Windows 8 is a very complex operating
system that was designed to allow developers to do just about anything
you can think of. Microsoft has certain rules of the road that
developers and the programs they create must follow to keep users safe.
For the most part, users aren’t expected to have to think about safety;
Microsoft tried to engineer automated security into Windows 8. However,
vulnerabilities can be exploited. You can eliminate 95 percent of the
serious problems you might encounter by obeying the following ten
commandments.
Commandment 1. Thou shalt update your Windows 8 computer immediately and completely.
Windows Update is Microsoft’s push
subscription service for delivering Windows operating system and
Microsoft Office upgrades and patches. Since the bad guys watch for
patches and vulnerabilities and attack them as soon as they can, you
need to use Windows Update to immediately install updates.
The Windows Update icon
Commandment 2. A user shalt thou be.
Always log in as a user, not as an
administrator. You can view and change your account privileges in the
User Accounts control panel to give you the access you need on a daily
basis. When you run as an administrator ,
your privileges are too broad and can be used to compromise your
system. Elevate your privileges only when you are installing software or
performing a task that requires it. Also, you should never give away
your account login information.
The Run As Administrator command
Commandment 3. Thou shalt hide behind the firewall.
When you place your computer behind a router
or firewall, it becomes much harder for evildoers to find your system
and attack it. You should turn on Windows Firewall and allow only the types of incoming traffic you approve.
The Windows Firewall icon
Commandment 4. Thou shalt run an antivirus program.
Windows Defender ,
described later in this chapter, is a very competent program and is
turned on by default. If you don’t have an antivirus program running,
Windows 8 will complain.
The Windows Defender icon
Commandment 5. Thou shalt not open email attachments from unknown sources.
When you open an email attachment ,
you run the risk of running a program that can modify your system.
Attachments that are programs are no longer labeled as such, so make
sure that you are certain of the source of the attachment and its
purpose before opening it.
Beware of attachments.
Commandment 6. Thou shalt not tap or click links in emails from unknown sources.
A link may take you to a web page that contains programs that compromise your system.
Beware of links—especially deals that are too good to be true.
Commandment 7. Thou shalt not download files from untrusted sources.
Evil knows no limits. Avoid the ten plagues contained in unknown files by downloading only from known sources.
Know whence thy download comes.
Commandment 8. Thou shalt not expose thyself to others.
The dark forces want to know who you are;
indeed, they want to know everything about you. With just your name and
social security or credit card number, almost anything is possible. Be
especially careful when entering personal information into a computer.
Make sure that a site’s URL matches what you expect to see, and that you
are using an HTTPS connection. Impersonation, or phishing, is a common technique used to compromise your system.
Commandment 9. Thou shalt use strong passwords (but not strong language).
A strong password
has the following attributes: It is not a word; it is not a name; it
does not appear in a dictionary or encyclopedia; it cannot be looked up
on a search engine; it contains both upper- and lowercase letters; it
contains at least one number or symbol. The longer the password, the
better.
Use numbers, symbols, and a mix of upper- and lowercase letters.
Commandment 10. Thou shalt back up not once, not twice, but thrice.
Avert Armageddon: Store three copies of every
file—one on two different types of media, and one copy stored at a
separate location. This is called 3-2-1 backup , a philosophy outlined by Peter Krogh in his book The DAM Book: Digital Access Management for Photographers.
Hosanna to Leo Laporte at TWiT.tv for
proselytizing for safe computing on his many podcasts. These
commandments are based in part on his advice.
3-2-1 backup: three copies, two media, one copy offsite
Advice on good security
practices could fill a book; this chapter can provide only some of the
basic information. Microsoft maintains an extensive security site called
the Microsoft Safety & Security Center (www.microsoft.com/security/), which provides background information, tips, updates, and fixes.
The Windows Safety & Security Center is a good place to learn about safe computing on Windows 8.
Tip
Never rely on manual systems for protection. Set up your backups to run automatically so that you are always protected.
