5 Steps to Secure a New PC

Just unwrapped a brand-new PC? Security pros share their secrets for making your system Internet-safe.

. What's this?

By , Senior Editor

June 29, 2009CSO

A common misconception is that a shiny new computer is more or less secure because it hasn't yet been exposed to the Internet's sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items security pros don't typically trust.

CSOonline asked security experts about the first steps they undertake after unwrapping any new Internet-facing machine.

Step 1: Uninstall Stuff You Don't Need
A new PC is bound to come out of the box already fitted with items the security pro doesn't care for. Certain media players may cause heartburn, for example. Or the machine could simply include programs that, from the security practitioner's point of view, makes other, more important applications perform more slowly than they otherwise would. PC manufacturers have become notorious for installing trial software versions and other unnecessary programs (commonly known as 'craplets' or 'bloatware').

Martin Fisher, manager of the Computer Security Incident Response Team (CSIRT) at Delta Airlines in Atlanta, says software removal is his first task when unwrapping a new system. The simple reason is he prefers the machine to be as bare-bones as possible, only fitted with programs the user needs to do the job. Simple is also easier to secure.

He removes any vendor-provided remote help, AOL and other preloads he will never use (including whatever Adobe products came pre-loaded and all MS Office - which he will replace with OpenOffice and Mozilla Thunderbird). The goal is to strip the machine to the bare minimums.

Step 2: Install Firefox
Let's face it: Despite all the effort Microsoft has put into making Internet Explorer more secure, one is hard-pressed to find an IT security administrator who truly feels safe using it. And so one of the first things they do is install an alternative browser -- Mozilla Firefox, in most cases. [See: IE or Firefox: Which is More Secure?]

"Firefox with NoScript currently provides one of the best levels of protection against browser-based attacks," says Christophe Veltsos, president of Prudent Security and keeper of the DrInfoSec blog.

Step 3: Install NoScript and other Firefox add-ons
Indeed, nearly everyone who said they install Firefox said they also grab the NoScript add-on, which only lets trusted websites (the user's online bank, for instance) run JavaScript, Java, Flash and other plug-ins, and defends users from cross-site scripting (XSS) and clickjacking attacks. It uses a whitelisting approach that blocks scripts that may attempt to exploit security vulnerabilities without loss of functionality.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER