System Rebuild Diary - Building a secure PC

So far, the complete system overhaul has gone quite well. I'm rebuilding as pristine a system as a gadget freak like me is capable of. I'm doing pretty well so far avoiding the temptation to reinstall every utility and add-in I might need and am really trying to focus on what I know I need on my Tablet PC.

I reinstalled the core software configuration from the DVD that came with my Toshiba M205 first. That went without a hitch (as I was lucky enough to get a unit that included a bootable USB external combo drive). There have been a number of unhappy Toshiba Tablet users who were not so fortunate. There are a number of excellent threads in the forums at TabletPCBuzz.com discussing workarounds and possible fixes for this situation. One pretty cool idea is to take advantage of the Portege's SD card slot to rig up a bootable memory card. I may give this a try as I have a nice 1 GB card I just picked up.

I made sure the PC was not connected to the internet while installing the OS and updates, which I had collected prior to beginning this project. One of my co-hosts ont he weekly radio show I do every Saturday morning recently hung a "virgin" XP installation on the net just to see how long it would take before it was infected and/or hacked. The answer? Under six minutes! You can't donload a service pack that fast - even with a cable connection.

The XP SP2 install (from CD) ran without a hitch as well. I made sure that Restore Points were being set at every step of the process. Once I had SP2 configured, I installed the rest of my security tools. As I work behind a very tight firewall both a work and at home, I've decided (at least for now) to use the Windows Firewall as a secondary layer. It's not perfect, but it is adequate to the task of blocking unrequested inbound connections.

I know some people are concerned about their security when using public WiFi (and it's a legitimate concern). I take care of that using SecureCRT, my company's flagship Secure Shell client application, to tunnel all of my TCP/IP applications (including e-mail, web, and a few others) through an encrypted, authenticated connection. If someone really wants to eavesdrop on me, all they'll get is gibberish!

I use AVG Antivirus, a very nice free AV tool from Grisoft. I installed that locally, bypassing the optionof updating the definitions right away (at this point, I'm still not connected). The next step was to roll out my trio of spyware tools: Lavasoft's Ad-Aware SE, Spybot Search & Destroy, and Spyware Blaster. Finally, I ran two of Steve Gibson's GRC utilities, Un-Plug-n-Pray and DCOMbobulator to turn off those unnecessary (and potentially compromisable) services which, even with SP2, are still left on. With all of these tools installed and configured, I finally established a net connection.

In order, I ran through the various updates. Windows Update, followed by the AV defintions, and finally the spyware tools. For good measure, I ran a complete scan with each of the tools. Success! A clean bill of health.

The last preparatory step was installing Executive Software's Diskeeper - my longtime favorite for disk defragmentation. I set Diskeeper to do a boot-time defrangmentation run (one of it's very nice features) so that everything I had installed could be optimized on the disk, including the Windows swap file.

This might sound a bit over the top to some of you but taking these precautions is essential, especially if you're a mobile user. What I can tell you is that I have never had a machine I've built this way compromised by malware or penetrated by a script kidddie.

Next: Setting up Office and my other apps and a "ghost" in the machine.



Reader Comments

(Page 1)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith