Securing Your Holiday Tech Gifts, Part 1: Windows PC Guide

[UPDATE #1:  (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device.  Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide.  AG]

December is upon us, and whether you have a Christmas tree, menorah, kinara, an unadorned aluminum pole, or simply good cheer for the holiday season and the coming New Year, you may be looking forward to receiving a high tech holiday gift. If that is the case, then you are in luck, for we have prepared a series of very special blog posts containing some expert advice and tips on how to secure your new devices.  In the first of this series, we will be looking at securing a new Windows PC.  We will be following up with blog posts on Android devices, such as smartphones and tablets, and Mac OS X as well.

Out of the box and through the woods…

The first thing you will want to do after unwrapping your holiday computer is plug it in. While that is probably not too surprising, since it is an electronic device and requires some source of electricity, it is still not quite ready for use, because plugging in a computer these days typically means providing both power and a network connection. A new computer out of the box, though, is an insecure computer, so we are going to go over the steps to make it a secure one.

Xmas Hack courtesy David HarleyPro Tip #1:  Save the packaging for your computer in case you need to exchange if it is defective or to return it for repairs.

The secrets of good password selection

Once your computer starts up, you will probably be prompted to accept some license agreements, enter your name, choose a password, and perhaps even connect to a network before seeing the main screen for the first time.

As always when setting up a new account anywhere, you should choose a strong password, that is, one which is resistant to being guessed.  Choosing a good password is a topic that comes up frequently in the ESET Threat Blog, and here are some of our most popular articles on the subject:

Additional articles on password strategies and other security topics are available in ESET's Resource Center.

LANding on the right network

If you are setting up your new computer at home, you may have the choice of connecting to both wired and wireless networks. Go for the wired connection. Aside from being faster, wired network connections are more difficult to “sniff” from afar (or monitor or eavesdrop on) than wireless ones.

And, of course, if you are connecting to a wireless network, make sure it is yours and not someone else’s.  Using a wireless network that does not belong to you is never a good security practice. Aside from facing possible legal issues, that connection may be monitored by criminals – or might even have been set up by them – in order to commit identity theft or fraud.

While your new computer may now be connected to the Internet, it still is not quite ready to surf it just yet.  There are still a few more steps to take:

Recovery Media:  It’s Your Secret Insurance Policy

Chances are the new computer you purchased did not come with recovery media to restore the system in the event of a catastrophic problem, such as a failed software update, file system corruption or hard drive crash.  While providing system recovery CDs (or DVDs) was relatively common during the Windows XP era, over the past few years computer manufacturers have largely switched to providing a dedicated recovery partition on a computer’s drive to enable you to restore the system to its original state. Of course, that does not help you if the drive itself fails. 

Hard disk drives are mechanical devices, and the failure rate for any mechanical device is 100%…eventually.  Even solid-state drives, which do not have any moving parts, are subject to eventual failure. For this reason, most computer manufacturers also include the option to create recovery media, using recordable DVDs or a USB flash drive, something that can be booted from to reload the operating system, even to a blank drive.

You will usually be prompted to create recovery media shortly after the computer starts up the first time. We strongly recommend taking the time to do that, rather than dismissing or ignoring the message. Typically, recovery media sets use two or three recordable DVDs or require an 8GB USB flash drive. However, it is possible that the process will require less or more recordable DVDs and a higher capacity USB flash drive, depending upon the operating system and bundled software originally installed on the computer.

If your computer runs Windows 7, it is more likely to have a utility from the computer manufacturer to make the recovery media using recordable DVDs or a USB flash drive. If your computer runs Windows 8, it is more likely to include a utility from Microsoft for making the recovery media, and the utility will probably want to create it on a USB flash drive.

To compare and contrast the various means of creating recovery media, here are two knowledgebase articles from Lenovo and Hewlett-Packard, the first and second largest sellers of PCs in the world:

If you are not sure how to create (or use) the recovery media for your new computer, contact the manufacturer’s technical support department (or possibly the supplier’s) and ask for instructions as soon as practical. It is far better to generate the recovery media and never have to use it, than to find out you need it and it is no longer available. Also, many manufacturers charge an additional fee for providing recovery media once the computer is out of its warranty period.

Pro Tip #2: After creating your recovery media, test it by having it erase the computer’s internal drive and restore it using the media. While this may take an hour or two, if the recovery media fails or does not work, the time to find out is before you need to rely on the media, then you can contact the suppplier in order to exchange the computer for a properly working system.

Of course, recovery media cannot restore any applications installed after the initial setup, nor will it back up your data. For more information on some of the different ways you can back up, see the following ESET White Paper

The computer manufacturer may also offer a cloud-based backup solution, but keep in mind that storing large amounts of data online may be an expensive proposition.

Your Computer’s First Date

Although your computer may be shiny and new, it is quite possible that it was sitting in the store for a while before you received it, and in a warehouse before that. That means there may already be updates to the operating system and pre-installed software. Also, it is not uncommon for the operating system, device drivers, applications and other software ready-installed on a computer – what manufacturers call the software preload – to be updated soon after their initial release. 

Sometimes these updates are to fix errors (a.k.a. bugs) in the software, but they may also be to add new features, improve the performance or reliability of the computer, or to fix a vulnerability to prevent it from being exploited. 

Before you begin surfing the Internet on your computer, you should first update its software. Generally speaking, this falls into two categories:

  1. Updating Microsoft Windows.
  2. Updating all of the other software provided by the computer manufacturer.

Updating Microsoft Windows is easy: Press the Windows and the R keys ("Winkey+R") together to bring up the Run dialog, type in "WUAPP.EXE" and press the Enter key. The Windows Update program will appear and from there you can check for updates. Depending upon when the software preload was created for your computer, you may have tens, or even hundreds, of megabytes to download. You may also need to restart the computer several times and re-run Windows Update until no further updates are offered. 

For updating all of the other software installed, look for a program named “{Manufacturer} Software Update” where {Manufacturer} is the name of the computer’s manufacturer, such as Dell, Hewlett-Packard, Lenovo and so forth. If the computer was self-assembled or assembled by a computer store, it might be the name of the motherboard manufacturer, such as Asus, Gigabyte, MSI and so forth.

The amount and large size of this first series of updates is a reason we recommend using a wired network connection when setting up a new computer. Even if it is a notebook, slate or tablet that will be used primarily with a wireless connection, you will want to perform all of the major updates on the fastest connection available in order to get them out of the way.

Are We There Yet?

You’ve unpacked your computer, created—and maybe even tested—its recovery media and performed several rounds of updates. By this time you are no doubt quite ready to begin using your new computer on the Internet. So, there is only one thing left to do, and that is to secure it. 

It is possible your computer already has some anti-malware software preinstalled, however, it is likely to be a trial version with a short active lifetime (and possibly with limited functionality). If your new computer is running Windows 8 you will be pleased to know that Windows 8’s security features are quite good out of the box, but by no means do they provide absolute security.

If you are looking for a lightweight security package which provides full protection, you might want to consider ESET Smart Security. There’s even a Family Pack available if you have multiple computers and other devices at home. And, as always, ESET version updates are free as long as your license is valid, which is a nice holiday gift that keeps on giving!

Regardless of which anti-malware software you choose to secure your system, such programs update themselves automatically, and Windows itself will notify you via the Action Center if the signatures for your chosen software are out-of-date. Be sure to keep up-to-date for maximum protection and stress-free enjoyment of your new PC.

We hope you enjoyed our first post in this series on securing your holiday PC.  Be sure to visit us again soon for forthcoming posts on Android and OS X.

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher


Have you purchased a new PC, netbook, notebook, slate or tablet running Microsoft Windows?  If so, which did you choose and what steps are you taking to make it ready for use?  Be sure to let us know, below!

Author Aryeh Goretsky, ESET

  • Allan Greve

    Why is it that you put a security package at the end of this list? Wouldn't it be better to install this as soon as you have a network connection?

    • Aryeh Goretsky

      Hello,

      Most computers that are purchased these days come with some sort of security software on it.  Although it may just be a trial version, it is going to provide some basic level of threat protection.  And if the customer isn’t happy with it, they can always replace it some time during, or at the end of, the trial period.

      My assumption—and this may be incorrect—is that most people purchasing a computer these days are not new  to having a computer at home, but rather purchasing it as an additional computer, perhaps even to replace an existing one.  In the U.S., most homes already have more than one computer, these days, and this means that the home owner is likely to have a broadband Internet connection connected to a residential gateway broadband router—or that functionality may even be integrated into their modem.  The router provides NAT, SPI and some basic hardware firewall functionality that should break the direct connection the PC has to the Internet and vice-versa.  With the direct connection to the Internet, a computer might be targeted within minutes of being connected, but with a router in place, the direct connection no longer exists it is safe to use the network connection to perform security updates for the operating system and software.  Once the computer is secured, the user can then begin browsing the Internet.

      Regards,

      Aryeh Goretsky

       

       

       

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

5 articles related to:
Hot Topic
13 Dec 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.