On the other hand, if a user is logged on as Restricted User, for instance, he is not allowed to make critical modifications to the system and run vulnerable services. This limits the impact of possible malware if it’s started from the limited account.

Users can designate/change account properties from the Control Panel’s User Accounts menu by clicking “Change my account type”.

User account passwords can easily be set from the Control Panel. Go to the User Account menu, select the user account for which you wish to set up a password, and enter the password into the appropriate field. Two minutes of your time gives your data a lot of additional protection.

During this step, you can also set up a user password that can be used to prevent the computer from loading the OS until the correct password is supplied. The procedure for creating a user password varies from vendor to vendor, but generally one of the following keys will enable you to access the BIOS menu: Del, F2, or F12. Consult your computer’s user manual for how to access the BIOS and change the user password.

Protecting your computer at the BIOS level is a great idea for laptop users – it prevents unauthorized use of the machine when it is left unattended. BIOS passwords can be overridden with relative ease, but it will give a potential data thief pause for thought. Anything that makes theft more difficult may be a sufficient deterrent.

For Firefox users, there is a quick resolution – the NoScript add-on that is available as a free Firefox extension. By default, it will block scripts on any site that you visit, so you get automatic, preemptive protection. This blocking will render some sites barely usable (for example, YouTube videos will no longer start), so you will need to unblock trusted sites to allow the execution of scripts on them. This can easily be done on the fly right from the Firefox interface, which shows the NoScript toolbar with per-site blocking options.

To keep Internet Explorer users safe, Outpost Firewall Pro or Outpost Security Suite Pro offers similar functionality – to restrict the execution of scripts globally, and then to specify exclusions for trusted sites that are allowed to run scripts. The settings that you configure with Outpost will apply to any web browser; you can also extend this functionality to your email client, which may also be vulnerable.

One valuable Internet resource to turn to if you want to find out what elements of your digital footprint are exposed as a result of web surfing is All Net Tools’ toolbox – specifically the Environmental Variables Test and the SmartWhois utilities. The former includes your current external IP address and the kind of browser you use to access the Internet, while the latter enables you to find registration information and contact details for any unknown IP address or Internet domain.

Why is this information important? Your IP address is a unique address for your machine (or local subnet) that can be explicitly associated with you (or your LAN). If the IP address is permanent, your computer can become a target for web-borne attacks because it is easily traceable. By knowing the name and version of your browser, hackers can identify vulnerabilities and stage direct attacks that exploit those vulnerabilities, so always remember to update your Internet-enabled software, including browsers, to the most recent version. The WhoIS query is very useful if your computer makes unexpected contact with another remote computer and you want to find out who’s behind the remote computer.

One such tool is Sysinternals’ (now part of Microsoft) Autoruns. This program offers a number of options and breaks out all start-up entries according to their type (drivers, services, Explorer components, Winlogon, Winsock, and other groups). You may find it useful to use the option to list only non-Microsoft entries, as this will limit the list of programs automatically started to those which are not part of Windows or Microsoft applications. Pay close attention to the Logon and Drivers tabs, but be careful and run a search to make sure you don’t accidentally switch off a valid program, service or driver. If you make a mistake, it is easily corrected by checking the corresponding checkmark for the application you disabled in error.

You should use the System Configuration Utility that comes as part of Windows to complete this task. This utility lets you define which applications and services you want to be automatically started with Windows. Do a search to verify whether you need a particular service before disabling any of the entries on the Services tab. Start the System Configuration Utility by typing “msconfig” (without the quotation marks) in the Start button’s Run dialog, The Startup tab lets you choose from programs you wish to disable from starting up automatically.

By closing unneeded applications, you not only free up system resources and thus improve system performance, but prevent some spyware and virus programs from affecting your PC. (Of course, a good, up-to-date anti-virus program will do this, too)

To fill that gap, there is a very useful program called Process Explorer. Its author has recently been invited to work for Microsoft, so it can be almost considered a native Windows application. It has none of Task Manager’s limitations and offers to show running programs’ exact locations as well as what binary components are attached to the main listed applications (components like DLL files can be malicious as well).

Another handy utility is ProcessScanner from Uniblue. This program will scan all running processes and display a web page summarizing the application environment on your PC. Additionally, it maintains a large database of known processes, along with sufficient information for you to determine whether particular programs are benign.

These disruptions may be caused by unnecessary or malicious software running on your PC. Contrary to what some people think, the Windows Taskbar doesn’t actually show all the programs that are currently running. This is because it’s designed to show only the programs that were started by the user in the current Windows session; for example, an Acrobat document would be shown, but background tasks such as the Windows update process (or virus activity, in the worst case) would not be shown.

Windows Task Manager will give you a better insight into current program activity. Launched by pressing the Ctrl, Shift and Esc keys in combination, this utility is embedded in the Windows operating system and lists all active programs and processes. Processes is where you’ll discover those invisible applications you can’t see in the Taskbar.

Hit the Processes tab to display all the processes running on your PC currently. You can sort the contents by name, CPU utilization and memory usage, and you can instantly shut down any unwanted software. However, you should take care when shutting down a process whose name you’re not familiar with. It’s a good idea to Google the name of the process first to verify whether it is good or bad, and whether it’s necessary to the running of your PC. Shutting down a program via the Task Manager is an emergency operation and you risk losing unsaved data if you accidentally shut down the wrong program.

When hackers search for exploitable computers over the Internet, they launch special “sniffer” utilities that probe arbitrary IP addresses for the presence of vulnerabilities. These automated tools test Internet users’ computers for broadcasting ports – ports that are ready to accept connections from the Internet or a LAN.

These ports, sometimes called “server” ports because they are “serving themselves up” to hackers, may be being kept open by a vulnerable application (for example, an old game that hasn’t been updated or flawed Instant Messaging software that accepts file transfers). If this is the case, hackers can exploit them to establish an underground connection channel and run malicious command-and-control software on your machine.

The solution to these threats is:

• timely installation of updates for your installed programs and Windows components;
• a reliable firewall that prevents port scanning and limits port exposure to local access only;
• the use of legitimate software that you both need and trust.