Interesting that this four-year old advice is still mostly valid to me, but the detailed steps are actually outdated due to the default security options in modern operating systems:

1. I find it hard to believe that in 2004 (when the article was originally published) most users did not have Windows XP which comes with a firewall. Anyone who blindly follows this article might get the impression that newer computers with Vista don't also have a firewall, which is wrong.

2. The article states that firewalls and file sharing are incompatible -- not true! Recent updates of Windows XP and Vista (and I'm sure Mac OS and Linux and Windows Server) allow you to open a small part of the firewall so you can still block external intruders and share data in your internal network. This is less secure than blocking all access, but much more secure than turning it off altogether, even if your router has a built in firewall. Defense in depth is best.

3. Windows Update has always been about security updates, not about installing games or other software, contrary to the article's claim.

4. Today, if you're running Vista, you don't need to download an anti-spyware application -- it's built in to the system, and it would be good if the article were introduced with some context that indicates what has changed.

5. New operating systems and browsers have more aggressive anti-phishing technology, code execution policy such as support for DEP-enabled hardware, and Vista has its controversial User Account Control which deserve mention here -- ensuring those features are enabled helps against social engineering as well as several other virus attack vectors. These measures weren't available when this article was originally written.

Some details on the issues above:

1. Today's XP market share appears to be 72% from simple web searches -- see an example at <link>. I find it hard to believe it wasn't over 50% for consumers in 2004, but I suppose it's possible.

2. I'd love to see an example of a "game" that was distributed via Windows Update's automatic updates feature -- does anyone have an example? AU has had some mistakes in the past where non-security content was distributed by mistake, but very few systems were affected. Reality is that if more people had had automatic updates enabled in the past, there would have been fewer virus infections and virtually no one with some issue relating to frivolous updates being installed on their machines. It has always been a good idea to use AU, this is not a recent development due to some policy change (Microsoft's policy has been consistent in this regard).

3. Seems like a big omission to leave out the fact that users of newer computers (i.e. Vista) don't need to spend time searching for anti-spyware software -- why send people scurrying for anti-spyware software (which itself may be disguised spyware) if they already have it?

One good thing about the article -- it does NOT recommend installing anti-virus software, and I agree with this. Microsoft has its own 3, I mean 4 step program at <link> which is very similar to these recommendations, except that it recommends anti-virus software. Besides my experience of difficulties trying to get it uninstall from my parents' computers or having it make their computers crash and hang, I find very little value in the software. On computers where my employer requires me to run the corporate anti-virus solution, I have had a total of 0 viruses on my computer in 11 years. Some of that is my own caution in interacting with web sites, downloading attachments, etc., but in recent years that caution has been automated in the improved browser / OS security features like anti-phishing and even in the hardware with protection from buffer overrun attack vectors. With all of that, plus keeping machines up to date and enabling the firewall, the value of anti-virus software in keeping the machine safe seems very questionable.

How about an article that explains why anti-virus is left off this list? Of course we expect Microsoft to show it on their list (they would anger their partner / competitor anti-virus companies if they didn't recommend installing those products), but this article demonstrates that even in 2004 AV software was not seen as essential by at least this author...