The 13 Step Guide to Secure Your PC After a Fresh Windows Installation [Updated]
Set up your security layers before installing anything else. You’ll be glad you did
We know that installing or reinstalling your Windows operating system takes time and proves to be a laborious job, which none of us likes to follow. But, as we all know, once in a while we have to find the old Windows installation CD/DVD and reinstall the entire operating system.
Since it is a job we don’t do every day, we have to make sure that when we install/reinstall the Windows operating system, we also take additional measures to improve our online security.
We may choose to install Windows on a new machine or we may have to reinstall our operating system due to technical issues or security reasons caused by malware. Whatever the case may be, we always have to ensure that we follow additional steps in order to increase our online security.
As soon as you finish the Windows installation, we encourage you to follow the security measures below to increase your security:
1. Keep your Windows operating system up to date
The first important step is to check if you have the latest security updates and patches available for your Windows operating system.
To get the security updates automatically, go to Control Panel and check if your automatic updating is turned on or follow the steps below:
- Access the search box in your Windows operating system, type update and then Windows Update.
- Select Change settings.
- Click Install updates automatically (recommended), in case it is not already selected.
After the initial installation of available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your computer against new viruses and security threats.
It is a very important step to install the latest security and stability fixes for your operating system, since cybercriminals always try to benefit from these security holes.
2. Keep your software up to date
It is important to have not only your Windows operating system up to date, but the software you are using, therefore make sure you have the latest updates and security patches for your main programs and applications.
Since it is a well-known fact that malicious hackers try to exploit popular software, such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat
Reader, Quicktime or popular web browsers like Chrome, Mozilla Firefox or Internet Explorer, always make sure you have the latest available patches.
Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed. Simply install a dedicated solution to perform these actions for you. And most of all: follow the experts’ advice!
3. Create a Clean Installation restore point
After you have installed your security updates for your Windows operating system, make sure you have created a Restore Point for your installation.
You can create the Restore Point as soon as your Windows installation is ready and name it Clean installation and then you can continue installing drivers and applications.
In case one of the drivers causes issues on the system, you can always go back to the Clean installation restore point.
For more information on how to create a restore point in Windows, check this how-to article.
4. Install a traditional antivirus for reactive protection
Use a known antivirus product from a big security company. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update and a firewall.
To find the best solution, check the antivirus test results run by big company names in the security industry, such as AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin and select the best antivirus solution for your system.
In case you choose to install a security product that doesn’t include a firewall, make sure you have turned on the Windows firewall. To turn it on, go into Control Panel, select Firewall, select Turn Windows Firewall on or off, then select Turn on Windows Firewall for all options.
5. Install a security solution against spyware
First of all, what exactly is spyware?
Spyware refers to that category of software which installs on your computer sending pop-ups, redirecting your browser to malicious websites or in some cases, it may even monitor your browsing history.
Usually, these are the signs a computer is infected with spyware:
- computer is slow when opening programs or running some applications
- pop-up windows appear all the time
- a new toolbar may appear in your web browser
- the Home page of your web browser has been modified
- the search engine in your web browser has been changed
- error messages start to appear unexpectedly
Can I prevent spyware from installing on the computer?
To avoid having spyware on your system, follow these good security practices:
- don’t click any suspicious links or pop-up windows
- don’t answer to unexpected answers or simply choose No
- be careful when downloading free applications
How can I remove spyware from my system?
There are a number of popular anti-spyware products you can use to protect your system from malware. A few security solutions capable of removing spyware from your system are Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Aware and others.
For more information on spyware and how to remove it, here are some helpful communities where you can find the answers to your problems.
6. Install a proactive security solution for multiple defense layers
We need to say that a traditional antivirus solution cannot fully protect you against the latest malware out there. Financial malware epecially is created to steal private data and confidential information and it uses sophisticated methods to do so.
Even though you are protected against traditional viruses and spyware, you still need a specially designed software to protect you against financial theft and data stealing software.
To improve the financial control of your online banking account, you can always set banking alerts to track your account activity and apply other simple and effective financial protection tips.
7. Back up your system
You updated the operating system and your system applications, you have installed additional security products for your system safety and even created a Clean installation restore point for your Windows.
The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.
To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.
We need to emphasize the importance of having a back-up solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.
Our guide on how to do a data backup includes more information on most popular backup solutions available and what the best ways to keep your data safe are.
At the same time, you could simply use your Windows Backup system.
To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.
8. Use a standard user account to access your Windows operating system
Windows grants a certain level of rights and privileges depending on what kind of user account you have. You may have a standard user account or an administrator user account.
It is recommended to use standard accounts for your computer to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.
In case you want to install an application or make security changes, Windows will ask you to provide the credentials for an administrator account.
We also recommend that you set a strong password for your Windows user account.
If you don’t want (or don’t have time) to use a password manager or to set a strong password, at least make sure you follow a few simple rules:
- the password should contain around 20 characters
- combine upper and lowercase letters, numbers and symbols
- don’t use the same password for other accounts
- change your password every 30 days
9. Keep your User Account Control turned ON
Many users have the tendency to turn off User Account Control after installing/reinstalling the Windows operating system.
We don’t recommend this. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.
UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.
In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes on the system.
10. Secure your web browser before going online
Since our web browser is the main tool used to access the Internet, it is important to secure it before going online.
The vulnerabilities in your web browser are like open door invitations to attackers. Using these vulnerabilities, the attackers will try to remove private information or destroy important data.
To stay safe while accessing various web pages, make sure you respect the following:
- Choose the latest version for your browser.
- Make a series of security changes in your web browser settings. For an extended explanation on how to configure your web browser, we recommend the following article.
- Choose a private browsing session when you access a website you are not sure about. Choosing this browsing mode will prevent authentication credentials (or cookies) from being stored.
- Since data stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups:
And there’s even more you can do with this free safe browsing guide.
11. Use BitLocker to encrypt your hard drive
Even if you set a password to your Windows account, intruders can still get access to your private files and documents. They can simply do this by booting into their own operating system – Linux, for example – from a special disc or USB flash drive.
A solution for this is to encrypt your hard drive and protect all your files. It is wise to use this degree of security if you use a laptop, which can be very easily stolen.
BitLocker is available on the latest Windows operating systems and you may turn it on at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password.
To activate BitLocker on your system, follow these steps:
- Click Start.
- Go to Control Panel.
- Access System and Security and click BitLocker Drive Encryption.
- Turn on BitLocker.
For additional information on BitLocker, check this article.
If you’d rather use another solution to encrypt your data and keep it away from prying eyes, there are plenty of options to choose from.
12. Lock it up!
A final touch for the security of your system is to add a Kensington lock.
And why wouldn’t you? It’s so easy these days to have your mobile devices stolen, especially a laptop or a notebook, that adding a physical security measure doesn’t seem to be a bad idea.
Though Kensington locks are usually used in large places, like libraries, private companies and public offices, this doesn’t mean you can’t use one in your own home.
For more information on a Kensington lock, access this location.
13. Be careful online and don’t click suspicious links
To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you should resist the urge of clicking the link.
Most of us use shortening services for their links, such as goo.gl or tinyurl. But in some cases an unknown link may send you to a malicious site that can install malware on the system.
So, how can you know where you’ll arrive if you click it?
To make sure you are going to the right direction, use a free tool such as Redirect Detective. This tool will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.
It’s not just about staying safe.
The steps above are meant to keep you safe online. But, at the same time, following them means that you also set up your system to work smoothly for online browsing and financial operations, activities we do every day.
Since there are many other solutions to protect a system after a Windows installation, we would also like to know your opinion.
How do you increase your security after a Windows installation?
Do you have an established routine? We’d love to add your tips to the list, so share them in the comments below.
This post was originally published by Aurelian Neagu in August 2014. It was updated by Andra Zaharia in April 2016.