How to make your PC secure - Part 1

An unguarded PC is a potentially dangerous window into your life and finances. We show you how to make it secure and keep it secure

You wouldn't countenance having to patch your TV or shield your hi-fi from virus attacks, but a computer requires your active and ongoing involvement in order to stay secure. That's simply the reality of computing today.

We're certainly no apologists for this state of affairs; it would be much better all round if computers 'just worked'. But there's malicious intent out there and it forces us all to adopt a sensible defensive position.

Just as leaving your car keys on the front seat will see you robbed of your valuables, or the car itself, in an eye-blink, leaving your computer open to the world risks theft, damage and expense. Such carelessness can also impact on others just as surely as a stolen joy-ridden car; if a worm can get in, it can harness your computer's internet connection and wreak havoc further afield.

However, the good news is that it's relatively easy to secure a computer and keep it that way. What we need is a central locking policy.

Survive the first day
It's day one with a new computer and you're itching to get up and running. The kids are pestering you to set up their email, you're dying to scour the internet for bargains and Windows XP (if newly installed) is insisting that you activate online. Don't do anything.

The kids can wait and so can Windows XP (you have 30 days to activate your copy). The moment you connect your computer to the internet, you expose it to a world of trouble. Research suggests that a completely unprotected PC will be overwhelmed by viruses and automated hacking tools within 12 minutes. That figure will probably have shrunk by the time you read this.

Your first line of defence should be a firewall. This must be enabled before you make that first connection. If you have just bought a new computer, it should have Service Pack 2 (SP2) pre-installed. SP2 is a huge patch for some of XP's most serious flaws and includes a strong firewall that is turned on by default.

If you're just about to buy a new or even a used system, make absolutely sure that SP2 has been installed. To check, click on Start, then Control Panel and look for a Security Center icon. If you're planning to buy one in the new year sales, ask the company selling it to you to confirm this.

If you don't already have SP2, you must manually enable the standard Windows firewall or install an alternative. Again, we stress the importance of doing this before connecting to the internet even for a second.

Click on Start, then Control Panel, Network and Internet Connections and Network Connections. If you see an icon here, right-click on it, select Properties, open the Advanced tab and enable the firewall.

If there are no icons, your PC has not yet been configured for internet access. In this case, install the CD provided by your internet service provider then return to Network Connections and proceed as just described.

While here, right-click on each icon in Network Connections for a second time and open the General tab. Uncheck the boxes marked Client for Microsoft Networks and File and Print Sharing by clicking on them so that no tick mark appears next to them.

These optional features are enabled by default but they are only used when you set up a home network - and not always even then. For now, they pose an unnecessary security hazard and should be disabled.

Viral campaign
The next necessary precaution is to install antivirus software. Your new computer may well come with a trial version of a program, in which case you should update it as soon as you go online for the first time and certainly before downloading any files. You can also follow the Recommendations link in the Virus Protection section of SP2's Security Center to locate trial offers from the likes of McAfee, Symantec and Panda.

Our free favourite remains AVG Anti-Virus version 7 and, once your firewall is up, you can download it here. When you begin to download it, a dialogue box will appear asking you to Save or Open the file. Save it to your Desktop, and when it appears, double-click on it then follow the instructions.

Make sure your antivirus software is configured to provide full-time automatic protection and to update itself on a frequent, ideally daily, basis. The simplest way to transfer an antivirus program from one computer to another is to install it afresh on the new system and update it immediately.

This first update will take some time as the program has to grab all updates released since the CD was produced, but after that you should get a full year's worth of cover. You may also need to 'reactivate' the program with the supplier, which involves completing an electronic registration process over the internet.

Do bear in mind that most software licences only permit you to run a program on one machine at a time, so you should uninstall it on the old PC first. This can be tricky and you might need to get support from the antivirus company. In the meantime, download and use the free AVG program above.

Bang up to date
Seldom a week goes by, it seems, without another 'critical flaw in Windows' headline spreading alarm. Some would say that Microsoft is not always as quick to plug holes in its products as it could be, but that aside you are well advised to grab patches as quickly as you can.

For those wondering why Microsoft's programs have these dangerous flaws in the first place, the answer is in its complexity. We make no apologies for Microsoft, and its record on security is, frankly, appalling. The millions of lines of programming code give those with a mind and the time to do so plenty of opportunities to discover ways to inflict damage.

Microsoft may be guilty of not testing its goods rigorously enough, but it is hackers, virus writers and organised crime lords that go to great effort to exploit these flaws. Microsoft is at least taking the idea of security a lot more seriously since XP was first launched.

Which brings us to Automatic Update: a way of getting the fixes you need on the fly and with practically no effort. If you do not have SP2 yet, access Automatic Updates via Start button and then Control Panel. Click on Performance and Maintenance, then System, and open the Automatic Updates tab. Check the Keep my computer up to date box. Windows XP will now periodically phone home when you're connected to the internet and look for updates to reinforce itself.

If you prefer a manual approach, go to the Windows Updates website via the link at the top of All Programs in the Start menu. First time around, you will be prompted to download a small application that searches your computer to see how up to date your version of Windows is and what other hardware you have installed.

It will then display a selection of available updates. Download any updates flagged as 'Critical' but take your pick of the others at a later date. If Service Pack 2 appears as an option and you are using a brand-new PC (which is unlikely), download it immediately. If you're using dial-up, the download will take several hours.

Once SP2 is on board, Automatic Updates becomes accessible directly from the Security Center. The default settings are fine for most people - Windows looks for downloads and automatically installs updates without any intervention - but you can tweak the settings if you wish.

In a similar vein, don't forget to update your other software. Many programs check for their own patches automatically but others need a helping hand. Look in the Help or Tools menu for the appropriate option. You may be required to register with the software supplier before you can access updates but this will just take a few moments over the internet. In short, keep all your software from Windows to Word as up to date, and hence as secure, as possible.

So where are we? Your computer now has an active firewall and antivirus protection, you have disabled a couple of risky networking components and Automatic Updates is poised to periodically patch security holes. Your computer is now as safe as safe can be, yes? Not quite.

None shall pass
Windows XP has a feature called User Accounts that allows several people to log on to the same computer with unique names and passwords. If you haven't set up user accounts manually, you'll simply use the default account when you start the computer. The name of this account, probably Customer or Owner or something equally banal, is displayed at the top of the Start menu.

To stop anyone else using your computer, password-protect this account. Click on Start, then Control Panel, User Accounts and select the default user name. Now click on Create a password and follow the simple steps. You can also change the account name to something more personal at this point.

This done, return to the previous screen, click on 'Change the way users log on or off' and ensure that there is a tick in the Use the Welcome screen box. Windows will demand a password every time the computer restarts. You might now want to set up password-protected accounts for anyone else who will use the PC, thereby keeping your own files and settings private.

There is, however, a fly in this ointment. All Windows XP machines also have a hidden, but all-powerful, account called Administrator, and this provides full access to every setting. Anybody logged in as Administrator can even change any other user's password. In other words, you could return to your computer after a break to find that some wag has locked you out of your own account. So much for password security. Preventative action is required.

To log on as Administrator on a Windows XP Home Edition system, press F8 during start-up and select Safe Mode. The Administrator account will now appear on the Welcome screen. If you have Windows XP Professional, press Ctrl + Alt + Delete twice at the Welcome screen to summon a dialogue box and type Administrator in the User name field.

But surely, you cry, the Administrator account is password-protected? Indeed it is, but in a default Windows XP set-up the password is, er, blank. Anybody who knows this can easily bypass all other password security by logging on as Administrator.

It therefore figures that you should create a secure personal password for the Administrator account immediately. Log on to your computer as Administrator, access User Accounts via the Control Panel, and set up a password for the Administrator account. If you have Windows XP Home Edition, you'll be working in safe mode here but that's fine. You can also change the name of this uber-account from Administrator to something rather less obvious.

Incidentally, if you are installing XP from scratch, or if your computer supplier left the final few steps of the installation routine for you to complete, you may have the opportunity to assign an Administrator password during set-up, but only if you're using the Professional version.

In Home Edition, no mention whatsoever is made of the Administrator account. Clearly, the 'experts' at Microsoft have a long way to go before they understand home users.

A final few words on passwords. If your PC has a floppy drive, make a password reset disk for all user accounts. Should you ever forget a password, this allows you to create a new one at the Welcome screen. It goes without saying that you must keep the reset disk hidden somewhere safe.

Open User Accounts, select any password-protected account and click on the Prevent a forgotten password link. To create a reset disk for the Administrator account, log on as the Administrator as has just been described.

Make every password difficult to guess and use a different password for every account. A secure password is not the name of your dog or the dog's name spelled backwards, but rather a random pattern of letters and characters, ideally in a mix of upper and lower case, that bears no relationship to any word found in a dictionary.

This is important as hackers use tools that try out every word in the dictionary at breakneck speed. Take an old car registration number and jumble or expand it, or use the first letters of a memorable sentence (for example, "To be or not to be").

Computer security is a serious business. We're talking real risk with real money, not just mere inconvenience. At the risk of sounding gloomy, a firewall, antivirus program, updates and passwords alone can't keep your computer completely secure without one vital further ingredient. We're talking, of course, about user savvy. If you understand the risks, you'll understand how to combat them.

If you're feeling down at this point, remember that anything worth having is worth looking after properly. The internet opens a world of fun, learning and convenience for you and your family. Crooks know this too, and that's why they attack PCs through the internet. Knowledge is power, so here's an explanation of the threats you face when you go online.