Here is a general list of things you can do to protect yourself.

1, Get a router if you don't already have one.

2, Disconnect the internet connection - If it's active, disconnect it. If you have a router, this doesn't really matter all that much, unless of course you haven't yet changed the default passwords for it. Statistically, a computer is attacked within 2 minutes of going online on average, and yours isn't ready yet.

3, Use a limited account! - This can't be stressed enough. To be using an account with administrator status for day to day stuff is just asking for trouble. Log into your administrative account, install the programs you intend to use, add a strong password to the account (ONE YOU CAN REMEMBER!), create a limited account for day to day use (browsing the web, using programs, etc), and add a password to that account too. After setting up your computer, only ever log into the administrative account if you need it's privileges. For the most part, use the limited account, (which can be easily deleted and reset).

4, Display hidden file extensions - open "my computer", and go to tools -> folder options. Under the view tab, scroll down a little and deselect the "hide extensions for known file types", and click apply. That way, you can see that files such as "this is funny.jpg.vbs" aren't what they appear to be.

5, Protect your guest account - The guest account can be used by hackers and/or malware to gain greater access to your machine, even when turned off. The guest account can't be removed. However, you can disable it, but this can affect the functionality of your computer. Instead, what you can do, and what you probably should do, is put a strong password on it, and then leave it safely turned off. You do this by opening a command window (start -> run -> type "cmd" and press enter). at the command prompt, type net user guest <password> (where <password> is your chosen password, being something you can remember). After hitting the enter key, the guest account will be password protected. If your machine is networked and authenticating as guest, then you'll need this password to access network shares - if you tell it to remember the password, it will only ask the once.

6, disable memory dumps - when an application on your PC crashes, windows makes a note of it in a memory dump file by default. It's useful for troubleshooting, but can unfortunately store passwords used in applications, making it a prime target for Crackers, given that at least one variety of CoolWebSearch was recently discovered to send personal details to a remote server for ID theft, it may be a matter of time, however unlikely, that malware could be written to use such files for purposes of finding targets for cracking.) Right-click "my computer" -> properties -> advanced tab -> the "settings" button in the startup and recovery section. Where the window says "write debugging information", change the "small memory dump (64KB)" to "none" and click ok. If your computer ever starts crashing, you can re-enable it if you need the file to investigate.

7, Safeguard the "Administrator" account - All things nasty on the internet head straight for this account. It's not the same as an account with administrator status - It's far more powerful and is concerned with the inner workings of XP. Simply changing it's name can make it far more secure, deterring all but the most determined of Crackers, and leaving a lot of malware completely confused.
For XP-Pro go to start --> run --> and type gpedit.msc, which will open the group policy editor window. Go to computer configuration -> windows settings -> security settings -> local policies -> security options. Double click on "accounts: rename administrator account" and give it a new name (but don't go making it obvious, like calling it admin or something.)
For XP-Home see the instructionshere.

8, Clear the page file - The page file isn't cleaned out regularly, and as a result can accumulate data, personal info, and passwords, all of which can me extracted by someone with the right tools and knowledge. A quick registry change can have windows clear it out every time the machine is shut down. Open "regedit" and make your way to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Contro l\SessionManager\MemoryManagement. Create a new DWORD value called ClearPageFileAtShutdown if it's not already there, and set its value to 1. This will take effect the next time windows is restarted, and will purge the pagefile every time thereafter.

There are a few other things you can do before you go online, but in the interests of keeping it simple, these are probably the most effective and easiest, and are probably enough for your average user. Now it's about time to reconnect your internet connection and take windows online, but it's not quite finished yet - there are still a few more things to do...

9, Firewall first - You're about to connect to the internet. Windows update should NOT be the first thing on your mind. You need to do things in the following order. Get a Firewall (at the very least, windows integrated firewall), get an Antivirus and update it, and only THEN update windows.

10, Update your HOSTS file - Go to http://www.mvps.org/winhelp2002/hosts.txt and download the file. Use it to replace the original HOSTS file which can be found in "C:\windows\system32\drivers\etc". This will then stop many nasties that you could ever potentially contract from contacting their home server.

11, Ditch Internet Explorer and Outlook Express - Download and install Mozilla Firefox for your web browsing, and Mozilla Thunderbird for your email, unless you are paying for pop access to your hotmail account - Thunderbird doesn't play well with hotmail. You may also want to consider using an anonymous proxy server for your web browsing.

12, Immunize against malware - Check out this list of free security software

__________________
__________________
Check us out on Facebook!

Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions