The Lucky 13 Security Checklist. Prepare your Windows PC for better on-the-road security and privacy.

Updated on 01 April 2019

wipe-97583_640-290x300_editedI’m preparing to go to Mobile World Congress where one of my worries will be security and privacy. To that end I’ve hardened my Windows build and written it up below as a checklist of tasks that I urge you to look at and consider, especially if you’re connecting to unknown hotspots.

The checklist has evolved from work I did training journalists in Ukraine, work I’ve done here on Windows 8 tablet security and work I’ve done on Clean Computing with Chromebooks which, interestingly, would have a checklist just half as long as this. Points 1-7 don’t apply to a Chromebook. Unfortunately I’ll be needing video editing and gallery management tools in Barcelona so I can’t use a Chromebook as my main PC there.

The Lucky 13 Checklist for Better Windows PC Privacy and Security.

    1. If possible, use a PC with an encrypted disk. (Microsoft Bitlocker is available for free on some low-cost Windows devices and on all Windows ‘Pro’ installations. E.g. All Surface Pro devices.)
    2. Turn on SecureBoot in your BIOS if possible and (as a minimum) add a BIOS boot (or BIOS admin) password. Create a long 15+ character Windows password for all Windows accounts.
    3. Install Windows Updates and turn on update notifications. (You may not want automatic updates to download while on a hotspot.) You can also set your WiFi to be a ‘metered connection’ which will disable some network services from running. Set the WiFi to be a ‘public’ hotspot (don’t enable file sharing and discovery.)

      Encrypt

      Encrypt

      Update

      Update

    4. Check that Windows Firewall is on.
    5. Update anti-virus and run a full scan. Windows has a built-in service called Defender if you don’t have a third-party solution.

      Firewall

      Firewall

      Windows Defender

      Windows Defender

    6. Run CCleaner (also check and clean the auto-start-up list.) and Spybot.
    7. Create a non-admin account. Log out and log back in to the non-administrator account. For more privacy, don’t log in via a provider ‘cloud’ account (E.g. Microsoft, Google accounts) although some of these cloud accounts have some good security features. (login accounting, remote password change, two-stage passwords.
    8. Use up-to-date Chrome with HTTPS Everywhere, Privacy Badger extensions enabled, others disabled where possible. Don’t link Chrome to a Google account unless you trust Google. (Run an Incognito browser Window.)

      Chrome Extensions

      Chrome Extensions

      User accounts

      User accounts

    9. Hardwire your DNS to your ISP. If you trust Google, they have a good DNS service at 8.8.8.8 and 8.8.4.4. (Don’t use the DNS given by the hotspot)
    10. Use the Zenmate extension to tunnel and encrypt web traffic or buy a good VPN to tunnel all traffic. (I’m using HideIPVPN’s UK tunnel.)
    11. Use Startpage.com as search engine if you don’t want Google to store your searches / IP address. Startpage can also be used as a proxy.

      Zenmate HTTP tunnel

      Zenmate HTTP tunnel

      Hardwired DNS

      Hardwired DNS

      Startpage search

      Startpage search

    12. Avoid using cellular data if you don’t want to be location tracked. (Turn off A-GPS / location services on phone too.)
    13. Do not leave your PC unattended.

Again, if you’re using a Chromebook, points 1 – 7 don’t apply. Note that you can Power Wash a Chromebook in 60 seconds and use the Guest account to avoid Google tracking. (VPN and DNS work in guest mode.)

Due to time constraints I haven’t been able to link all the items to how-to articles but I’m sure you know how to use Google search to find the information. If not, please buy a Chromebook and start from point 8.

Update: Screen image hints added.

Your feedback is welcome and in the name of security and privacy I urge you to share this article.

More from us. (No silly ads.)

2 Comments For This Post

  1. surface says:

    I’ll add a new one: Don’t use a Lenovo laptop, sorry couldn’t resist ;)

  2. animatio says:

    use windows firewall control to set up your windows firewall for each application.
    activate automatic memory scan after upgrading/actualizing in your anti-virus software.

Search UMPCPortal

Recommended Reading

Top Ultra Mobile PCs

Viliv S5
4.8" Intel Atom (Silverthorne)
Acer Aspire E11 ES1
11.6" Intel Celeron N2840
HP Elitebook 820 G2
12.5" Intel Core i5 5300U
Acer Aspire Switch 10
10.1" Intel Atom Z3745
Toshiba Portege Z930
13.3" Intel Core i5 3427U
Lenovo Ideapad Flex 10
10.1" Intel Celeron N2806
Toshiba Portege Z830
13.3" Intel Core i5 2467M
HP Chromebook 11 G3
11.6" Intel Celeron N2830
Archos 9
9.0" Intel Atom Z510
Intel NUC Bean Canyon
0.0" Intel Core i7 8559U