also very nice, has a great security model and is faster than blazes, particularly for JavaScript-heavy web sites like Google’s Gmail. I’ll move to Chrome exclusively when they have better tab support. I just can’t live without the Tab Mix Plus add-on to Firefox. Both these products, and most other browsers I’ve run across, are free for all purposes.
  • Use the OpenDNS service and configure it to block categories of web sites that you do not want your household accessing. I would suggest starting with "Moderate" level, but you can select just the categories you want to block. If you have the typical home ISP service, your IP address can change from time to time. Use their Dynamic IP support (see for details) to insure your OpenDNS selections stay in effect when your IP address changes. This is somewhat technical and you might need your family’s Tech Support Person (there’s always a lucky one in the bunch).

No comments: