[Note]This tutorial is for newbies, i doubt any of the more knowledgable users will learn something from it. I won't treat physical securing of the box cause i've seen a very good tut somewhere in AO already.

[Goals]I noticed that we see the same basic security questions posted day after day, so i decided to do my own litlle tut in order to give my modest contribute to the matter. I'll try to be clear, provide the necessary links and give as much core information possible.

[Subjects]
*Introduction
*Patches/Updates
-Microsoft updating
-General updating
*Anti-Virus
*Spyware
*Firewall
*Email
*Security Tools
*others


---------------------------------------------------Introduction-----------------------------------------------------
The first thing you must bare in mind (no matter how l337 you think you are) is that you are NEVER 100% secure. And if you still think you are, don't brag about it or it will take lesser time then you think to some pissed of guy to own your box.
The only think you can do is to employ a responsible conduct on your net usage and always try to be as informed you can, securing whatever can be exploited the best you know.

Now, on to the real deal...


------------------------------------------------Patching/Updating------------------------------------------------
There IS indeed a reason why patches are released: because all software has bugs that can be used to harm your computer.

-Microsoft Updating:
When you first receive your computer, it already comes with a default Operative System installed (usually Windowz). What you should remember is that since the time that SO was launched and the time being that you receive it, there are tons of critical updates that you have to patch your system with if you want to last a week on the web.

If you don't know where to beggin the updating, turn your internet connection on and try clicking the lower left corner [Start Button] and at the top of that there should be the link named [Windows Update]. Click it and follow the intructions.
If there is no such link, click on [Start Button]>[Search] and enter 'wupdmgr.exe'. This is the program used to check your pc for updates. In worst case scenario click here to go directly to the microsoft update page.
Remember to often check for updates, they can mean the difference between a visit to the park on sunday or spending the weekend with the technician whyle he tries to explain you what happened.

-General Updating:
Updating your software is almost as important as updating your SO. I'll suggest you check software such as your Anti-virus and your Spyware remover at least every 2 days. Recently we had to deal with Blaster, so you get the picture on how fast new worms can spread.
[pong]UPGRADE ALWAYS![/pong]


----------------------------------------------------Anti-Virus-------------------------------------------------------
The first step not to get caught on virii is to have a good top-of-the-class anti-virus scanning your hard drive at least once a week and always running actively in the background in order to prevent virus/malicious codes/dangerous email atachments from being installed.
If you can afford it, will have to suggest
Norton AV, it's paid but you are likely not to be compromised by virii if you configure it properly (enable mail scanning, background runnig,active script check,daily scan).
If you require a good free AV that can integrate itself on email, and do the other mentioned things, get avast!, it offers you updates and everything for absolutly 0 $.


---------------------------------------------------------Spyware---------------------------------------------------
Spyware is a jargon for adware. It is mainly a program that you did not choose to install, that came hidden within some other .exe or something you downloaded from the net. It often chagens your register to redirect you to porn sites or some product, but it can also be used to steal your information (spy). Even if you ear someone saying that it's needed for a certain program to be run and that your info are secure and not going nowhere, keep in mind that you actually have a server running on your box ready to call home any time it is told to. You can see the risks.
Regarding spyware, there are two essential tools you have to get:
Spyware blaster, that downloads info on spyware from their database and integrates it self (you wont even notice it) and prevents spyware from even getting near your computer;
SpyBot Search&Destroy, that scans your pc for spy even if they are yet to be installed, meaning when they are compacted along with the proggie you just got from the web.


---------------------------------------------------------Firewall-----------------------------------------------------
A firewall is a barrier that separets your computer from the rest of the internet (sord of). See it as the gate that protects your house - if you have no gate, any one can come in and take a peek right? Your computer uses 'ports' it has to connect to the internet, and has you can imagine, if one can go out through that port, one can surelly come in. The firewall 'locks' those ports in order for you to have control to what gets to your computer or not.
If you know something about the subject, get Sygate so you can have a more professional control on internet traffic. If you just want a superb firewall with a easy user interface, get Zonealarm. It will do that good of a job too.
Below are some common ports used by well known protocols and programs:
ftp 20/tcp File Transfer Protocol [Data]
ftp 21/tcp File Transfer Protocol [Control]
ssh 22/tcp ssh remote login protocol
telnet 23/tcp telnet
smtp 25/tcp Simple Mail Transfer Protocol
domain 53/tcp Domain Name Server
domain 53/udp Domain Name Server
tftp 69/udp Trivial File Transfer
www 80/tcp World Wide Web HTTP
pop3 110/tcp pop3
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
imap 143/tcp imap
https 443/tcp http protocol over TLS/SSL
rip 520/udp ocal routing process (RIP)
hate 666/udp hate protocol [Gruttaduaria]
citrix 1494/tcp Remote desktop
citrix 1604/udp Published Apps
rdp 3389/tcp Remote desktop protocol
http-alt 8080/tcp http Alternate (see port 80)

WARNING: DO NOT trust winXP built-in firewall to do the job, it filters only incoming traffic, so if a trojan gets into your computer, it will be able to call home freely and the user will be mislead to think that he is protected.


--------------------------------------------------------Email-------------------------------------------------------
A lot of worms spread through email, so my advice is to never even open an unknown recipient email nor download attachments you dont know requested.
Even if a budy of yours sends you an email with a suspicious title and an even more suspicous attach. , be carefull because he might have gotten compromised and may be spreading a worm automaticaly.


--------------------------------------------------------Tools-------------------------------------------------------
What better way to be secure then to find vulnerabilities yourself before others do and hack you?
Here are some good tools that can audit your PC for known issues and give you a heads-up on what you need to correct:
Microsoft Baseline Analyzer,searches for known vuln in Win ;
LANguard, can scan computers on your network, use it to scan yours;
PortPeeker, lets you know what is trying to get a look in your box;
Canary, monitors internet access with tons of features available;
HFNetChk, lets you know what patches are available and what have been downloaded.

Besides those proggies, you can go to:
GRC.com; and
Audit my PC for aditional scanning.


--------------------------------------------------------Others-------------------------------------------------------
Well, this is about it. I'd also advise you to go to [Control Panel]>[Network Connection]>[your default connection]>[Properties]>[Networking] and make sure 'Client for microsoft network' and 'File and printer sharing' aren't checked.

Download IP Scanner to check for active shares.



And that's all folks. Please do add/correct things you think are not 100% right.
+2 cent on the box
greetz