How To: Managing Security Settings in Windows 7

Windows 7 comes with three security features enabled by default:

  • Windows Firewall
  • Windows Defender
  • User Account Control

Windows Firewall

The most important security feature you need to have is a software firewall running on your computer. A firewall is a security feature that blocks unauthorized attempts to send data to your computer. Windows Firewall is turned on by default, but you should check this, just to be safe.

  1. Click Start.
  2. Type ‘firewall’ and then click Windows Firewall in the search results. The Windows Firewall window appears.
  3. Check the Windows Firewall State value. If it says “On,” you’re fine; otherwise, continue to step 4.
  4. Click Windows Firewall Properties. A window appears.
  5. In the Domain Profile tab, select On from the Firewall state field..
  6. Click OK.

Windows Defender

The worst malware offender is spyware. Spyware is any program that surreptitiously monitors a user’s computer activities — particularly the typing of passwords, PINs, and credit card numbers — or harvests sensitive data on the user’s computer, and then sends that information to an individual or a company via the user’s Internet connection without the user’s consent.

Windows Defender protects your computer from spyware in two ways:

  1. It scans your system for evidence of installed spyware programs (and removes or disables those programs, if necessary).
  2. It monitors your system in real time to watch for activities that indicate the presence of spyware.

If the protection feature of Windows Defender is turned off, you will see the Action Center message shown below. Click that message to launch Windows Defender and turn on protection. Otherwise, click Start, type ‘defender’, and then press Enter.

Follow these steps to ensure that Windows Defender is set up for maximum protection:

  1. Click Tools.
  2. Click Options.
  3. Click Automatic scanning.
  4. Enable the Automatically scan my computer checkbox.
  5. Click Real-time protection.
  6. Enable the Use real-time protection checkbox.
  7. Click OK.

Windows Defender supports three different spyware scan types:

  1. Quick scan: This scan checks those areas of your system where it is likely to find evidence of spyware. This scan usually takes just a couple of minutes. This scan is the default, and you can initiate one at any time by clicking the Scan link.
  2. Full scan: This scan checks for evidence of spyware in system memory, all running processes, and the system drive (usually drive C:), and it performs a deep scan on all folders. This scan might take 30 minutes or more, depending on your system. To run this scan, select Scan > Full Scan.
  3. Custom scan: This scan checks just the drives and folders that you select. The length of the scan depends on the number of locations you select and the number of objects in those locations. To run this scan, go to Scan > Custom Scan, which displays the Select Scan Options page. Click Select, select the checkboxes for the drives you want scanned, and then click OK. Click Scan Now to start the scan.

By default, Windows Defender is set up to perform a quick scan of your system every morning at 2:00 a.m. To change this, select Tools > Options > Automatic Scanning, and then use the controls to specify the scan frequency time and type.

The rest of the Options page offers options for customizing Windows Defender, which are detailed below:

  1. Default Actions: Sets the action that Windows Defender should take if it finds potential spyware in the Severe, High, Medium, and Low categories: Recommended Action Based on Definitions, Ignore, Quarantine (disables the threat without removing it), Remove, or Allow.
  2. Real-Time Protection: Besides toggling real-time protection on and off, you can also toggle security agents on and off. Security agents monitor Windows components that are frequent targets of spyware activity.
    Note: Windows Defender will warn you that a program might be spyware and ask whether you want to allow the program to operate normally or to block it. If you accidentally allow an unsafe program, click Tools > Allowed Items, then select the program in the Allowed Items list, and then click Remove from List. Similarly, if you accidentally blocked a safe program, click Tools > Quarantined Items, select the program in the Quarantined Items list, and then click Remove.
  3. Excluded files and folders: This section allows you to specify files or folders that you don’t want Windows Defender to scan.
  4. Excluded file types: This section allows you to specify file extensions that you don’t want Windows Defender to scan.
  5. Advanced: These options allow you to enable scanning inside archive files, email messages, and removable drives.
  6. Administrator: This section has a checkbox that toggles Windows Defender on and off, and another that, when activated, allows you to see Windows Defenders items (such as allowed programs) for all users accounts on the computer.

User Account Control

To enable User Account Control:

  1. Select Start, type ‘user’, and then click Change User Account Control Settings in the search results. The User Account Control Settings window appears.
  2. Make sure the slider is set to anything other than Never Notify at the bottom.
  3. Click OK.
  4. Restart your computer to put the new setting into effect.