Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

What Does it Take to Keep Windows Secure?

My son’s Windows 7 laptop was recently infected with some malware (adware/spyware). Mind you, I try to follow the generally-accepted recommendations for trying to prevent this sort of thing:

  • My son uses Mozilla Firefox (not Internet Explorer) with all updates installed.

  • I keep Windows 7 patched with updates from Microsoft.

  • He runs as a non-administrative user, and doesn’t know the administrator credentials.

  • The Windows 7 firewall is enabled and configured with a fairly strict set of rules.

  • The network has open source proxy server with content filters, so I can be reasonably confident he’s not visiting the really nasty sites. Obviously, content filters are never perfect and always in need to be updated, but they’re better than nothing.

  • The network itself is protected by a hardware firewall (not a simple NAT router, but a true stateful firewall), which requires that all web traffic go through the proxy (so he can’t bypass the proxy).

  • I installed Microsoft Security Essentials on his laptop to protect against malware, adware, etc., and I keep it updated.

Yet, despite all these layers of protection, I find that my son’s laptop was still infected with malware.

So I ask, in all seriousness—meaning I’m not trying to start some sort of flame war about how Mac OS X or Linux is better than Windows or vice versa—how does one protect their Windows installations against this sort of thing? I mean, what does it take, anyway? I feel like I am taking some pretty serious steps to protect Windows, and yet it still gets infected. What am I missing here?

Be social and share this post!