Get started Bring yourself up to speed with our introductory content.

FAQ: Windows 7 security and backup

Maintaining the Windows 7 system doesn't just mean performing upgrades. Solutions providers must also be knowledgeable about the best practices for Windows 7 security.

To provide the best Windows 7 monitoring services, solutions providers must make Windows 7 security a top priority in their maintenance routine. In this Project FAQ, expert Ed Tittel answers commonly asked questions about the various methods that ensure the safety of customers' Windows 7 data. Also, find out why Windows Update is so important in the monitoring process and read about the best Windows 7 security tools for spotting desktop vulnerabilities.

Read Ed Tittel's answers to other frequently asked questions on Windows 7 system maintenance tools and listen to the podcast here:

Which programs or methods ensure the safety of customers' Windows 7 data?

Ed Tittel: All computers should have basic data protection installed, such as an Internet security suite, and the suite should be scheduled for automatic updates. Notable leaders in the Windows 7 security and data protection area include Symantec Corp. and McAfee Inc. In addition to its Windows Defender antispyware application, Microsoft now offers a basic antivirus package called Microsoft Security Essentials.

Without this frontline defense against malware and intrusions, your customers' Windows 7 systems are targets waiting to be victimized. Botnets, rootkits, Trojan horses, spam, viruses and worms cover a vast amount of common threats, and solutions providers should diligently protect computer systems against them. Most important, protection software should be nearly maintenance-free. You should schedule all updates to run automatically to avoid leaving customers exposed to new or emerging threats.

As a second line of defense, you should also ensure that Windows 7 backups are scheduled appropriately. If you ever need to recover files for a computer, you should be able to grab an up-to-date backup, or two or three, depending on which backup scheme you choose. The older your backup archive is, the more recovery time is needed. It's also important to ensure that the backups are actually taking place with no system or media errors and that they remain validated by signatures. Solutions providers must routinely test their customers' backup archives and media. The strongest minimum objective should be to create a Windows 7 system image upon initial installation and perform periodic backups every six months after.

Why is it important to use Windows Update when monitoring Windows 7 security?

Tittel: Windows Update helps ensure that all system and security patches, fixes and driver updates are installed in a timely manner. By scheduling automatic updates, you remove a common maintenance problem -- human error. Using Windows Update for Windows 7 security is the way to ensure that the necessary patches, fixes and other updates are installed. Windows 7 runs Windows Update every day at 3:00 a.m. by default, but you can change the schedule to suit your customers' needs. Windows Update will run every time, right on time, with no manual intervention needed.

Larger organizations may wish to run their own updated servers to test updates prior to deployment, which also streamlines the delivery of updates to multiple systems. Having dedicated staff for testing and deployment helps ensure timely delivery of updates and is particularly useful when addressing critical security issues or potential vulnerabilities.

What are the best Windows 7 security tools for detecting desktop vulnerabilities?

Tittel: The "best" applications are often those that sufficiently suit your needs. If best means "free" and "vendor-supplied," then Microsoft Baseline Security Analyzer (MBSA) is a great match. MBSA is an easy-to-use tool that detects common Windows 7 security misconfigurations and security updates. When using this tool, solutions providers are notified of any issues with a pass or fail score and also receive an indication of any issues that require software updates or further action.

Once you download and install MBSA, it takes a variable amount of time to complete, depending on the number of systems and criteria you've chosen. When the download is finished, you get a detailed report on the state of your customer's system(s), including detailed information on fixing issues. It's important to note that MBSA reports on issues and offers help, but it doesn't actually plug any holes. This tool can help small and medium-sized businesses determine how their level of IT security stacks up against Microsoft's recommendations.

Solutions providers should also investigate worthy third-party tools such as Shavlik Security Suite, Secunia Corporate Software Inspector and GFI LANguard. The Secunia Corporate Software Inspector tool, for example, inventories your system application profile to identify programs that need updating while focusing on specific security issues.

Going forward, you should consider the business impact of delivering a lower-maintenance Windows 7 security tool to your customers. The more you can automate, the less you and your customers will have to monitor over the long term. The best advice is to package a variety of service offerings to satisfy low-maintenance criteria, and utilize your industry relationships to deliver products and services to your customers in a cost-effective manner.

About the expert:
Ed Tittel is a full-time freelancer who's written and contributed to more than 100 computing books, including MCSE Windows XP Professional Exam Cram 2 (Exam Cram 70-270), and he writes and blogs regularly for numerous websites. Tittel's most recent projects have focused on Windows 7 as that OS has gone into commercial production.

Dig Deeper on Desktop management, sales and installation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.