Security for 64 bit Vista Laptop

#1 (**permalink**) 09-11-2008

I just picked up a laptop and am finishing the setup phase. I'll be
installing Avast Anti-Virus, as I know it supports 64 bit and works
reasonably well. Windows Defender is enabled, as is Windows firewall. Now
I'd like to address strong security.

This laptop will be used for business (and play as well, I suppose,
especially during hurricane evacs). One concern I have are for those times
when I must download banking transactions into Quicken and Quickbooks. I'd
like to be sure that my passwords and the sensitive data I'll be downloading
is not accessible to anyone else. These downloads might take place via a
hotel network or via a Sprint (or similar) broadband device.

Although my office is behind a hardware firewall, I really have no
experience when it comes to 'on the road security'. Is it feasible to bring
a router with a firewall to place between my laptop and the hotel network,
or should it all be handled by software (as I assume the case will be for
the Sprint broadband).

I know that I am asking for more information than is probably practically
posted here, but any information (including links) is greatly appreciated.

Thanks in advance,
James

#2 (**permalink**) 09-11-2008

Hi,

Browse through the articles here

'PC World - Security Topic Center'
(http://www.pcworld.com/topics/securi...l?tk=nl_spxctr)

Hope that helps

SIW2

--
SIW2

#3 (**permalink**) 09-11-2008

Install Windows OneCare, and you'll not have to
worry about those issues. You can try it FREE
for ninety (90) days. This is a brand new version
and is very robust! Uses very little system resources!
http://onecare.live.com/standard/en-us/default.htm

With the excellent Windows OneCare package, there is
no need to install a multitude of different security software.

OneCare includes:

-- An excellent antivirus application
-- An excellent firewall application
-- An excellent antispyware application
-- Automatic system tune-ups
-- Automatic hard drive defrag
-- Checks for updates to be sure they are installed
-- Schedules automatic backups of important files
-- New version 2.5 just released - designed to work
exceptionally well with Windows Vista & XP.
-- All-in-one convenient, easy to install application

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

"James Colbert" <jc2567@bellsouth.net> wrote in message news:urEhbw6EJHA.1280@TK2MSFTNGP02.phx.gbl...
I just picked up a laptop and am finishing the setup phase. I'll be
installing Avast Anti-Virus, as I know it supports 64 bit and works
reasonably well. Windows Defender is enabled, as is Windows firewall. Now
I'd like to address strong security.

This laptop will be used for business (and play as well, I suppose,
especially during hurricane evacs). One concern I have are for those times
when I must download banking transactions into Quicken and Quickbooks. I'd
like to be sure that my passwords and the sensitive data I'll be downloading
is not accessible to anyone else. These downloads might take place via a
hotel network or via a Sprint (or similar) broadband device.

Although my office is behind a hardware firewall, I really have no
experience when it comes to 'on the road security'. Is it feasible to bring
a router with a firewall to place between my laptop and the hotel network,
or should it all be handled by software (as I assume the case will be for
the Sprint broadband).

I know that I am asking for more information than is probably practically
posted here, but any information (including links) is greatly appreciated.

Thanks in advance,
James

#4 (**permalink**) 09-11-2008

Totally ignore Frisch's advice about OneCare!
He must be on a commission!
--
Mick Murphy - Qld (Sunshine State) - Australia

"James Colbert" wrote:

> I just picked up a laptop and am finishing the setup phase. I'll be
> installing Avast Anti-Virus, as I know it supports 64 bit and works
> reasonably well. Windows Defender is enabled, as is Windows firewall. Now
> I'd like to address strong security.
>
> This laptop will be used for business (and play as well, I suppose,
> especially during hurricane evacs). One concern I have are for those times
> when I must download banking transactions into Quicken and Quickbooks. I'd
> like to be sure that my passwords and the sensitive data I'll be downloading
> is not accessible to anyone else. These downloads might take place via a
> hotel network or via a Sprint (or similar) broadband device.
>
> Although my office is behind a hardware firewall, I really have no
> experience when it comes to 'on the road security'. Is it feasible to bring
> a router with a firewall to place between my laptop and the hotel network,
> or should it all be handled by software (as I assume the case will be for
> the Sprint broadband).
>
> I know that I am asking for more information than is probably practically
> posted here, but any information (including links) is greatly appreciated.
>
> Thanks in advance,
> James
>
>

#5 (**permalink**) 09-11-2008

On Wed, 10 Sep 2008 20:17:29 -0500, James Colbert wrote:

> I just picked up a laptop and am finishing the setup phase. I'll be
> installing Avast Anti-Virus, as I know it supports 64 bit and works
> reasonably well. Windows Defender is enabled, as is Windows firewall. Now
> I'd like to address strong security.

Good combo!
If you ever look for a good (better IMO) AV alternative:
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
(The free version won't scan your emails.)

Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
scanning email is worthless.

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
If you wish, you can remove the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm

In addition to WinDef you consider:
SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html

> This laptop will be used for business (and play as well, I suppose,
> especially during hurricane evacs).

Bad combo! Be very careful combining business with play :-)

> One concern I have are for those times
> when I must download banking transactions into Quicken and Quickbooks. I'd
> like to be sure that my passwords and the sensitive data I'll be downloading
> is not accessible to anyone else. These downloads might take place via a
> hotel network or via a Sprint (or similar) broadband device.

Ensure that passwords are never stored on your operating system. Use an
external media such as cd dvd or thumb drive.

> Although my office is behind a hardware firewall, I really have no
> experience when it comes to 'on the road security'. Is it feasible to bring
> a router with a firewall to place between my laptop and the hotel network,
> or should it all be handled by software (as I assume the case will be for
> the Sprint broadband).

There is nothing wrong taking your router and/or hardware firewall on the
road as well.

> I know that I am asking for more information than is probably practically
> posted here, but any information (including links) is greatly appreciated.

For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
User Account Control Step-by-Step Guide.
http://technet.microsoft.com/en-us/l.../cc709691.aspx

Understanding and Configuring User Account Control in Windows Vista.
http://technet.microsoft.com/en-us/l.../cc709628.aspx

2. Familiarize yourself with "Services Hardening in Windows Vista".
Services Hardening in Windows Vista
http://www.microsoft.com/technet/tec...SecurityWatch/
Educational reading:
10 Immutable Laws of Security
http://technet.microsoft.com/en-us/l.../cc722487.aspx

3. Don't expose services to public networks.
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm

4. Keep your operating (OS) system (and all software on it)
updated/patched. (Got SP1 yet?).
Windows update.
http://www.update.microsoft.com/wind....aspx?ln=en-us
Secunia Personal Software Inspector
http://secunia.com/software_inspector
https://psi.secunia.com/
--And--
M/S Security Baseline Analyzer 2.0
http://www.microsoft.com/downloads/d...displaylang=en
can assist also.

Why Service Packs are Better Than Patches.
http://www.microsoft.com/technet/arc....mspx?mfr=true

5. Secure (Harden) Internet Explorer.
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/d...displaylang=en

Internet Explorer Enhanced Security Configuration changes the browsing
experience
http://support.microsoft.com/default...b;en-us;815141

The Internet Explorer 7 Security Status Bar
http://www.microsoft.com/windows/pro.../security.mspx

Extended Validation SSL Certificates
http://www.microsoft.com/windows/pro...v/default.mspx

Note: *Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.*

You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
http://update.microsoft.com
http://download.windowsupdate.com
https://*.update.microsoft.com
http://*.update.microsoft.com
http://*.microsoft.com

6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".

7. Activate the build-in firewall and tack together its advanced
configuration settings.
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com...7-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
--Or--
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtar...247138,00.html
--Or--
Vista Firewall Control (Free versions available)
http://sphinx-soft.com/Vista/

7a.If on high-speed Internet connection use a router.

7b.Implement countermeasures against DNSChanger.
http://extremesecurity.blogspot.com/...-hijacked.html

7c.Just in case, Wired Equivalent Privacy (WEP) has been
superseded by Wi-Fi Protected Access (WPA).

8. Utilize one (1) each 'real-time' anti-virus and anti-spy
application.

9. Employ vital operating system monitoring utilities/applications.
Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER,
Wireshark, Port Reporter etc.

10.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.

Don't forget cleaning and defragging HDD frequently.

Good luck

#6 (**permalink**) 09-11-2008

"James Colbert" <jc2567@bellsouth.net> wrote in message
news:urEhbw6EJHA.1280@TK2MSFTNGP02.phx.gbl...
>I just picked up a laptop and am finishing the setup phase. I'll be
>installing Avast Anti-Virus, as I know it supports 64 bit and works
>reasonably well. Windows Defender is enabled, as is Windows firewall. Now
>I'd like to address strong security.
>
> This laptop will be used for business (and play as well, I suppose,
> especially during hurricane evacs). One concern I have are for those times
> when I must download banking transactions into Quicken and Quickbooks. I'd
> like to be sure that my passwords and the sensitive data I'll be
> downloading is not accessible to anyone else. These downloads might take
> place via a hotel network or via a Sprint (or similar) broadband device.
>
> Although my office is behind a hardware firewall, I really have no
> experience when it comes to 'on the road security'. Is it feasible to
> bring a router with a firewall to place between my laptop and the hotel
> network, or should it all be handled by software (as I assume the case
> will be for the Sprint broadband).
>
> I know that I am asking for more information than is probably practically
> posted here, but any information (including links) is greatly appreciated.
>
> Thanks in advance,
> James

The number one most important thing is keep Windows and all your installed
programs up to date.

Use a version of Vista that supports bitlocker and encrypt your hard drive.
Don't play with the default UAC settings. When surfing the Internet use a
standard user account. When connecting to a public access point make sure
that the network is identified as Public in the Network and Sharing Center.
Using the same router you use at home means you will have to change this
manually when using the router in a hotel. Make sure you are always at a SSL
(encrypted) site when entering a user name and password. Before entering a
user name and password click on the lock and view the certificate to ensure
you are at the correct site.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

#7 (**permalink**) 09-11-2008

Hi Kayman,

Thank you for a very comprehensive response! This is more than I could have
asked for.
I've copied your post to my desktop for easy access to the URLs you have
provided. I'll be chewing on this for a while! As for your last suggestion
of regular defragging, I've been using Diskeeper for years, but not sure I
want to buy another license. Is Vista's defrag utility adequate?

Thanks!

James

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
news:e03g0d%23EJHA.6052@TK2MSFTNGP04.phx.gbl...
> On Wed, 10 Sep 2008 20:17:29 -0500, James Colbert wrote:
>
>> I just picked up a laptop and am finishing the setup phase. I'll be
>> installing Avast Anti-Virus, as I know it supports 64 bit and works
>> reasonably well. Windows Defender is enabled, as is Windows firewall. Now
>> I'd like to address strong security.
>
> Good combo!
> If you ever look for a good (better IMO) AV alternative:
> Avira AntiVir® Personal - FREE Antivirus
> http://www.free-av.com/
> (The free version won't scan your emails.)
>
> Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
> scanning email is worthless.
>
> Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
> http://thundercloud.net/infoave/tuto...ning/index.htm
> Ensure your e-mail program is configured to display e-mail messages in
> 'Plain Text' only.
> If you wish, you can remove the 'AntiVir Nagscreen'
> http://www.elitekiller.com/files/dis...ntivir_nag.htm
>
> In addition to WinDef you consider:
> SuperAntispyware - Free
> http://www.superantispyware.com/supe...freevspro.html
>
>> This laptop will be used for business (and play as well, I suppose,
>> especially during hurricane evacs).
>
> Bad combo! Be very careful combining business with play :-)
>
>> One concern I have are for those times
>> when I must download banking transactions into Quicken and Quickbooks.
>> I'd
>> like to be sure that my passwords and the sensitive data I'll be
>> downloading
>> is not accessible to anyone else. These downloads might take place via a
>> hotel network or via a Sprint (or similar) broadband device.
>
> Ensure that passwords are never stored on your operating system. Use an
> external media such as cd dvd or thumb drive.
>
>> Although my office is behind a hardware firewall, I really have no
>> experience when it comes to 'on the road security'. Is it feasible to
>> bring
>> a router with a firewall to place between my laptop and the hotel
>> network,
>> or should it all be handled by software (as I assume the case will be for
>> the Sprint broadband).
>
> There is nothing wrong taking your router and/or hardware firewall on the
> road as well.
>
>> I know that I am asking for more information than is probably practically
>> posted here, but any information (including links) is greatly
>> appreciated.
>
> For Vista the most dependable defenses are:
> 1. Do not work in elevated level; Day-to-day work should be performed
> while the User Account Control (UAC) is enabled.
> User Account Control Step-by-Step Guide.
> http://technet.microsoft.com/en-us/l.../cc709691.aspx
>
> Understanding and Configuring User Account Control in Windows Vista.
> http://technet.microsoft.com/en-us/l.../cc709628.aspx
>
> 2. Familiarize yourself with "Services Hardening in Windows Vista".
> Services Hardening in Windows Vista
> http://www.microsoft.com/technet/tec...SecurityWatch/
> Educational reading:
> 10 Immutable Laws of Security
> http://technet.microsoft.com/en-us/l.../cc722487.aspx
>
> 3. Don't expose services to public networks.
> Windows Vista Service Configurations Introduction
> http://www.blackviper.com/WinVista/servicecfg.htm
>
> 4. Keep your operating (OS) system (and all software on it)
> updated/patched. (Got SP1 yet?).
> Windows update.
> http://www.update.microsoft.com/wind....aspx?ln=en-us
> Secunia Personal Software Inspector
> http://secunia.com/software_inspector
> https://psi.secunia.com/
> --And--
> M/S Security Baseline Analyzer 2.0
> http://www.microsoft.com/downloads/d...displaylang=en
> can assist also.
>
> Why Service Packs are Better Than Patches.
> http://www.microsoft.com/technet/arc....mspx?mfr=true
>
> 5. Secure (Harden) Internet Explorer.
> IE7 safe/secure settings
> Internet Explorer7 Desktop Security Guide
> http://www.microsoft.com/downloads/d...displaylang=en
>
> Internet Explorer Enhanced Security Configuration changes the browsing
> experience
> http://support.microsoft.com/default...b;en-us;815141
>
> The Internet Explorer 7 Security Status Bar
> http://www.microsoft.com/windows/pro.../security.mspx
>
> Extended Validation SSL Certificates
> http://www.microsoft.com/windows/pro...v/default.mspx
>
> Note: *Tight security settings will break down some websites. You need to
> add these websites into the Trusted Zone for smooth access.*
>
> You could consider disabling all Security Settings in IE and use IE only
> for the 'Patch Tuesday' updates; To do so you must add the following URL's
> to the Trusted sites:
> http://update.microsoft.com
> http://download.windowsupdate.com
> https://*.update.microsoft.com
> http://*.update.microsoft.com
> http://*.microsoft.com
>
> 6. Review your installed 3rd party software applications/utilities;
> Remove clutter, *including* 3rd party software personal firewall
> application (PFW) - the one which claims:
> "It can stop/control malicious outbound traffic".
>
> 7. Activate the build-in firewall and tack together its advanced
> configuration settings.
> Tap into the Vista firewall's advanced configuration features
> http://articles.techrepublic.com.com...7-6098592.html
> "...once you discover the secret of accessing its advanced configuration
> settings via the MMC snap-in, you'll find it to be far more configurable
> and functional. At last, Windows comes with a sophisticated personal
> firewall that can be used to set up outbound rules as well as inbound,
> with
> the ability to customize rules to fit your precise needs."
> --Or--
> Configure Vista Firewall to support outbound packet filtering
> http://searchwindowssecurity.techtar...247138,00.html
> --Or--
> Vista Firewall Control (Free versions available)
> http://sphinx-soft.com/Vista/
>
> 7a.If on high-speed Internet connection use a router.
>
> 7b.Implement countermeasures against DNSChanger.
> http://extremesecurity.blogspot.com/...-hijacked.html
>
> 7c.Just in case, Wired Equivalent Privacy (WEP) has been
> superseded by Wi-Fi Protected Access (WPA).
>
> 8. Utilize one (1) each 'real-time' anti-virus and anti-spy
> application.
>
> 9. Employ vital operating system monitoring utilities/applications.
> Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER,
> Wireshark, Port Reporter etc.
>
> 10.Routinely practice Safe-Hex.
> http://www.claymania.com/safe-hex.html
> Hundreds Click on 'Click Here to Get Infected' Ad
> http://www.eweek.com/article2/0,1895,2132447,00.asp
>
> The least preferred defenses are:
> Myriads of popular anti-whatever applications and staying ignorant.
>
> Don't forget cleaning and defragging HDD frequently.
>
> Good luck

>

#8 (**permalink**) 09-11-2008

On Thu, 11 Sep 2008 16:58:20 -0500, "James Colbert"
<jc2567@bellsouth.net> wrote:

>Hi Kayman,
>
>Thank you for a very comprehensive response! This is more than I could have
>asked for.
>I've copied your post to my desktop for easy access to the URLs you have
>provided. I'll be chewing on this for a while! As for your last suggestion
>of regular defragging, I've been using Diskeeper for years, but not sure I
>want to buy another license. Is Vista's defrag utility adequate?

Definitely.

Still, I use Diskeeper. It gives me something else to play with ;-)

>Thanks!
>
>James
>
>"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
>news:e03g0d%23EJHA.6052@TK2MSFTNGP04.phx.gbl...
>> On Wed, 10 Sep 2008 20:17:29 -0500, James Colbert wrote:
>>
>>> I just picked up a laptop and am finishing the setup phase. I'll be
>>> installing Avast Anti-Virus, as I know it supports 64 bit and works
>>> reasonably well. Windows Defender is enabled, as is Windows firewall. Now
>>> I'd like to address strong security.
>>
>> Good combo!
>> If you ever look for a good (better IMO) AV alternative:
>> Avira AntiVir® Personal - FREE Antivirus
>> http://www.free-av.com/
>> (The free version won't scan your emails.)
>>
>> Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
>> scanning email is worthless.
>>
>> Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
>> http://thundercloud.net/infoave/tuto...ning/index.htm
>> Ensure your e-mail program is configured to display e-mail messages in
>> 'Plain Text' only.
>> If you wish, you can remove the 'AntiVir Nagscreen'
>> http://www.elitekiller.com/files/dis...ntivir_nag.htm
>>
>> In addition to WinDef you consider:
>> SuperAntispyware - Free
>> http://www.superantispyware.com/supe...freevspro.html
>>
>>> This laptop will be used for business (and play as well, I suppose,
>>> especially during hurricane evacs).
>>
>> Bad combo! Be very careful combining business with play :-)
>>
>>> One concern I have are for those times
>>> when I must download banking transactions into Quicken and Quickbooks.
>>> I'd
>>> like to be sure that my passwords and the sensitive data I'll be
>>> downloading
>>> is not accessible to anyone else. These downloads might take place via a
>>> hotel network or via a Sprint (or similar) broadband device.
>>
>> Ensure that passwords are never stored on your operating system. Use an
>> external media such as cd dvd or thumb drive.
>>
>>> Although my office is behind a hardware firewall, I really have no
>>> experience when it comes to 'on the road security'. Is it feasible to
>>> bring
>>> a router with a firewall to place between my laptop and the hotel
>>> network,
>>> or should it all be handled by software (as I assume the case will be for
>>> the Sprint broadband).
>>
>> There is nothing wrong taking your router and/or hardware firewall on the
>> road as well.
>>
>>> I know that I am asking for more information than is probably practically
>>> posted here, but any information (including links) is greatly
>>> appreciated.
>>
>> For Vista the most dependable defenses are:
>> 1. Do not work in elevated level; Day-to-day work should be performed
>> while the User Account Control (UAC) is enabled.
>> User Account Control Step-by-Step Guide.
>> http://technet.microsoft.com/en-us/l.../cc709691.aspx
>>
>> Understanding and Configuring User Account Control in Windows Vista.
>> http://technet.microsoft.com/en-us/l.../cc709628.aspx
>>
>> 2. Familiarize yourself with "Services Hardening in Windows Vista".
>> Services Hardening in Windows Vista
>> http://www.microsoft.com/technet/tec...SecurityWatch/
>> Educational reading:
>> 10 Immutable Laws of Security
>> http://technet.microsoft.com/en-us/l.../cc722487.aspx
>>
>> 3. Don't expose services to public networks.
>> Windows Vista Service Configurations Introduction
>> http://www.blackviper.com/WinVista/servicecfg.htm
>>
>> 4. Keep your operating (OS) system (and all software on it)
>> updated/patched. (Got SP1 yet?).
>> Windows update.
>> http://www.update.microsoft.com/wind....aspx?ln=en-us
>> Secunia Personal Software Inspector
>> http://secunia.com/software_inspector
>> https://psi.secunia.com/
>> --And--
>> M/S Security Baseline Analyzer 2.0
>> http://www.microsoft.com/downloads/d...displaylang=en
>> can assist also.
>>
>> Why Service Packs are Better Than Patches.
>> http://www.microsoft.com/technet/arc....mspx?mfr=true
>>
>> 5. Secure (Harden) Internet Explorer.
>> IE7 safe/secure settings
>> Internet Explorer7 Desktop Security Guide
>> http://www.microsoft.com/downloads/d...displaylang=en
>>
>> Internet Explorer Enhanced Security Configuration changes the browsing
>> experience
>> http://support.microsoft.com/default...b;en-us;815141
>>
>> The Internet Explorer 7 Security Status Bar
>> http://www.microsoft.com/windows/pro.../security.mspx
>>
>> Extended Validation SSL Certificates
>> http://www.microsoft.com/windows/pro...v/default.mspx
>>
>> Note: *Tight security settings will break down some websites. You need to
>> add these websites into the Trusted Zone for smooth access.*
>>
>> You could consider disabling all Security Settings in IE and use IE only
>> for the 'Patch Tuesday' updates; To do so you must add the following URL's
>> to the Trusted sites:
>> http://update.microsoft.com
>> http://download.windowsupdate.com
>> https://*.update.microsoft.com
>> http://*.update.microsoft.com
>> http://*.microsoft.com
>>
>> 6. Review your installed 3rd party software applications/utilities;
>> Remove clutter, *including* 3rd party software personal firewall
>> application (PFW) - the one which claims:
>> "It can stop/control malicious outbound traffic".
>>
>> 7. Activate the build-in firewall and tack together its advanced
>> configuration settings.
>> Tap into the Vista firewall's advanced configuration features
>> http://articles.techrepublic.com.com...7-6098592.html
>> "...once you discover the secret of accessing its advanced configuration
>> settings via the MMC snap-in, you'll find it to be far more configurable
>> and functional. At last, Windows comes with a sophisticated personal
>> firewall that can be used to set up outbound rules as well as inbound,
>> with
>> the ability to customize rules to fit your precise needs."
>> --Or--
>> Configure Vista Firewall to support outbound packet filtering
>> http://searchwindowssecurity.techtar...247138,00.html
>> --Or--
>> Vista Firewall Control (Free versions available)
>> http://sphinx-soft.com/Vista/
>>
>> 7a.If on high-speed Internet connection use a router.
>>
>> 7b.Implement countermeasures against DNSChanger.
>> http://extremesecurity.blogspot.com/...-hijacked.html
>>
>> 7c.Just in case, Wired Equivalent Privacy (WEP) has been
>> superseded by Wi-Fi Protected Access (WPA).
>>
>> 8. Utilize one (1) each 'real-time' anti-virus and anti-spy
>> application.
>>
>> 9. Employ vital operating system monitoring utilities/applications.
>> Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER,
>> Wireshark, Port Reporter etc.
>>
>> 10.Routinely practice Safe-Hex.
>> http://www.claymania.com/safe-hex.html
>> Hundreds Click on 'Click Here to Get Infected' Ad
>> http://www.eweek.com/article2/0,1895,2132447,00.asp
>>
>> The least preferred defenses are:
>> Myriads of popular anti-whatever applications and staying ignorant.
>>
>> Don't forget cleaning and defragging HDD frequently.
>>
>> Good luck

>>

#9 (**permalink**) 09-12-2008

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:uA86coBFJHA.4936@TK2MSFTNGP03.phx.gbl...
> "James Colbert" <jc2567@bellsouth.net> wrote in message
> news:urEhbw6EJHA.1280@TK2MSFTNGP02.phx.gbl...
>>I just picked up a laptop and am finishing the setup phase. I'll be
>>installing Avast Anti-Virus, as I know it supports 64 bit and works
>>reasonably well. Windows Defender is enabled, as is Windows firewall. Now
>>I'd like to address strong security.

Kerry Wrote:
> The number one most important thing is keep Windows and all your installed
> programs up to date.
>
> Use a version of Vista that supports bitlocker and encrypt your hard
> drive.

I believe that Bitlocker is only included in Business or ultimate. I don't
really have a problem with upgrading, but I'm not sure that the M305D-S4831
supports TPM. The manual doesn't mention it, and MS provides instructions on
how to determine if TPM is present, but their instructions require a version
of Vista that supports Bitlocker. I suppose I could use something like
TrueCrypt, but would that really be necessary if I were to keep my sensitive
data (QuickBooks, etc.) on a USB key, so that if the Laptop is stolen, there
really won't be any Sensitive data on the HD?

Another thought...would using Firefox provide better security than IE? At
any rate, thanks for your input!

James

> Don't play with the default UAC settings. When surfing the Internet use a
> standard user account. When connecting to a public access point make sure
> that the network is identified as Public in the Network and Sharing
> Center. Using the same router you use at home means you will have to
> change this manually when using the router in a hotel. Make sure you are
> always at a SSL (encrypted) site when entering a user name and password.
> Before entering a user name and password click on the lock and view the
> certificate to ensure you are at the correct site.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
>
>

#10 (**permalink**) 09-12-2008

"Paul Montgomery" <i.m.nonnymous@NOSPAMgmail.com> wrote in message
news:4l8jc45n0qkokgv4gqifr4tb1ttp7oab4u@4ax.com...
> On Thu, 11 Sep 2008 16:58:20 -0500, "James Colbert"
> <jc2567@bellsouth.net> wrote:
>
>>Hi Kayman,
>>
>>Thank you for a very comprehensive response! This is more than I could
>>have
>>asked for.
>>I've copied your post to my desktop for easy access to the URLs you have
>>provided. I'll be chewing on this for a while! As for your last suggestion
>>of regular defragging, I've been using Diskeeper for years, but not sure I
>>want to buy another license. Is Vista's defrag utility adequate?
>
> Definitely.
>
> Still, I use Diskeeper. It gives me something else to play with ;-)

Thanks, Paul!

>>Thanks!
>>
>>James
>>
>>"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
>>news:e03g0d%23EJHA.6052@TK2MSFTNGP04.phx.gbl.. .
>>> On Wed, 10 Sep 2008 20:17:29 -0500, James Colbert wrote:
>>>
>>>> I just picked up a laptop and am finishing the setup phase. I'll be
>>>> installing Avast Anti-Virus, as I know it supports 64 bit and works
>>>> reasonably well. Windows Defender is enabled, as is Windows firewall.
>>>> Now
>>>> I'd like to address strong security.
>>>
>>> Good combo!
>>> If you ever look for a good (better IMO) AV alternative:
>>> Avira AntiVir® Personal - FREE Antivirus
>>> http://www.free-av.com/
>>> (The free version won't scan your emails.)
>>>
>>> Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
>>> scanning email is worthless.
>>>
>>> Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
>>> http://thundercloud.net/infoave/tuto...ning/index.htm
>>> Ensure your e-mail program is configured to display e-mail messages in
>>> 'Plain Text' only.
>>> If you wish, you can remove the 'AntiVir Nagscreen'
>>> http://www.elitekiller.com/files/dis...ntivir_nag.htm
>>>
>>> In addition to WinDef you consider:
>>> SuperAntispyware - Free
>>> http://www.superantispyware.com/supe...freevspro.html
>>>
>>>> This laptop will be used for business (and play as well, I suppose,
>>>> especially during hurricane evacs).
>>>
>>> Bad combo! Be very careful combining business with play :-)
>>>
>>>> One concern I have are for those times
>>>> when I must download banking transactions into Quicken and Quickbooks.
>>>> I'd
>>>> like to be sure that my passwords and the sensitive data I'll be
>>>> downloading
>>>> is not accessible to anyone else. These downloads might take place via
>>>> a
>>>> hotel network or via a Sprint (or similar) broadband device.
>>>
>>> Ensure that passwords are never stored on your operating system. Use an
>>> external media such as cd dvd or thumb drive.
>>>
>>>> Although my office is behind a hardware firewall, I really have no
>>>> experience when it comes to 'on the road security'. Is it feasible to
>>>> bring
>>>> a router with a firewall to place between my laptop and the hotel
>>>> network,
>>>> or should it all be handled by software (as I assume the case will be
>>>> for
>>>> the Sprint broadband).
>>>
>>> There is nothing wrong taking your router and/or hardware firewall on
>>> the
>>> road as well.
>>>
>>>> I know that I am asking for more information than is probably
>>>> practically
>>>> posted here, but any information (including links) is greatly
>>>> appreciated.
>>>
>>> For Vista the most dependable defenses are:
>>> 1. Do not work in elevated level; Day-to-day work should be performed
>>> while the User Account Control (UAC) is enabled.
>>> User Account Control Step-by-Step Guide.
>>> http://technet.microsoft.com/en-us/l.../cc709691.aspx
>>>
>>> Understanding and Configuring User Account Control in Windows Vista.
>>> http://technet.microsoft.com/en-us/l.../cc709628.aspx
>>>
>>> 2. Familiarize yourself with "Services Hardening in Windows Vista".
>>> Services Hardening in Windows Vista
>>>
>>> http://www.microsoft.com/technet/tec...SecurityWatch/
>>> Educational reading:
>>> 10 Immutable Laws of Security
>>> http://technet.microsoft.com/en-us/l.../cc722487.aspx
>>>
>>> 3. Don't expose services to public networks.
>>> Windows Vista Service Configurations Introduction
>>> http://www.blackviper.com/WinVista/servicecfg.htm
>>>
>>> 4. Keep your operating (OS) system (and all software on it)
>>> updated/patched. (Got SP1 yet?).
>>> Windows update.
>>> http://www.update.microsoft.com/wind....aspx?ln=en-us
>>> Secunia Personal Software Inspector
>>> http://secunia.com/software_inspector
>>> https://psi.secunia.com/
>>> --And--
>>> M/S Security Baseline Analyzer 2.0
>>> http://www.microsoft.com/downloads/d...displaylang=en
>>> can assist also.
>>>
>>> Why Service Packs are Better Than Patches.
>>> http://www.microsoft.com/technet/arc....mspx?mfr=true
>>>
>>> 5. Secure (Harden) Internet Explorer.
>>> IE7 safe/secure settings
>>> Internet Explorer7 Desktop Security Guide
>>> http://www.microsoft.com/downloads/d...displaylang=en
>>>
>>> Internet Explorer Enhanced Security Configuration changes the browsing
>>> experience
>>> http://support.microsoft.com/default...b;en-us;815141
>>>
>>> The Internet Explorer 7 Security Status Bar
>>>
>>> http://www.microsoft.com/windows/pro.../security.mspx
>>>
>>> Extended Validation SSL Certificates
>>> http://www.microsoft.com/windows/pro...v/default.mspx
>>>
>>> Note: *Tight security settings will break down some websites. You need
>>> to
>>> add these websites into the Trusted Zone for smooth access.*
>>>
>>> You could consider disabling all Security Settings in IE and use IE only
>>> for the 'Patch Tuesday' updates; To do so you must add the following
>>> URL's
>>> to the Trusted sites:
>>> http://update.microsoft.com
>>> http://download.windowsupdate.com
>>> https://*.update.microsoft.com
>>> http://*.update.microsoft.com
>>> http://*.microsoft.com
>>>
>>> 6. Review your installed 3rd party software applications/utilities;
>>> Remove clutter, *including* 3rd party software personal firewall
>>> application (PFW) - the one which claims:
>>> "It can stop/control malicious outbound traffic".
>>>
>>> 7. Activate the build-in firewall and tack together its advanced
>>> configuration settings.
>>> Tap into the Vista firewall's advanced configuration features
>>> http://articles.techrepublic.com.com...7-6098592.html
>>> "...once you discover the secret of accessing its advanced configuration
>>> settings via the MMC snap-in, you'll find it to be far more configurable
>>> and functional. At last, Windows comes with a sophisticated personal
>>> firewall that can be used to set up outbound rules as well as inbound,
>>> with
>>> the ability to customize rules to fit your precise needs."
>>> --Or--
>>> Configure Vista Firewall to support outbound packet filtering
>>> http://searchwindowssecurity.techtar...247138,00.html
>>> --Or--
>>> Vista Firewall Control (Free versions available)
>>> http://sphinx-soft.com/Vista/
>>>
>>> 7a.If on high-speed Internet connection use a router.
>>>
>>> 7b.Implement countermeasures against DNSChanger.
>>> http://extremesecurity.blogspot.com/...-hijacked.html
>>>
>>> 7c.Just in case, Wired Equivalent Privacy (WEP) has been
>>> superseded by Wi-Fi Protected Access (WPA).
>>>
>>> 8. Utilize one (1) each 'real-time' anti-virus and anti-spy
>>> application.
>>>
>>> 9. Employ vital operating system monitoring utilities/applications.
>>> Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER,
>>> Wireshark, Port Reporter etc.
>>>
>>> 10.Routinely practice Safe-Hex.
>>> http://www.claymania.com/safe-hex.html
>>> Hundreds Click on 'Click Here to Get Infected' Ad
>>> http://www.eweek.com/article2/0,1895,2132447,00.asp
>>>
>>> The least preferred defenses are:
>>> Myriads of popular anti-whatever applications and staying ignorant.
>>>
>>> Don't forget cleaning and defragging HDD frequently.
>>>
>>> Good luck

>>>
>

Security for 64 bit Vista Laptop

microsoft.public.windows.vista.security