Despite what you may hear, “Windows” and “secure” are not mutually exclusive tastes.
In fact, InfoWorld links to an article with more than 100 tips on how to secure Microsoft Windows.
Grimes offers more than 100 such hints. Here’s a sample of ten “hardening recommendations” that Grimes deems of “High Criticality:”
Don´t give non-admin users administrator privileges. Grimes says following this practice will prevent 70-90% of malware today;
Keep patches updated. Grimes notes this will prevent many attacks;
Use a host-based firewall;
Use antivirus software with an updated signature file;
Use anti-spyware software;
Run services on non-default TCP/IP ports;
All highly privileged accounts should have long (15 characters or longer), complex passwords. Grimes recommends this as a key strategy to defeat password cracking;
Security must be automated. Not doing so, Grimes notes, means that security practices won’t be consistently applied;
Use the AGLP method to assign security permissions. Grimes says not using it means you don´t really understand what security is set in your environment. AGLP, incidentally, stands for Accounts Global-Local Permissions. Microsoft recommends against assigning permissions to individual user accounts but suggests that you put your accounts into Global groups, then put your global groups into local groups and assign the local groups permissions to resources;
Use NTFS Modify permission instead of Full Control unless user really needs Full Control– Grimes notes most non-admin users never need Full Control to a file or folder. Here’s a link to an exhausive Wikipedia article on NTFS (New Technology File System);