The One-Way Firewall
Windows' built-in firewall has always suffered from the same flaw: Though it blocks suspicious stuff that comes in, it does nothing about what your PC sends out. Since an infected PC can mass-mail spam and forward your credit card numbers to someone without your better interest in mind, that's an important shortcoming.
Vista supposedly fixed this problem with the addition of a firewall capable of watching and blocking outbound traffic. But that capability is turned off by default. And Vista's designers forgot to put the controls that turn it on in a place where you're likely to look for it: the Windows Firewall Settings dialog box.
Here are two solutions.
1. Go to the secret place where you can turn on outgoing protection: Click Start, type firewall, and select Windows Firewall with Advanced Security. Click Windows Firewall Properties. The first three of the resulting dialog box's four tabs contain an Outbound Connections drop-down menu. In all three, select Block.
2. Get another, better firewall: Even with two-way protection enabled, Windows' firewall is a feeble guardian. On the other hand, the free Comodo Firewall Pro came out tops in independent testing, even compared with well-known commercial products such as Norton Internet Security (according to Matousec's Firewall Challenge).
Here's a great idea: Give Windows a built-in, automated backup application. Restoring a system backup should fix such problems as corrupted boot files, virus infections, Trojan horse installations, and Windows' own natural, gradual deterioration — all without adversely affecting your data.
But you can't permanently save a System Restore backup (called a restore point) to external media. Thus, while System Restore can usually return Windows to, say, last Wednesday's state, it's generally useless for bringing everything back to the perfect condition your PC was in last year. What's more, restoring your system depends on having multiple restore points, such that one corrupt backup makes subsequent ones useless.
The best solution would be a system-backup program that leaves your data alone while backing up everything else to a removable disk — preferably a bootable one. I've yet to find such a program.
Genie Backup Manager Home comes closer than anything else I've found. Genie's Disaster Recovery option insists on backing up everything on the drive, but you can restore the system while keeping the data unchanged by deselecting your data folders when you restore a Disaster Recovery backup. You can try this US$50 general-purpose backup program before you buy it.
Every other reliable system-backup program I know of is image-based, meaning that it restores the entire drive — your data as well as the system. That's fine if you're recovering from a hard-drive crash, but if you want to restore last month's Windows installation while keeping today's documents, you'll need to fully restore one backup and then selectively restore another.
On the other hand, some image-backup programs are free. If you have Vista Business or Ultimate, you already have one. To access it, select Start, All Programs, Accessories, Backup Status and Configuration, Complete PC Backup. Another free option worth considering is DriveImage XML, which works best if you get it as part of the Ultimate Boot CD for Windows — which is also free. Just remember to back up your data separately.
Which brings us to the next topic…