©
mechBgon's guide to building your first PC from parts   : )

  1. Start

  2. Case prep 1

  3. Case prep 2

  4. Data and power cables

  5. Serial ATA stuff

  6. General motherboard/CPU info

  7. Testing & installing the motherboard assembly

  8. Installing the hard drive

  9. Final connections

  10. Security during Windows Setup

  11. Best practices for ongoing security

  12. Resources

  13. A brief visual glossary

Previous: Final connections

Windows 7, Windows Vista, or Windows XP?

... or skip down for instructions on installing Windows without letting it get attacked.

If you're trying to decide what version of Windows to get, and how to build a good computer for it, here are some tips to start with:

  • Do you recommend Windows Vista, Windows 7, or Windows XP? I recommend Windows 7 or at least Vista. They're far more secure than Windows XP, which was built for a much safer period of computing history. Vista and 7 are designed to make it practical to use a non-Administrator account full-time, allowing you to run super-secure with less hassle than in Windows XP. And Vista and 7 are available in 64-bit versions, which are the most secure of all, and also allow you to make full use of 4GB of RAM or more (my system presently has 8GB, since RAM is so affordable).

    Windows Vista and 7 also will support DirectX 10 and DirectX 11 graphics for future games. They have parental controls built in, they have a longer support lifespan than Windows XP, and if you want to see more new features, click here for Wikipedia's article on Vista.

  • But what if my software and hardware aren't compatible with 7 or Vista? Try the Vista Upgrade Advisor or the Windows 7 Upgrade Advisor to evaluate your software and peripherals (printers, scanners, cameras, etc). If you're building a new computer with modern parts, then the hardware will be OK.

  • What version of Windows should I get? Paul Thurrott has handy guides that compare the different versions of Windows Vista and Windows 7. Personally, I like to use a Software Restriction Policy for an additional boost in security, so the Business, Professional, and Ultimate versions are my first choice because they have that capability..

  • Get a 64-bit CPU and 64-bit Windows 64-bit versions of Windows have additional security features that 32-bit doesn't have. For technical details, check out pages 7 & 8 of this document from Microsoft.

    • OEM versions of Windows are available in discrete 32-bit and 64-bit versions. Choose your version when you purchase.

    • When you buy a retail-boxed version of Vista, you're entitled to use either 32-bit or 64-bit. The package contains the 32-bit version, and you can order the disc with the 64-bit version from this page in order to install 64-bit. If you buy retail-boxed Vista Ultimate, the 64-bit DVD is in the box already.

    • All versions of retail-packaged Windows 7 come with both 32-bit and 64-bit discs included. If you're getting OEM, pick the right one.

  • What's the difference between OEM and Retail? OEM (Original Equipment Manufacturer) versions of Windows are not to be transferred to a new computer. By the terms of the license agreement, OEM versions of Windows are permanently "married" to the individual computer they were first installed on, and can only be sold with that computer. Also, OEM Windows discs can't upgrade a previous version of Windows, they can only do a complete installation.

    Retail versions don't have those license restrictions; you can uninstall a retail-boxed version of Windows from the old computer, and then install it on a new computer, or sell it separately, without violating the license agreement. Also, retail versions of Windows aren't limited to just doing full installations; they can upgrade a previous version of Windows, as long as it's one that qualifies.

  • What about Upgrade versus Full version? The Upgrade versions require that you have a valid license to use a qualifying previous version of Windows. The full version doesn't have that restriction; it can upgrade an existing previous Windows, but it can also do a complete installation without any previous Windows.

  • I heard there's a bothersome feature in Vista and Windows 7 called "UAC" (User Account Control) UAC is a security feature that you should not disable. If you have storage drives that cause endless UAC prompts when you try to save, delete or modify files, you need to adjust your file-system ownership on those drives and then grant your Users group the necessary permissions (e.g. Full Control).

    Trust me, UAC does more than it appears on the surface, and you want it enabled for both security and functionality reasons.

  • How much RAM should I get? As of 2009, RAM is so ridiculously cheap that I suggest getting 4GB even for general use, and gamers and heavy multi-taskers might as well get 8GB. Vista and Windows 7 will make excess RAM useful by cacheing frequently-used programs in it (SuperFetch), and this is why you don't freak out when you find all your RAM is in use... it's actually doing something useful, for a change. For your system to actually use all of your 4GB+ of RAM, you do need to choose a 64-bit version of Windows.

Now on to the Windows installation stuff.

Bah, I'm going to install Windows XP anyway! Okay, then be careful. I've split off the security tips for installing Windows XP into a separate page, so check those out if you're installing Windows XP.

I'm installing Windows Vista or Windows 7

  • Use a router if possible Use a router between your computer and your modem. It stops worm attacks except from other computers that are connected to the router (wired or wirelessly).

    If you get a router that has wireless, turn the wireless off unless you need it. If you do need the wireless, enable the highest level of encryption that your hardware supports, preferably WPA2. Read the router's instruction manual thoroughly.

  • Enable Data Execution Prevention completely Right-click My Computer, choose Properties, and do this.

    First connection  When you first establish a working Internet connection, take these steps:

    1. Go to the Microsoft Update site and get Windows fully updated. It will probably take three or four sessions to completely patch a fresh Windows XP installation.

    2. Get some good antivirus software, update it, and configure it.

    mech's other tips for Windows installation

    • Before you start, unplug all extra hard drives, if you have more than one. Also unplug all USB drives, including memory-card readers. This ensures that drive letter C: is available for your main hard drive.

    • Do not Activate your Windows installation until all of your driver software is installed. If you're installing Windows Vista, watch for a checkbox that says "automatically activate when online" and uncheck it, so you can get everything done before you activate.

    • Get your Windows installation fully updated with service packs and security patches before you worry about updating drivers. Once Windows is up-to-date, then get your motherboard's chipset drivers installed and reboot.

    • After the motherboard drivers are installed, now install your video card's drivers.

    • Windows setup is the ideal time to get your Admin and non-Admin user accounts set up separately. Leave the Admin account for Admin duties, and set up your non-Admin account for your daily use.

    Next: Best practices for ongoing security