Windows Computer Security: Sources
A list of the most important online sources for securing your computer
Audience: All Windows OS computer users
Contents
Executive Summary
Introduction
Windows Security Basics
USA and International Security Information Sources
· Additional Security Sites We Trust
· Malware Scanning and Databases
European Security Information Sources
Index of Security Articles
Overlogix Links
Executive Summary
In this lengthy article we present multiple, useful sources of news, information and documentation on the subject of Windows security. We begin with a fast bucket list of must-do practices that most Windows users should already know and use. We then list multiple, authoritative sources for detailed security information, articles, instructions, etc. for both the USA and European spheres. This article is intended as a reasonably comprehensive reference to important Windows security source material.
As the most malware targeted operating system, Windows users need a single reference source for researching security issues and concerns. In our opinion, Windows users can never know enough about security.
Introduction
We have planned an in-depth series of articles covering Windows security, including a listing of the things all Windows users should do immediately to secure their computers. As the most-used commercial operating system in the world, Windows is the largest target for black-hat hackers, and we believe that it behooves Windows users to assume their systems are insecure by default.
Hardening systems against attack is but one aspect of maintaining one’s computers, but it is an extremely important one, as personal data has already become a prime target for the bad guys. It is essentially preventative in nature and often overlooked, since typical Windows users are not particularly technical, and are using their computers to advance business that isn’t particularly technical.
We understand this; there is urgency to get on with business, not fiddle endlessly with the computer. The computer is supposed to be an assistant to get business done more efficiently, not a baby requiring constant attention and care.
That being said, taking proactive steps to reduce oneself as a target and maintain vigilance are de rigeur these days; imagine the effect on one’s business if an attack merely manages to put one’s computer out of operation for only three days. In essence, we advocate implementing stealth technology on an ongoing basis in order to maximize productive time.
The first part of building a strong security policy is understanding the background. We cover a large collection of the most important security sources in this introductory article. There is a great deal of material coming out daily; organizing the more important sources in this manner allows our reader the very important advantage of staying informed about Windows security issues and news.
This page is worth bookmarking if you run Windows 10 or later. Please note that Windows 10 will be unsupported after 14 October 2025. We will be adding updates to this page periodically, and will certainly update the security index below as new articles are added.
Windows Security Basics
For a start, we gave Google Gemini a shot at giving us a top ten list, which we will amplify on and curate in considerable detail in a later articles. All of the suggestions Gemini gave were good practices. This list is primarily to be viewed as a starting point, not a definitive nor complete listing.
Overlogix: Name the ten most important security precautions Windows users should implement immediately, in order of importance.
Gemini: Here are 10 essential Windows security precautions, prioritized:
1. Strong Passwords & Multi-Factor Authentication (MFA):
Strong Passwords: Unique, complex passwords for every account (use a password manager!).
MFA: Enable MFA (e.g., authenticator apps, hardware keys) wherever possible. This adds an extra layer of security by requiring a second form of verification (like your phone) beyond just your password.
Overlogix commentary: Use a password manager such as PasswordSafe, KeePass, 1Password or Kaspersky. Note that Kaspersky products are banned in multiple countries. Most of them allow generation of randomized passwords of a given length, including lower and upper case letters, numbers and special symbols. We now use and recommend a minimum password length of 20 characters. Some of these come with a subscription fee.
2. Keep Windows Updated:
Install all critical and recommended updates promptly. These updates often contain security patches that address vulnerabilities.
Enable automatic updates for both Windows and your antivirus software.
Overlogix commentary: Windows updates are a royal PITA. It helps to know when they are going to happen so you can prepare accordingly. Absolutely necessary for security!
3. Install and Maintain Robust Antivirus/Antimalware:
Use a reputable antivirus/antimalware solution (e.g., Windows Defender, third-party options like Norton, McAfee).
Regularly scan your system for malware and keep your antivirus software updated.
Overlogix commentary: We plan a detailed review, with references, of the commonly available antimalware software in the near future. Our personal opinion is that one of the most aggressive solutions should be chosen and used, and the user should gladly put up with occasional interruptions and false positives.
4. Be Wary of Phishing:
Never click on links or open attachments from unknown senders or suspicious emails.
Hover over links to see the actual URL before clicking.
Be cautious of social media messages and online ads that seem too good to be true.
Overlogix commentary: Extreme care is advised. We recently picked up a particularly nasty virus after an accidental right click on a link, that took three days to resolve.
5. Use a Firewall:
Enable the Windows Firewall (it's usually enabled by default).
Consider a hardware firewall for added network security.
Overlogix commentary: Absolutely on the hardware firewall. Most home and office routers have one. RTFM carefully, configure your local network, and then try to test it for vulnerabilities.
6. Control User Accounts:
Create separate user accounts for different users on the computer.
Use the "Standard" user account for everyday tasks and the "Administrator" account only when necessary.
Overlogix commentary: Agreed. Everyone that uses a computer needs their own user name and password. The administrator account should normally be locked when not in use. More on this in a later article.
7. Be Careful with Downloads:
Only download software from trusted sources (official websites, reputable app stores).
Be wary of freeware and shareware from unknown sources.
Overlogix commentary: Never try to pirate software, it’s one of the primary vectors for attacking your computer from the inside and can lead to almost immediate theft of private data. There is so much excellent freeware and open-source software available today, there is never any need to do this.
8. Enable Device Encryption (BitLocker):
Encrypt your hard drive with BitLocker (if supported by your hardware) to protect your data in case your computer is lost or stolen.
Overlogix commentary: We haven’t tried this yet. We’ll investigate in an upcoming article.
9. Regularly Back Up Your Data:
Perform regular backups to an external hard drive, cloud storage, or other secure location.
Overlogix commentary: If you don’t have one already, high-quality, high-capacity USB drives are inexpensive and readily available. Recommended.
10. Stay Informed:
Stay updated on the latest security threats and best practices.
Read security advisories from Microsoft and other security organizations.
Overlogix commentary: The remainder of this article contains enough references to keep you busy and secure.
USA and International Security Information Sources
Each source cited here is either an official Windows site, a government site, or an organization we happen to trust. There may be more, and we will periodically survey the field and update or add to this list. Each source is listed with a URL, who they are, why they are included, what their specialties are, and any concerns that might affect their objectivity, utility or probity.
Who: Microsoft
Why: Official source for the latest security advisories, threat intelligence, and best practices directly from Microsoft.
Specialties: Windows security, threat intelligence, security research.
Caveats: May focus heavily on Microsoft products and services.
2. Microsoft Security Response Center (MSRC):
Who: Microsoft
Why: Provides detailed information on security vulnerabilities, patches, and guidance for IT professionals.
Specialties: Vulnerability research, security advisories, threat intelligence.
Caveats: Technical focus, may not be easily digestible for general users.
3. U.S. Cybersecurity and Infrastructure Security Agency (CISA):
Who: US government agency
Why: Provides valuable insights into cybersecurity threats and best practices for individuals, businesses, and government agencies.
Specialties: Cybersecurity advisories, threat intelligence, incident response.
Caveats: Focus may be broader than just Windows-specific issues.
4. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3):
Who: US Federal Bureau of Investigation
Why: Provides information on cybercrime trends, scams, and how to report online crimes.
Specialties: Cybercrime awareness, reporting online crimes, consumer protection.
Caveats: Focuses on reporting and prevention of cybercrimes rather than technical details.
5. National Institute of Standards and Technology (NIST):
Who: US government agency
Why: Provides cybersecurity frameworks, standards, and guidance for organizations and individuals.
Specialties: Cybersecurity frameworks, standards, best practices, risk management.
Caveats: Some resources may be technical in nature.
6. SANS Institute:
Who: Leading provider of cybersecurity training and certifications
Why: Offers valuable insights and resources on a wide range of cybersecurity topics, including Windows security.
Specialties: Cybersecurity training, certifications, research, and resources.
Caveats: Some content may require a subscription or payment for access.
7. Kaspersky Lab:
Who: Global cybersecurity company
Why: Provides threat intelligence, security research, and expert analysis on the latest cyber threats.
Specialties: Antivirus software, threat intelligence, security research.
Caveats: Commercial company, may have a bias towards their own products.
8. Symantec:
Who: Global cybersecurity company
Why: Offers valuable insights into the latest cyber threats and provides security solutions for individuals and businesses.
Specialties: Antivirus software, endpoint protection, threat intelligence.
Caveats: Commercial company, may have a bias towards their own products.
9. ESET:
Who: Global cybersecurity company
Why: Provides in-depth research and analysis on malware, vulnerabilities, and cyber threats.
Specialties: Antivirus software, threat research, security education.
Caveats: Commercial company, may have a bias towards their own products.
10. BleepingComputer:
Who: Independent cybersecurity news and information website
Why: Provides up-to-date news and information on the latest cyber threats, vulnerabilities, and security breaches.
Specialties: Cybersecurity news, malware analysis, security research.
Caveats: May contain technical jargon that may not be easily understood by everyone.
11. Krebs on Security:
Who: Independent cybersecurity blog by renowned security journalist Brian Krebs
Why: Provides in-depth investigative reporting on cybercrime, data breaches, and security issues.
Specialties: Investigative journalism, cybercrime reporting, data breach analysis.
Caveats: Focus may not always be exclusively on Windows-specific issues.
12. CSO Online:
Who: Online publication for Chief Security Officers
Why: Provides in-depth articles, analysis, and insights on a wide range of cybersecurity topics, including Windows security.
Specialties: Cybersecurity for enterprises, threat intelligence, risk management.
Caveats: Focuses primarily on enterprise-level security.
13. TechRadar:
Who: Technology news and reviews website
Why: Provides news, reviews, and buying guides for various technology products, including security software for Windows.
Specialties: Technology reviews, news, and buying guides.
Caveats: May contain sponsored content or advertisements.
14. CNET:
Who: Technology news and reviews website
Why: Provides news, reviews, and buying guides for various technology products, including security software for Windows.
Specialties: Technology reviews, news, and buying guides.
Caveats: May contain sponsored content or advertisements.
15. PCMag:
Who: Technology news and reviews website
Why: Provides in-depth reviews and comparisons of security software for Windows.
Specialties: Technology reviews, product comparisons, buying guides.
Caveats: May contain sponsored content or advertisements.
16. AV-Test:
Who: Independent antivirus testing laboratory
Why: Provides independent testing and certification of antivirus software for Windows.
Specialties: Antivirus testing, security product comparisons.
Caveats: Focuses primarily on antivirus software testing.
17. AV-Comparatives:
Who: Independent antivirus testing laboratory
Why: Provides independent testing and certification of antivirus software for Windows.
Specialties: Antivirus testing, security product comparisons.
Caveats: Focuses primarily on antivirus software testing.
18. Windows Security Center (Built-in Windows Tool):
Who: Microsoft
Why: Provides a central location for managing Windows security settings, including antivirus protection, firewall, and device security.
Specialties: Windows security settings, threat alerts, device security.
Caveats: Limited in terms of in-depth security news and analysis.
How to Access Windows Security: You can access Windows Security in a few ways:
From the Start Menu:
Search for "Windows Security" in the Start Menu and click on the app.
From Settings:
Go to Settings (Windows key + I).
Click on Update & Security.
Click on Windows Security.
From the Taskbar:
Look for the shield icon in the notification area of the taskbar.
Click on it to open Windows Security.
19. Microsoft Support:
Who: Microsoft
Why: Provides support documentation, troubleshooting guides, and security-related information for Windows users
Specialties: Windows support, troubleshooting, security information.
Caveats: May not always provide the most up-to-date security information.
20. Local Computer Store/IT Professional:
Who: Local IT professionals or computer stores
Why: Can provide personalized advice and assistance with Windows security issues.
Specialties: Local support, personalized advice, on-site assistance.
Caveats: May vary in expertise and may charge for their services.
Additional Security Sites We Trust
Gibson Research Corporation We’ve used their Shields-Up! website for decades to find holes in our network access. They offer several extremely valuable freeware programs and information. This is a privately owned security consultancy. Excellent resource, recommended.
Malware Scanning and Databases
1. VirusTotal:
Who: Google-owned service
Why: Analyzes files and URLs for malware, providing a multi-engine scan result from various antivirus vendors.
Specialties: Malware analysis, threat intelligence, URL scanning.
Caveats: May not always detect all threats.
Who: Independent malware scanning service
Why: Free online service that scans files using multiple antivirus engines.
Specialties: File scanning, malware detection.
Caveats: May have limitations on file size and scan frequency.
3. Hybrid-Analysis:
Who: Independent malware analysis platform
Why: Provides in-depth analysis of malware samples, including behavior analysis, code analysis, and threat intelligence.
Specialties: Malware analysis, threat intelligence, research.
Caveats: Some features may require a paid subscription.
4. Any.run:
Who: Independent malware analysis service
Why: Provides dynamic analysis of malware samples, including behavior analysis, network traffic analysis, and sandbox execution.
Specialties: Malware analysis, threat intelligence, sandbox analysis.
Caveats: Some features may require a paid subscription.
5. Malpedia:
Who: Community-driven malware knowledge base
Why: Provides a comprehensive database of malware families, including technical details, threat intelligence, and analysis reports.
Specialties: Malware research, threat intelligence, community-driven knowledge base.
Caveats: May require some technical expertise to understand the information.
European Security Information Sources
1. European Union Agency for Cybersecurity (ENISA):
Who: EU agency for cybersecurity
Why: Provides cybersecurity advice, threat assessments, and research for the EU.
Specialties: EU cybersecurity policy, threat intelligence, incident response.
Caveats: Focus may be more on EU-specific regulations and initiatives.
2. Cybersecurity and Information Assurance Agency (NCSC-NL):
Who: Dutch national cybersecurity center
Why: Provides cybersecurity advice, threat intelligence, and incident response services for the Netherlands.
Specialties: Dutch cybersecurity landscape, threat intelligence, incident response.
Caveats: Primarily focused on the Dutch cybersecurity landscape.
3. Bundesamt für Sicherheit in der Informationstechnik (BSI):
Who: German Federal Office for Information Security
Why: Provides cybersecurity advice, threat intelligence, and incident response services for Germany.
Specialties: German cybersecurity landscape, threat intelligence, incident response.
Caveats: Primarily focused on the German cybersecurity landscape.
4. National Cyber Security Centre (NCSC-UK):
Who: UK's national cybersecurity center
Why: Provides cybersecurity advice, threat intelligence, and incident response services for the UK.
Specialties: UK cybersecurity landscape, threat intelligence, incident response.
Caveats: Primarily focused on the UK cybersecurity landscape.
5. European Cyber Security Organisation (ECSO):
Who: European trade association representing the cybersecurity industry
Why: Provides insights into the European cybersecurity market, industry trends, and policy developments.
Specialties: Cybersecurity industry trends, policy analysis, advocacy.
Caveats: Industry association, may have a focus on promoting the interests of its members.
6. Stiftung Digitale Gesellschaft:
Who: German non-profit organization focused on digital policy and society
Why: Provides research, analysis, and advocacy on digital policy issues, including cybersecurity.
Specialties: Digital policy, cybersecurity policy, digital rights.
Caveats: Focus may be broader than purely technical security issues.
Who: International non-profit organization focused on digital rights and privacy
Why: Provides research and advocacy on privacy issues, including cybersecurity threats to privacy.
Specialties: Privacy rights, surveillance, data protection, cybersecurity.
Caveats: Focus may be more on privacy issues than general cybersecurity.
8. Access Now:
Who: Global digital rights organization
Why: Provides research and advocacy on digital rights, including cybersecurity issues and digital surveillance.
Specialties: Digital rights, online freedom, cybersecurity, surveillance.
Caveats: Focus may be broader than purely technical security issues.
9. The Register:
Who: British technology news and opinion website
Why: Provides in-depth coverage of technology news, including cybersecurity threats and vulnerabilities.
Specialties: Technology news, security news, investigative journalism.
Caveats: May contain some technical jargon.
10. ZDNet:
Who: Technology news and information website
Why: Provides news, analysis, and reviews on a wide range of technology topics, including cybersecurity.
Specialties: Technology news, reviews, analysis, cybersecurity.
Caveats: May contain sponsored content or advertisements.
11. ComputerWeekly:
Who: IT-focused news and information website
Why: Provides news, analysis, and insights on IT and cybersecurity issues.
Specialties: IT news, cybersecurity news, technology trends.
Caveats: May contain some technical jargon.
12. SecurityWeek:
Who: Cybersecurity news and information website
Why: Provides news, analysis, and insights on the latest cybersecurity threats and vulnerabilities.
Specialties: Cybersecurity news, threat intelligence, vulnerability research.
Caveats: May contain some technical jargon.
Who: Cybersecurity news and information website
Why: Provides news, analysis, and insights on a wide range of cybersecurity topics.
Specialties: Cybersecurity news, threat intelligence, industry trends.
Caveats: May contain some technical jargon.
14. SC Magazine:
Who: Cybersecurity news and information website
Why: Provides news, analysis, and insights on cybersecurity threats and vulnerabilities.
Specialties: Cybersecurity news, threat intelligence, risk management.
Caveats: May contain some technical jargon.
15. Dark Reading:
Who: Cybersecurity news and information website
Why: Provides in-depth coverage of cybersecurity threats, vulnerabilities, and security breaches.
Specialties: Cybersecurity news, threat intelligence, investigative journalism.
Caveats: May contain some technical jargon.
16. Threatpost:
Who: Cybersecurity news and information website
Why: Provides news, analysis, and insights on the latest cybersecurity threats.
Specialties: Cybersecurity news, threat intelligence, emerging threats.
Caveats: May contain some technical jargon.
Who: Cybersecurity blog by Sophos
Why: Provides informative and engaging cybersecurity advice and news.
Specialties: Cybersecurity advice, threat analysis, consumer security.
Caveats: May have a slight bias towards Sophos products.
18. Cisco Blog:
Who: Technology giant Cisco
Why: Provides insights into cybersecurity trends, threats, and best practices.
Specialties: Cybersecurity, networking, technology trends.
Caveats: May have a focus on Cisco products and services.
19. IBM Security Blog:
Who: Technology giant IBM
Why: Provides insights into cybersecurity trends, threats, and best practices.
Specialties: Cybersecurity, threat intelligence, AI in cybersecurity.
Caveats: May have a focus on IBM products and services.
20. Trend Micro Blog:
Who: Global cybersecurity company
Why: Provides insights into cybersecurity threats, vulnerabilities, and best practices.
Specialties: Cybersecurity threats, malware analysis, threat intelligence.
Caveats: May have a focus on Trend Micro products and services.
Index of Security Articles
As we add new articles to the security series, we will list them here. Some articles of general interest will be free for all to read, the remainder will be available on a subscription basis.
Overlogix Links
Thank you for reading this article!
More information about Overlogix can be found at Welcome to Overlogix!
We currently publish on both LinkedIn (general interest articles, summaries, TL;DR’s: easier and faster to read) and Substack (in-depth articles, how-to’s, technical studies and new approaches to business).
· Introduction: Welcome to Overlogix!
· The Overlogix Sunday Times Our newsletter, with occasional specials, published roughly every two weeks.
· Master Index All our articles can be found from here in two clicks.
· The Overlogix Table of Context All Overlogix articles in reverse chronological order
· Applied Artificial Intelligence: Index of Articles One of our specialties is Applied AI. This index lists all relevant articles on the topic, in reverse chronological order.
· Applied AI: Stories in the News Our semi-permanent, curated listing of interesting and important news from the world of artificial intelligence, from many different sources.
· Index: Getting a Job Up until recently, getting a job, much less a good job, has been a nightmare for most job seekers. We publish articles on how and why this is so, and what job hunters can do to find the perfect job for them. We also supply credible external resources, so people can consider their alternatives.
· Starting a B2B Business For everyone who can, we heartily recommend starting your own business. The tools are there, and there has never been a better time to do it.
· Building Our Own Robot We’re automating Overlogix from the start, and this series of articles tells exactly how we are doing it.
· Rebuilding the Linux Server: Index of Articles Running AI on your own machine (recommended) requires a modern, up-to-date operating system, and often a lot of additional software infrastructure. This series, dedicated to exactly that sort of system administration, details what we have done to build a powerful server that runs both databases and artificial intelligence, locally.
· The Gospel According to ChatGPT Conversations with various AIs and additional articles on the various challenges associated with actually making profitable use of artificial intelligence.
· TL;DR: Index of Fast Reads Brief, fast reads on various topics in artificial intelligence. If you are a beginner at AI, or a busy human needing fast and factual explanations of complicated technical topics, this is the place to start.
· TL;DR: Overlogix Artificial Intelligence Mini-Wiki Same Fast Reads as previous but arranged in a mini-wiki format some folks may like better.
· Welcome to the Overlogix Substack
· Overlogix: Table of Context Index to our Substack articles arranged by topics.
· Criteria for Paid Content Rules for what goes behind our paywall.
· Curated IT and AI Sources Annotated links to sites and YouTube channels we think are valuable.