I read Mark Morford’s article Why Does Windows Still Suck? with interest because I wanted the answer to that question as well. But apparently he thinks it sucks worse that I do. His Significant Other’s experience attaching her Sony Viao to the Internet raises some interesting questions. For example, who attaches their computer directly to DSL without using a NAT Router/Firewall? That’s just lunacy. I don’t care what operating system you are running, Mac, Windows, Linux, whatever, your machine will be owned shortly after making a direct connection to the Internet if no precautions are taken.
Some other questions that arise: Was she not running a firewall like Zone Alarm? She was obviously using the notoriously insecure Internet Explorer to surf, why not Firefox? Had she downloaded and applied all of the security patches for her version of Windows? Those three things would probably have been enough to save her machine despite her inexplicable foolishness in connecting directly.
This is not a defense of Windows. It sucks. I run Linux on my laptop and servers and prefer it to any other operating system. But Windows is a reality we have to deal with. I have to support Windows for my wife and son because her machine needs to run Quicken and TurboTax and because he wants to play Warcraft. In order to do that I’ve come up with some simple rules to help keep administration safe and sane in a home network environment.
1) Don’t let them run with administrator privileges. Users will scream and yell when they have to log into an administrator account to install or remove a program, ignore their cries. The cries born of inconvenience are nothing to the wails and moans of agony that will result from their machine being hosed by malware.
2) Run Firefox and Thunderbird instead of IE and Outlook Express. Popup blocking and inability to run malicious ActiveX controls will go a long way toward maintaining your sanity and the stability of the systems you administer.
3) Run Windows 2000. Do not be tempted by XP, there is nothing there you need. Windows 2000 is extremely stable and does not do strange things like send data to Redmond when you search your hard drive.
4) Use a hardware firewall/NAT router. They are just too cheap these days to do without even if you have only one machine. Its like the lock on the front door of your house, it keeps the honest people honest.
5) Run the free version of Zone Alarm on every Windows machine. Two layers of firewalls? Yep, belt and suspenders. Its too easy to do to make it worth not doing.
6) Run the anti-virus software of your choice on every machine and keep the definitions updated. All of them allow you to update automatically.
7) Make sure all the machines have the latest security patches installed. I prefer not to use the automatic update feature available in Windows, but its there if you want to automate this task.
Does that seem like a lot of trouble to go through to keep your home systems safe? Yes, frankly it ought to be easier. But I would recommend doing things like installing the latest security patches, running firewalls, not running as administrator, and running behind a firewall/router no matter what operating system you use.