Can Windows based computers ever be secured? [closed]

security windows firewall anti-virus

In light on this excellent article series by Ars regarding the black security work by HBGary - HBGary claims to have coded several rootkits and had access to 0-day exploits that could compromise a range of windows releases and firwall/antivirus software - how can Windows based computers be secured?


Solution 1:

You need to accept the fact that no general-purpose monolithic operating system like Windows, Linux, Mac OS X, or anything else similar can be truly secured. Which is more secure is subjective and I won't go further into that. But, that being said, I think the following helps:

  • Use Windows 7 64-bit. It's more secure in a lot of ways than Windows XP.

  • Apply Windows Updates as soon as possible.

  • Do not run normally under an Administrator account.

  • Uninstall needed features and software.

  • Don't use Internet Explorer unless you need to.

  • Outgoing network traffic of extremely critical systems needs to be monitored using a separate system running a separate operating system, and if suspect traffic patterns are detected, assume the system is compromised.

  • One good way to detect rootkits is to shutdown the system, and run a virus/rootkit scan against the drive without the operating system running. If you can do this on a regular basis it's a good thing.

  • If what you do on the machine can survive the performance hit of virtualization, then virtualize your Windows installation (preferably using a VMM under a different OS) and utilize snapshot features to rollback if things go wrong.

  • Infected systems, or systems otherwise suspicious of being compromised need to be reimaged, rather than repaired. Keeping regular backup images of your system will aid this.

But really, the best way to secure a computer is frequent, regular backing up of the data that lives on it on a separate storage device that is stored away from the computer when not being used. That way, if/when your system is compromised, you haven't lost anything but the time it takes you to reimage or reinstall.

Related

iPhone Taskbar close all applications
Windows print screen when using Boot Camp
Are there sites that support editing and ordering photo prints, cards, and books on an iPad?
Mail: Smart Mailbox Filters
Why does my computer freeze when I unplug my headphones?
What is a good Apple podcast to listen to on a daily basis? [closed]
What media formats are playable/streamable on Apple TV?
iPhone sometimes goes to sleep running Pandora, sometimes doesn't
Comparison of cases available via Apple's case program
How do I change the calendar dot color on iPhone iOS 4? [duplicate]
What is the thinking behind pushing the writing area in Pages to the left? [closed]
Strong law of large numbers for a scaled sequence of normally distributed random variables