So far, Windows Vista can be considered the safest operating system but not the most perfect one. In its early configuration, Vista still uncovers the possibility of leaking out the user's data to the Internet through Windows Firewall, or some bots which can change settings without letting you know.
Consult the Windows Security Center
In order to have an overview of security settings, come to Windows Security Center where you can see the status of firewall system, automatic updating, malware protection and other security settings. Press "Start" - "Control Panel" - "Security Center", or simply click the shield-shaped icon on the taskbar.
If there are any red or yellow entries, it means that you are not completely protected. If you have not installed antivirus software, for example, or the existing antivirus program is expired, the "Malware" entry in Security Center will be marked yellow. Windows does not integrate any antivirus software so that you have to install yourself.
Use Windows Defender as a Diagnosis Device
Malware entry in Security Center is also supposed to report the anti-spyware capacity, and Vista depends on Windows Defender to do this job. Although anti-spyware capacity in security or anti-virus utilities is usually better than that of Windows, there are some good reasons to maintain the existence of Windows Defender. One of those is that each spyware utility uses a different definition to identify the spyware. Therefore, an abundant protection sometimes brings about practical benefit.
Another reason to keep Windows Defender in standby status is diagnosis capacity. Click "Tools", select "Software Explorer". Here you will find a list of all programs by category: Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Startup Programs seems to be the most useful. Click ant names in the left window, the full details will display on the right. By checking any listed program, you can uninstall, deactivate or reactivate that one.
Deactivate the Start Up
Windows Vista monitors all documents and programs you generate in Start Up. This is convenient for some users, but on the other hands, it can be harmful for your privacy if the computer is shared in office or family. Fortunately, Window Vista provides a simple way to change this setting. The steps should be taken as follow:
1. Right-click the taskbar and select Properties, then select "Start Menu" tab
2. Uncheck "Store and Display a list of recently opened files"
3. Uncheck "Store and Display a list of recently opened programs"
4. Press OK.
2-way Firewall
Almost every PC is equipped with Firewall software, currently. However, even when Security Center states that you are protected, you might not be protected at all.
The Windows Firewall function in Vista is able to "block" any input data which can endanger system, and that is really a good thing. Nevertheless, the off-line security function is not activated by default, so that this may be a dangerous situation if some new harmful software finds a way to break into your PC.
Microsoft has equipped Windows Vista with tools to deploy 2-way firewall feature, but finding these settings is a little complicated. In order to activate 2-way firewall feature of Windows Vista, press "Start", select "Run", then type "wf.msc", then press "Enter". Click the icon of "Windows Firewall with Advanced Security".
This interface will display the principles of monitoring system inbound/outbound information. Select "Windows Firewalls Properties". You can see a dialog box containing some tabs. For the profiles: Domain, Private and Public, you should change the settings of "Block", then press "OK".
However, 2-way firewall activation can prevent all the applications from connecting to Internet. Therefore, before getting out of "Windows Firewall with Advanced Security", scroll down, select "Outbound Rules" and "New Rules" on the top right of the screen. Select "Program", on the next screen.
Then select the path for Internet Explorer, iTunes or some of your applications requesting to connect to Internet. For each program, on the next screen, select "Allow the Connection", then name each principle/rule created. You will have to set a new rule for all applications which have access to the Internet.
Besides, you can use a firewall utility of third party such as Comodo Firewall Pro or ZoneAlarm, which are all free and able to offer other features in addition to firewall.
Close the doors to unexpected guests
If you share your computer with others (even if you don't), Windows Vista provides a good way to prevent unexpected guests from guessing your password of admin account. When you create a new user and assign someone to be admin (with full rights and authority), Windows Vista allows other users to guess your selected password. The following steps are to restrain the penetration of strangers:
1. Select "Start", type "Local Security Policy".
2. Press "Account Lockout Policy"
3. Select "Account Lockout Threshold"
4. At the prompt, fill the maximum allowed invalid log-on attempts (e.g.: 3).
5. Press "OK" and close the window.
Verify the attackers
With proper Account Lockout policy, you can activate the feature of verifying attempts to attack your account. In order to start verify the invalid log-on, the steps are as follow:
1. Select "Start", type "secpol.msc, click "secpol" icon.
2. Press Local Policies then press "Audit Policy"
3. Right-click "Audit account logon events policy" option and select "Properties".
4. Check the dialog box "Failure" and press OK
5. Close "Local Security Policy" window.
Now, you can use Event Viewer feature (by typing the command: eventvwr.msc) to view the log-on history recorded in Windows Logs and Security.
Internet Explorer settings security
Windows Security Center also has function of reporting if security status of Internet Explorer 7 and Internet Explorer 8 is as required or not. If the status is marked red, you should rapidly modify the IE settings
1. In the menu, select Tools, then select Internet Options
2. Select Security tab
3. Select Custom Level
Now you will see a window containing all options relating to IE's security issue. If the options are lower than required (can be changed by some malwares), those will be marked red. To modify a setting, click the corresponding one. In order to reset the original settings, press "Reset" button at the bottom of the tab. If you want, you can change the general security settings of the browser from Medium - High (by default) to High or Medium as required. Press "OK" to save these changes
Use Open DNS
DNS (Domain Name System) servers play the role of a telephone directory. When you type a domain name dantri.com.vn, for example, in the address bar, Internet Explorer will send the requirement of common domain name to DNS servers of the your ISP, then these servers are supposed to transform the character sequence to a string of numbers or an IP address. The DNS servers have been attacked over the past few years because the hackers have tried every possible way to redirect the common DNSs to the servers which they can control. A solution to prevent this abuse is to use Open DNS.
Click "Start" | "Control Panel" | "Network and Internet"
Select "Network and Sharing Center". Under the taskbars listed on the left, select "Manage Network
Connections". In the window of "Manage Network Connections", follow these steps:
1. Right-click the icon of your network card
2. Select Properties.
3. Then select "Internet Protocol Version 4".
4. Click "Properties" in the next displayed screen.
5. Select "Use the following DNS server addresses".
6. Input 208.67.222.222 into the primary address
7. Input 208.67.220.220 into the secondary address
8. Press OK
Cohabit with User Account Control
There is a setting status that some users want it marked red. That is Vista's User Account Control (UAC) - the controversial security function of Vista operating system.
Designed to prevent the remote malware⁄spyware from automatically installing or modifying system settings, UAC tends to block legal installations by stopping the ongoing process with unnecessary error messages. In Windows 7, you can set up UAC as you want. Up to then, you will have more options.
There is an option of invalidating UAC. However, you should consider this risky choice because UAC can warn you of potential dangers. Instead, install Tweak UAC - a free utility that allows you to turn on or turn off UAC and simultaneously provides an intermediate "quiet" mode (this mode keeps UAC on but suppresses administration elevation prompts). With TweakUAC in "quiet" mode, UAC seem to be turned off to those who use administration accounts, but those who use standard account will still receive the warning messages.
Verify the results
By modifying the security settings of Windows Vista, now you can monitor the safety of system via System Health Report. This diagnosis tool receives the input date from Performance and Reliability Monitor and transforms them into a report with general information. To some extent, this report can provides you with information of potential security issues.
1. Open Control Panel.
2. Click System.
3. In Tasks list, select Performance (near the bottom of the list).
4. In resulting Tasks list, click Advanced tools (near the top of the list).
5. Click the last item on the resulting Task list: Generate a system health report.
6. This report will list any missing drivers which can cause errors, reporting to you if the
antivirus protection is installed or not, or if the UAC is on or off.
To make sure of the best condition of your Pc, run this report monthly.
Dinh Cong Tuan is now working for a software company that provides IT solutions and software development services. If you want to know more about his work, visit the website: [the website attsoftware.net cannot be found] see how he can optimize your business.
More Windows Administration Information:
• No Software on the Market Removes All Spyware
• Keep Your Internet Browsing Private with InPrivate Browsing
• DriveLock Hard Drive Protection
• Phishing Attacks
• Keep Your Firefox Browsing Private
• What is Spyware?
• Tips to Protect Windows Vista Operating System
• What is Phishing and How to Safeguard Against It
• Root Kit - The Hackers Backdoor to Your Computer
• What Are WEP, WPA, TKIP, AES and PSK?