The Internet can hold a host of dangers for the unwary computer user. Without proper precautions, your data is at risk every minute your system is connected to the web. - Version 1.2.0

With this guide, PCSTATS has set out to inform you clearly and concisely of the dangers you face, and the steps you can take to avoid them. Once you look through, I think you'll be struck by how little effort is required to make your PC more secure. Even performing the first five steps of this guide will make your system better protected than the vast majority of Internet connected PCs. It is not wise to rely on the comparative anonymity of the Internet to keep you safe. If you do, you will be burned eventually and inevitably. Secure your PC now to avoid future regrets.

The next five procedures can be considered essential for any computer user that values the sanctity of his or her data. By following these five easy steps, you can avoid 99% of the potential trouble lying in wait for you on the Internet.

Step 1. Use a strong password

The danger: malicious computer users can gain access to your computer over the Internet, stealing and deleting data and potentially implanting viruses and Trojan horses.

The cause:
The major irony of Microsoft's shift from non-password protected home operating systems like Windows 98 and ME to the password and access-list based 'security' of Windows 2000 and XP is that your data is actually less secure by default.

Sure, the new operating systems give security conscious users all the tools they need to protect their data, but what if the users are not aware of the risks? During the install process, you are prompted to create a password for the built-in 'administrator' user account. Users accustomed to Windows 9X/ME's pointless passwords often decide to bypass this by entering a blank password, thus opening up their entire computer to anyone who takes the trouble to look twice at their Internet address.

There are two reasons for this vulnerability: One, every Microsoft Windows XP and 2000 system has a built-in account called 'administrator' which has full access to all files and configuration settings of the computer. Anyone who is remotely familiar with these operating systems knows of this account's existence. This definitely includes anyone who might try to break into your computer.

The other factor in Windows 2000 and XP's vulnerability is the presence of hidden administrative shares. Each logical drive (C:, D:, etc.) on your system, plus the Windows directory, is actually shared (made available for remote access) by default. These hidden shares are only accessible to Users with administrative privileges, but once an intruder has your administrator account password, he has your entire system laid open for him.

By using one of a multitude of free and legal software tools, a potential intruder can easily locate and gain access to your data by finding your IP address and attempting to connect using the administrator account. Obviously, if there is no password on the account, you are defenseless.

Even if you have put a password on the account, you may not be safe. Simple passwords can easily be discovered by an intruder using a 'dictionary attack' software tool, which can try words and combinations of letters until your password is compromised.

The administrator account is uniquely open to this style of attack, because while other user accounts can be 'locked' by the operating system if an incorrect password is entered too many times, the administrator account cannot be locked out. This means that an intruder is free to try as many password possibilities as he or she wants, without worrying about losing access to your system.

For a more detailed examination of this issue, see our Guide to forgotten password recovery methods.