i would like advice on how to secure Windows 8

Discussion in 'other security issues & news' started by windows8securityqs, Jun 10, 2013.

Thread Status:
Not open for further replies.
  1. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    Hello, I have just got a new Pc with windows 8 and would like some advice as to how to secure it properly and also some advice as to how to keep my privacy while using it.

    It has Norton anti virus and firewall installed and I downloaded ccleaner to tidy up junk. Windows defender came with the pc also.

    Other than the programs above It hasn't any other security software that Im aware of.

    Some Qs
    What programs should I be using on it

    Is there a Vpn recommended for windows 8

    How do I secure the administrator account

    Thanks for any help offered
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Sandboxie!

    The first and most important Security Item is to make routine Images and store these Images in a "safe" place. Then if you get infected with Malware, you just Restore your most recent 'known' clean Image.
     
  3. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    I have a baseline list of suggestions here: http://www.mechbgon.com/security Some of the highlights include setting User Account Control to its strongest setting, using Microsoft's EMET anti-exploit software, uninstalling software you don't actually need, and keeping the rest updated.

    It would also be good to verify your SecureBoot is enabled. Win8 computers should have that switched on from the factory, but it never hurts to check. It's a strong countermeasure against certain advanced stealth malware called a "bootkit."
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    Thanks for replies lads.

    Im not techie at all. Ill have a read through mechbgon's adice and the white paper and see can I understand it

    in the meantime can you help with the qs below.


    How do I set up sandboxie

    is encryption necessary

    should I use a vpn

    should I use an anti keylogger
     
  6. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    @mechBgon

    I read through your recommendations and they are very helpful. Thank you.

    I have some qs regarding them. I would have sent you a Pm but as Im new I cant post Pms.

    Q1 You recommend changing from an admin account to a standard account.
    I have tried this but Im not sure if I have done it correctly.
    When I first got my Pc I signed in using a Local Administrator account.
    I used my Pc for a few days with that account.
    I then went to Pc settings and looked to change my account and microsoft recommended changing from my Local account to signing in with my microsoft account.

    I done that but when i went to user account settings in control panel Im still listed as having an administrator account.

    It just doesnt say a local account.

    Instead it says
    My name
    my email address
    Administrator
    password protected

    can you give me step by step instuctions as to how to change my account from an administrator account.

    I will post back here with other qs regarding Microsoft Update Engine,EMET,Backing up to Hard Drives and Chrome browser later as i dont want each qs getting lost



    Thanks
     
  7. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I hope you don't mind if I give you the steps instead.

    move your cursor to the bottom right of your screen
    then a side bar should appear
    click the gear (settings)
    a bigger sidebar appears
    click control panel
    Click user accounts and family safety (top right of window)
    click user accounts (top of window)
    click manage another account (2nd from bottom)
    click add a new user in PC settings (2nd from bottom)
    click add a user at very bottom
    click sign in without a Microsoft account (very bottom)
    click local account (bottom middle button)
    type in new user info (easiest to use a different name than your existing account)
    click next
    click finish unless its a child's account and you want reports then check the box and then click next
    Now save any work you have open
    move your cursor to the bottom right of your screen
    then a side bar should appear
    click the gear (settings)
    click change PC settings
    click switch to local account
    enter your password in the box
    follow directions

    While your doing some of these steps you will not be able to see this screen. Either print this page or you can always move curser to the top left of the screen and left click. Sometimes you will have to click several times to cycle through until you get back here. I hope this helps and that I didn't forget anything. There is another way but doing this will help get you comfortable to the other areas as well. If anything is wrong just post back. Ill be up a while.

    Hope it helps,

    Chris
     
  8. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    To change from an Administrator account to a Standard User account, go into Control Panel > User Accounts, and there should be a link for "Change account type." However, there needs to be at least one Administrator-level user or else you couldn't do Admin stuff. So if you only have one user account, Windows won't let that one be anything but an Admin. As an easy workaround, just create a second user account, make it the Admin account, and demote your existing account to Standard User.

    The "Microsoft account" versus "local account" amounts to a choice between an account with cloud features, or the classic Windows account. For example, if you'd like all your icons, bookmarks and other personal settings to be the same on several Win8 devices, the "Microsoft account" will keep them all in sync (just for starters). But it would be a double-edged sword... I don't really want my home PC setup replicated on my work computer, for example. So I prefer the classic "local account" mode.

    But regardless of whether the account is a Microsoft account or a local account, it can be either an Admin or Standard User at your option.
     
  9. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    @mechBgon sorry for answering for you just thought if you couldn't get back to them I would and if nothing else you would reply when u could...

    Thanks,

    Chris
     
  10. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    Thats a great help lads. i looked around on google and couldnt find anything.

    Im after setting up a new account and making that the admin account.

    the only problem is i set up the new account as a microsoft account as well.

    how do i switch the admin(new user account) to a local account.

    i think its beter to have the admin account as a local but unfortunately i set it up as a microsoft account on start up.

    i dont want to have to go to the trouble of setting up another user account and redoing all the steps again
     
  11. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    How do I set up sandboxie - hopefully someone else can answer that one as I don't use it. If no one else does I will look into it and post it later.

    is encryption necessary - are you talking encrypting your whole hard drive? or just some files? In either case if you have files that you don't want anyone to see and are of utmost secrecy then you can just encrypt your files with a known good encryption more than likely. Unless you are hiding lots of things and leaving many traces in different areas on your PC whole drive encryption would probably be better. It really depends on what type of things you are hiding. IMO

    should I use a vpn - Are you a whistle blower? Do you care if your ISP sees where you surf? Do have sensitive material that you don't want anyone down the line intercepting? Are you sending emails that are of utmost secrecy? Are you downloading files that it is illegal to download? If any of those answers are yes then its probably not a bad idea. If you answered no then you probably don't need one. There are other reasons to use a VPN and I am not going to try to cover them all here if you have a different concern from what I mentioned above ask and I'll try to give you a better answer.

    should I use an anti keylogger - Security in layers is always a good approach. If you do online banking and you are really paranoid you can max out all security you can. On the other hand I tend to think a good anti virus and anti malware would be fairly safe for the average person. Again if you are typing government secrets or something like that and people have a reason to target you may need to go a little further with your security. Not saying an antivirus and anti malware will stop everything because obviously it will not. will it help with most things? Probably. I currently run Kaspersky Internet Security, Webroot secureanywhere Internet Security and Malwarebytes Antimalware and am behind a hardware firewall. Again this wont stop everything and to be honest nothing will keep you safe on the internet.. Besides unplugging your connection. All you can do is try to do is weigh out how secure do you think you need to be and how much money can you afford to spend. Even then you may be 90 percent safe it just depends on how bad someone wants to infect you or where you surf and what you open.


    These answers are not the only answers and they are just basic answers. Others will have different answers maybe. I'm just trying to give you some idea on them. My hope would be someone else will add their 2 cents and you can make a more informed decision basing it off of more opinions.

    Hope this helps,

    Chris
     
  12. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    OK so you want the account you just created to be admin account or not to be admin account? Sorry if I misunderstood you.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    To set up Sandboxie, just run the installer, installation takes about 15 seconds. After installation, Sandboxie places an icon in your desktop (SandboxedWebBrowser). This icon opens up your default browser. In my opinion, new users should use SBIE mostly on default settings when they first start using the program.. The only changes that I would make right away are, 1) Set the sandbox to delete on closing. That way all activity while running sandboxed is deleted when you close the browser/Sandbox, 2) To save files out of the sandbox, you need to set the sandbox to be able to do that and 3) For bookmarks to remain out of the sandbox, you also need to set it that way.

    To change those settings, go to:

    Sandboxie Control>Sandbox>DefaultBox>Sandbox Settings>Delete
    Sandboxie Control>Sandbox>DefaultBox>Sandbox Settings>Recovery
    Sandboxie Control>Sandbox>DefaultBox>Sandbox Settings>Applications>Web browser

    Sandboxie is a very easy program to use but I suggest you go slow, don't try to learn everything in a day or a week. You should read (as you go):
    http://www.sandboxie.com/index.php?GettingStarted

    When I first started using SBIE a little over four years ago, I started as I am suggesting you do. Eventually, I made more changes to settings and started sandboxing other programs. Now, I sandbox most programs that I run in my computers and all files that I download from the internet. As an example, if I download a video, that video will run in a sandbox for as long as it remains in my computer. Another example, if a friend or anyone sends me an attachment, as with the video, I ll run that file in a sandbox until it gets deleted.

    Bo
     
  14. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
  15. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    Thanks again for taking the time to answer . Im not the best at typing so I appreciate the effort to write back.

    @chris I wanted to make the new user account the admin account but a local admin account. not a microsoft email admin account.

    i did so by signing out of the pc and signing back in as the new user. there is then an option to change the account to a local account. so that problem is solved.

    as regards vpn and encryption.
    i wont be doing anything that requires me to be anonymous but i like the idea of being private. i dont like mrketing companies and what not being able to target you by profiling your surfing habits but its no big deal.

    i would like encryption as im using a laptop and in case it ever gets stolen i wouldlike any files to be safe. for example password lists, banking info, spreadsheets etc. my concern with encryption is that because im not techie i would end up locking my self out of my laptop or i would end up making the machine unusable. i think i said in original post that i have a pc but its a laptop:) . that shows how techie i am.

    @bo elam sandboxie sounds interesting and ill try it and get back to you if ive any problems. is there any risk that i could mess up the browser or laptop if i set up the wrong settings.

    thanks lads
     
  16. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Its no problem glad to try and help.

    Great good job!

    Here is a free VPN that gets decent review by PC Magazine http://www.vpnbook.com/freevpn you may need help getting it going. I'm sure someone else knows some VPN's as well. There are plenty of them.

    .
    What about getting a flash drive and using something like http://www.truecrypt.org/ which is free to encrypt it?
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    The chances are about zero. Most of the time when people have a problem using Sandboxie is because of a conflict with another application. In your case, since all you ll be running sandboxed is your default browser, I don't think there's much of a chance of something going wrong.

    You should know that right this moment the way Sandboxie works and does it thing is drastically being changed. Most of the changes are under the hood and are being implemented in order to make Sandboxie and Windows 8 work better together. So, if you decide to try Sandboxie, I recommend you install the latest beta instead of the latest stable version since your Windows 8 browser will run better using the beta.

    Bo
     
  18. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    ill keep that in mind about the beta sandboxie. where do i download it from?

    ive heard of truecrypt but when it comes to encryption id need step by step instructions.

    ill look through the website and see can i nderstand how to use it

    thanks again lads
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
  20. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Just to let you know...TrueCrypt does not officially support Windows 8 right now (it's in the plan though). Windows 8 on new PCs (like yours) involves GPT and UEFI. If you are going for full disk encryption on your new PC, I wouldn't recommend using TrueCrypt on it. Look up BitLocker instead if you have Win8 Pro.
     
  21. windows8securityqs

    windows8securityqs Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    10
    Location:
    Ireland
    Heres my second and third qs for mechbgon

    2
    you recommend to upgrade to the microsoft update engine. ive searched microsofts site and also looked through windows update in the.
    control panel on the laptop and cant find an upgrade option where i can do this

    how do i upgrade to microsoft upgrade exchange?

    3
    do i need to check for secure boot or does that only apply to people building their own pc
     
  22. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    also, enabling smart screen would beef up your defenses.

    Is pretty good with unknown malware when antivirus misses, and it stops it being executed.
     
Loading...
Thread Status:
Not open for further replies.