Secure Your Vista PC in 10 Easy Steps

While Windows Vista may be Microsoft's most secure operating system ever, it's far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall, or for some nefarious bot to tweak your browser settings without your knowing. But by making a few judicious changes using the security tools within Windows Vista--and in some cases by adding a few pieces of free software--you can lock down your operating system like a pro.

Use Windows Security Center as a Starting Point

For a quick overview of your security settings, the Windows Security Center is where you'll find the status of your system firewall, auto update, malware protection, and other security settings. Click Start, Control Panel, Security Center, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected. For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out-of-date, the Malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so you'll want to install your own. For free antivirus, I recommend AVG Anti-Virus 8.

Use Windows Defender as a Diagnostic Tool

The Malware section also covers antispyware protection, and for that Windows Vista includes Windows Defender. The antispyware protection in your antivirus program usually trumps the protection Microsoft provides, but there are several good reasons to keep Windows Defender enabled. One is that every antispyware program uses a different definition of what is and what is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools, and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs, and Winsock Service Providers, but Startup Programs is perhaps the most useful. Click on any name in the left window, and full details will appear in the right pane. By highlighting, you can remove, disable, or enable any of the programs listed.

Disable the Start Up menu

Windows Vista keeps track of all the documents and programs you launch in the Start Up menu. This can be convenient for some users, but it can also compromise your privacy if you share a computer within an office or household. Fortunately Windows Vista provides an easy way to tweak this setting. To protect your privacy, follow these steps:

Get Two-Way Firewall Protection

No desktop should be without a personal firewall, but even if the Security Center says you're protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious--and that's good. But outbound protection is not enabled by default. That's a dangerous situation if some new malicious software finds its way onto your PC. Microsoft did include the tools for Windows Vista to have a true two-way firewall, but finding the setting is a little complicated. (Hint: Don't go looking the Windows Firewall settings dialog box.)

To get two-way protection in Windows Vista, click on the Start button; in the search space, type and press Enter. Click on the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules. Click on Windows Firewalls Properties. You should now see a dialog box with several tabs. For each profile--Domain, Private, and Public--change the setting to Block, and then click OK.

Even if you do this tweak, I recommend adding a more robust third-party firewall. I suggest either Comodo Firewall Pro or ZoneAlarm, both of which are free and fare very well in independent firewall testing.

Lock Out Unwanted Guests

If you share your computer with others (and even if you don't), Windows Vista includes a neat way to keep unwanted guests from guessing your system administrator password. When you set up users and declare one user as administrator (with full privileges), Windows Vista allows outsiders unlimited guesses at the password you chose. Here's how to limit the guesses.

Now Audit Your Attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following: