Windows Security - Basics

Draft | Approver: psycore

tutname=Windows Sicherheit - Grundlagen|tutautor=[[en:psycore]]|tutversion=1.0|tutquelle=

Windows is the most frequently used operating system and therefore also the most frequently attacked. Some basic settings should be made to ensure a certain level of basic protection. This tutorial explains this step by step.

In general, Windows updates should always be installed automatically. Many known security gaps are closed within a few days. Automatic updates mean that you don't have to do anything yourself. Windows Updates can be activated in the Control Panel.

Software from other manufacturers, such as Adobe FlashPlayer or Java, should also always be kept up to date. Most programmes now offer automatic update agents. It is also advisable to use these. Alternatively, you should visit the manufacturer's website at regular intervals and download the latest updates there.

Every Windows PC needs an up-to-date virus scanner! And it doesn't have to cost anything. There are now a number of manufacturers who provide basic protection free of charge. My current favourite is AVAST. This offers free and (in my opinion) good basic protection without overloaded adverts. The free version can be downloaded auf downloaded from the download page.

The virus scanner should also always be up to date. It must be able to update itself from the Internet at least once a day.

There are many discussions about the pros and cons of a so-called “personal firewall” (software-based firewall). In general, it can be said that every modern router comes with a hardware firewall. These should be activated and configured by default. So why install a personal firewall on the computer?

The answer is relatively simple: by using a personal firewall, I can control the programmes that want to connect to the Internet. This control is not so easy with a hardware firewall.

Windows now comes with a firewall as standard. We will not go into the exact operation here, as this would go beyond the scope of this article. However, there is a wealth of tutorials on the Internet that deal with this. Here is a small selection:

There are also commercial solutions, which vary in quality depending on the product. However, it always depends on personal taste and handling.

After the basic installation of Windows, certain administrative default shares are set. These allow access to the hard drives with the user's login data. This makes perfect sense in large company networks, but less so in private households.

Drive C:, for example, can be accessed via the UNC path \\PC-NAME\C$ ¹⁾.

These shares should be deactivated in order to block attempted attacks from outside. They can be deactivated with this batch file:

unshare.bat

@echo off
net share a$ /DELETE
net share b$ /DELETE
net share c$ /DELETE
net share d$ /DELETE
net share e$ /DELETE
net share f$ /DELETE
net share g$ /DELETE
net share h$ /DELETE
net share i$ /DELETE
net share j$ /DELETE
net share k$ /DELETE
net share l$ /DELETE
net share m$ /DELETE
net share n$ /DELETE
net share o$ /DELETE
net share p$ /DELETE
net share q$ /DELETE
net share r$ /DELETE
net share s$ /DELETE
net share t$ /DELETE
net share u$ /DELETE
net share v$ /DELETE
net share w$ /DELETE
net share x$ /DELETE
net share y$ /DELETE
net share z$ /DELETE

Alternatively, you can start the Registry Editor and set the corresponding Registry entry.

The remote registry allows administrators to change registry settings from another computer in the network. This is also rarely desired in private households and should be deactivated. To do this, the Registry Editor is started. Now search for the service remote registration service and double-click on it. You can now stop the service by pressing a button and set the start type to deactivated to deactivated. After clicking on Applythe settings are saved.