How To Protect your Windows Workstation

ZoneEdit is a DNS and mail/web forwarding provider. Even though we're not an ISP, we still get lots of questions about how to combat viruses from our customers. If you've already been infected, you probably should get a good virus scanner - but these lockdown techniques will help prevent viruses from getting transmitted in the first place.

1. It's not just Windows

All O/S's are vulnerable - but because Microsoft is so popular, they are even more exposed. However, Microsoft Windows comes with some bad default settings which can be very insecure, exposing you and your business to a variety of viruses, trojans, worms and other damaging programs.

2. It's Easy to Keep Up to Date

Your first defense should be to go to Microsoft's site to obtain the latest fixes to your system. Fortunately Microsoft makes this very easy. Simply go to windowsupdate.microsoft.com and click Product Updates.

3. Get a real firewall

We prefer hardware solutions, like the Linksys Cable/DSL Firewall. This is a $50 investment that will protect your machine. It allowed us to safely surf the web for many years. With a hardware solution, you get the best defense against hackers, worms and viruses like Klez or Opaserv, and it won't slow down your machine.

Or, if you want a simpler, software-only solution, try ZoneAlarm Pro. It's much easier to install and administrate than hardware, and it seems to block stuff nearly as well.

4. How To Lock Down Your System

This technique will vastly improve the safety of your internet environment on your Windows machine, protecting you against many viruses, even new ones! Viruses can look like they come from anyone, to anyone - there is often no way to detect them and "scanners" can't usually help you with them. No matter how much money you pay - scanning software and firewalls usually will not protect you against new/unknown viruses. As a side benefit, this technique will also stop those crazy popups and popunders coming from untrusted sites.

This also will help prevent viruses being delivered via Outlook Express, since Outlook uses Internet Explorer to display email. Just make sure that you never, ever run any programs that come as attachments - even if they look like they are coming from a friend or trusted associate.

Here's how you fix IE's security settings:

  • Open Internet Explorer
  • Go to Menu "Tools/Internet Options"
  • Under the "Security" tab
      Choose "Internet"
      Change the Security Level to "High"
      Click "Apply"
      Choose "Local Intranet"
      Change the Security Level to "Medium"
      Click "OK"

This is what the "Local Intranet" settings should look like:

Some sites will not work with "High Security". For these websites, you must add them to the "Intranet" section. Any time you get a "javascript" error on a trusted site, or if you click on a button or link on a website, and it doesn't work, you must follow this procedure: If a site doesn't work, but you aren't sure you trust them enough, then simply don't use the site. Any web site can be made to work in high-security mode, possibly with reduced performance. If you email them and ask them to make their site compatible with non-javascript browsers, it may prompt them to improve their security.

  • Open Internet Explorer
  • Go to Menu "Tools/Internet Options"
  • Under the "Security" tab
      Choose "Local Intranet"
      Click "Sites"
      Click "Advanced"
      Enter the domain name only - don't put the www.
      Click "Add" and then "OK".
      Click "OK" again.
This is what the "Advances/Add Site to Zone" screen looks like:

Remember, don't add websites to the list unless you trust them. Here are some domain we have added as trusted sites, because they won't work in high-security mode.

microsoft.com
passport.com
yahoo.com
hotmail.com
americanexpress.com
buy.com
dell.com
dnb.com
fedex.com
amazon.com