If your operating system does not include a built-in software firewall, you may wish to install a third-party firewall application. Many such applications are available at relatively little (or sometimes no) cost. However, given that the issue we're trying to address is the relatively short lifespan of an unprotected computer on the open Internet, we recommend that any third-party firewall application be installed from media (CD-ROM if possible) before connecting to a network rather than downloaded directly to the unprotected computer. Otherwise, it may be possible for the computer to be exploited before the download and installation of such software is complete. If possible, download the software to a protected computer and burn it to CD. If you do not have this capability yourself, then you need to limit your exposure as much as possible. Connect the system to the Internet, go to one of the following website and download the desired firewall product, then disconnect immediately. My two personal favorites are:ZoneAlarm from ZoneLabs and Personal Firewall from Kerio.

ZoneAlarm is a nice and easy firewall that anyone can use without a technical background. If you're a bit more technical, or would like to learn more about firewalls in general, Kerio's product has a bit more granularity. There is a comprehensive listing of firewall software available here and here.

Disable nonessential services, such as file and print sharing


Most operating systems are not configured with file and print sharing enabled by default, so this shouldn't be an issue for most users. However, if you are upgrading a computer to a new operating system and that computer had file or print-sharing enabled, it is likely that the new operating system will have file and print sharing enabled as well. Since the new operating system may have vulnerabilities that were not present in the older version being upgraded, disable file and print sharing in the older version before beginning the upgrade process. After the upgrade is complete and all relevant patches have been installed, file sharing can be re-enabled if needed. The following should work in most versions of Windows:

• Go to Start/Settings/Control Panel.
• Double-click the "Network and Internet Connections" icon.
• Open "Network Connections".
• Right-click on the network connection you wish to change (e.g., "Local Area Connection") and select "Properties".
• Make sure "File and Printer Sharing for Microsoft Networking" is unchecked.

First Steps After Connecting to the Internet

Download and install software patches as needed. Once the computer has been protected from imminent attack through the use of either a hardware or software-based firewall and the disabling of file and print sharing, it should be relatively safe to connect to the network in order to download and install any software patches necessary. It is important not to skip this step since otherwise the computer could be exposed to exploitation if the firewall were to be disabled or file/print sharing turned back on at some later date. Go to http://windowsupdate.microsoft.com/ and follow the instructions there to install all Critical Updates.

Install and use antivirus software