How to maintain the integrity of your system (keep it from getting compromised). Here is a simplified list:


0. It is going to be hard to effectively secure your computer if you can not maintain physical control of it. Essentially, if you live in a situation where multiple people have physical access to your computer when you are not around (college dorm, roommates, siblings) you are always going to have some risk.


1. Don't let anyone you don't trust use your computer (period). I generally define this as anyone that doesn't already have administrator access to your computer, or doesn't already have a limited access user account. I sometimes use the more lax definition (for example, in a non-business environment); Only trust the people who you have access to when they are sleeping, and then, only after you have had to educate them not to touch your stuff. I had a college room mate who thought it would be funny to mess around with my computer (read, installing a virus). It took once to correct that behavior.


2. Don't run executable code sent to you by other people.


3. Install VMWare Workstation and do all your web-browsing from a separate virtual machine. Make sure other computers in your network are configured to not accept any network traffic from this virtual machine. When you need to transfer files, use a USB drive (you can directly connect a USB drive to your virtual machine with VMWare and other software like it).


4. You may even want to take the approach of using a Linux Live CD to run Firefox from (depends on how obsessive you want to get with this) in a virtual machine. Since there is no "writable" file system anywhere, even if the system does get compromised it resets back to a known state when you power cycle. With all the complaints I've heard recently of things being posted to the WOW forums, this may be a good idea for your WOW forum fix.


5. Make sure your system is up to date with Windows patches and application patches.


6. Don't expect to maintain the integrity of your computer running anything from the Peer to Peer networks (this is not an accusation, just a statement of fact).


7. Regularly backup data.


8. There are Linux Live CDs that include the open source ClamAV antivirus software. This Live CD will allow you to boot your computer up from the CD and perform a virus scan. (warning: over simplified reason follows) The idea here is since you are not using the operating system on your computer, but, instead, the pristine copy from the Live CD, you will have a better chance of detecting any thing that may be on your computer. Depending on your security policy, you may want to occasional perform this (that was a snarky comment).


9. Don't use any of your passwords from insecure computers. If you have to, have a different password for each account. For example, I would never log into the WoW Forums from a computer in an Internet Cafe (or a public library, or any other random computer). This includes your "friend's" computer.


This doesn't mean you can never use your accounts from computers other then your own, just be aware of the risk. I do, from time to time, have to log into my e-mail account from questionable computers. My e-mail account has a separate password from my other accounts. It also gets changed after I do something risky like using it on a public computer (and I change it from a secure computer).


10. If security was simple we wouldn't have a large industry setup around it. While the Security+ certification isn't the best in the industry, it is recognizable and does pull large pieces of the CISSP knowledge base. It is also a little more approachable. Pick up a Security+ book and read - security begins with policy.