I haven't seen a newer Tut on securing a computer and decided it was probably worth my time to write as i have done some work in Information Assurance (IA). Notice that some of these programs won't be free, and some may not be cheap. Though I don't think $60 or so for some of the programs i list, is really that much to ask.

What I am going for here is to write about End Point Protection, or a host based system for protecting your system. If people like this article I don't see a problem of writing something if you have more computers and wish to protect them, and have a server to do some of this stuff from.

Network Segmentation
If you have 2-4 computers (I have 4 laptops, 3 desktops, 1 server) I like to keep my network segmented so that information that I don't wish to be accessible to the internet, isn't there. I have 3 routers within the home network. The modem/router that is setup for the internet is just the default settings, with a little bit of extra security, the Wireless is turned off so that the only connection to that is 2 Ethernet cords running to my other routers. This setup ensures that no one can "just connect". Both other routers have wifi turned on and have a WPA2-PSK key, along with MAC address port security. Though one of them is generally turned of as when people come over its just easier to allow them to connect to the network. The server is blocked from the internet, and i only turn this on in cases where i need to apply patches or do some work on it, but generally as a back up server it doesn't need to be connected. Everything else is allowed on the network but i use a none default IP addressing scheme.

End Point Protection
Over the years I have used a few AVs and have liked a very select few of them. With AVs you get what you pay for, that being said, the best one you most likely already payed for. When you bought windows, Windows Defender is known to come out with 0-day detection sooner then most other AVs. And is a free option. Though missing a lot of what others offer, its still a good tool to keep on the computer.

I have also used Kaspersky. Though this isn't free, it isn't exactly breaking the bank for what it offers. With a HIDS (Host based Intrusion Detection System) and also a way to setup for a vulnerability scan it checks up on what 3rd party software you should patch. Along with some nice settings like a Gaming setting, so that it will make sure not to run any scans/updates while you are playing games. Thus using a lot less memory and processing power and bandwidth while you're doing something that requires of those 3. Also the vulnerability scanner gives you links on how to fix the exploits it finds.

Blink Professional Edition is another one that is really amazing. Blink coming from Eeyes Retina scanner. You can be assured it is a good product. Retina is a vulnerability scanner that not only scans your system for threats but for 3rd party applications that could be a threat to your system. Retina has a one button fix for the problems, and is a very good tool.

For one reason and one reason only i do not support most free AVs is because the time to make the detection tool is generally associated with how much the company can spend to decompile the threat and create a fingerprint and push it out to you. Since the tools mentioned above have a good base and are able to pay large amounts for the ability to do this, I would choose them above most other tools. Most problems you are going to see on your systems are going to be 0-days. And that means if you don't get a way to detect it within 24-48 hours you will likely be effected.

So take a look at those 2 and find one that you like.