Preparing a Windows PC before connecting it to the Internet

With the number of Windows viruses and worms increasing year-on-year, a number of anti-virus companies have published infection times for unprotected and unpatched Windows machines, all are within an hour of being connected to the internet.

It's no longer necessary to visit a website hosting a nasty script to get infected, there are scripts which find vulnerable machines using techniques like port scanning.

So what's the best way to prepare a PC from these threats and give you some piece of mind?

I'm going to concentrate on Windows XP, because this is now the most popular Windows operating system, and the one most likely to be targeted by virus and spyware writers.
Windows XP was the first Windows OS to come with a built-in firewall and it definately needs some sort of firewall, whether it be a corporate hardware firewall or a software variety.

Since the release of Windows XP in 2001 there have been lots of patches and hotfixes, many purely to fix security holes in the OS. In 2004 Microsoft released Windows XP Service Pack 2, this wasn't a ordinary service pack though. It was an attempt to bolt down the hatches, close some open doors, Service Pack 2 contained a new security centre which helps the user configure and monitor their anti-virus and firewall products. The Windows firewall was also turned on by default, and a host of other security prevention techniques were put into place, like the pop-up blocker in Internet Explorer.
Generally speaking Service Pack 2 has been a success, however there can be some hardware and software incompatibilities. Check the manufacturers websites for the latest drivers etc.

Ok, so you've installed Windows XP from scratch, somehow you need to patch the system without connecting to the internet before you've had a chance to install a firewall or anti-virus solution.
The best solution is to download the service packs on another machine, there are special service packs for network installation, these can also be burnt to CD-ROM, on this CD also burn a copy of the excellent ZoneAlarm firewall and AVG anti-virus, both products have free versions available from their respective websites, unless you have alternative products.

You're now ready to patch the new machine from CD or the local network. Once you've done this install the firewall, then the anti-virus.

You may need to disable the Windows firewall once you have an alternative product.

Finally configure your machine to connect to the internet, run Windows Update to get any patches released after the latest service pack then update your anti-virus solution with the latest definitions.

You should now enjoy hassle free internet access, however you may also want to install an anti-spyware application, but I'll cover that in another post.