Langa Letter: 5 Essential Steps To PC Security - InformationWeek
Software // Enterprise Applications
10:45 PM
Fred Langa
Fred Langa

Langa Letter: 5 Essential Steps To PC Security

As the new year begins, Fred Langa says keep these items in mind to help prevent data theft, identity theft, and private information falling into the wrong hands. These steps will give you 365 days of safe computing.

You see it in the news again and again: Identity theft, corporate data stolen, private information falling into the wrong hands...

But these kinds of problems are almost all preventable. With the five simple steps outlined here, you can make just about any PC -- in the corporate world or at home -- secure from online attacks and data theft. Some of these steps may seem familiar; and that's a good thing if they do, because it means you're up to speed on the essentials. But even experts sometimes miss a step, so having a checklist or guide like this can be handy.

Plus, we've assembled dozens of live links for you, giving you nearly instant access to the many tools and informational resources we discuss.

Let's get started!

Close The Holes
All software -- bar none -- contains bugs, errors, omissions, and security holes. No brand or vendor or source is immune. Therefore, obtaining and applying security patches as they become available must be a top priority in keeping your PC safe and secure. Most vendors offer automated or semi-automated tools to help stay current. The most obvious and popular are Microsoft's WindowsUpdate and Office Update. Most vendor Web sites also offer index pages or catalogs of all to-date updates, letting you zero in on any you may have missed previously. For example, Microsoft's "Security Updates" meta page is here. Whatever software you use, start the year off right by ensuring you're 100% up to date with all essential patches, updates, and bug fixes.

Block Intruders
Just about everyone now realizes the necessity of some kind of firewall to block malicious attacks or connections from external sources. And just about everyone has access to at least a basic desktop firewall, such as the simple one built into XP. (More info: See this or this.)

But there's still confusion and misinformation about the necessity of a desktop firewall if a given PC is already protected by a hardware firewall or the actions of a router, NAT, or similar devices. While those separate devices are excellent against external intrusion, most are all but useless against "phone home" exploits and similar "attack from within" used by some malicious software ("malware"): These malicious outbound connections appear to originate inside a given PC, and so are automatically allowed by most external defenses.

In sharp contrast, the better desktop firewalls block or flag all outbound connections at first activation, letting you prevent "phone home" and similar covert outbound connections before they start. So: Use a desktop firewall, even if your PC is also protected by a separate external firewall.

You can see which firewalls are rated most highly by your fellow users in "Readers Rate Desktop Firewalls". And there's lots more information available in "How Much Protection Is Enough?" ; "Norton Antivirus And The Single-Layer Defense Fallacy"; and "Four Myths of Online Security."

Stop Infections
While "closing the holes" and "blocking intruders" will go a long way to securing a PC, there still are several vectors by which hostile software can make it into your PC; especially through infection from trusted sources, such as from co-workers' PCs or other PCs on your LAN. For this reasons, and as part of good basic digital hygiene, every PC needs effective, current antivirus protection.

There are many options, but my current top pick is NOD32; a relatively lightweight (non-resource-hogging) utility with an innovative way of securing E-mail without the clumsiness of proxy-based approaches; and with outstanding heuristics that make the tool unusually resistant even to new and as-yet unidentified viral threats.

There are also many free antivirus tools and services available; so there's really no reason for any PC to run unprotected.

1 of 3
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll