It’s not enough to secure a Windows computer. You also have to perform security checks at least monthly.
You can and should perform a once-off lockdown of your Windows computer, but that’s not enough. You also have to periodically revisit the issue, making sure that all remains well and manually applying patches that cannot or do not get applied automatically.
A good time to do this is every month on Patch Tuesday. That’s the second Tuesday of the month, the day Microsoft releases patches and fixes for Windows. Here’s what I do then:
Enter the administrative account. Open Control Panel – Security Center – Windows Update. Search for updates. Being Patch Tuesday, there will be a lot. Select them all unless you have reason not to, and install them.
You might think that if you’ve enabled automatic updating in Windows Update, you can skip this. Sadly, my experience is that automatic updating is unreliable and you need to periodically perform a manual check.
While you’re waiting for Windows to update itself, Windows 8 users should open the Windows Store and manually update any apps. You should have previously set Windows Store apps to update themselves, yes, but again my experience is that this is unreliable.
While Windows Update continues to chug away, set your computer aside and go do something else. You should not do day-to-day work from within an administrative account.
When Windows Update finishes its job, it will prompt you to reboot. Do so, returning to the administrative account and Windows Update. Search again for updates. There should be no more, but if there are, repeat the previous steps until there aren’t.
Enter the Windows Security Center and ensure that there are no warning messages.
Open your antivirus and ensure it is up to date and that there are no warning messages. Do the same with your antimalware tool.
Check your installation of Secunia PSI. If it reports vulnerabilities, rescan before taking further action. It may simply have not yet noticed the patches you’ve just applied.
Close the administrative account and log in to your daily use account. Open your backup system and confirm that it is working.
And you’re done. Total time spent on these tasks averages about 30 minutes per computer per month, not counting the time I was doing something else while waiting for Windows Update to finish downloading and installing patches. I manage a stable of Windows computers at work, so I block off a whole afternoon on my calendar for this every month.
Common advice is to run periodic manual antivirus and antimalware scans, but I have seen no evidence (as opposed to mere assertion) that this is necessary if the antivirus and antimalware provide real-time protection.
These notes refer to Windows Vista, Seven, and Eight, and were last updated 26 January 2014.