Securing Your Computer After a Major Security Incident

Person sitting at hacked computer
Photo: Yuri Arcurs / Getty Images

Maybe your computer got hacked or perhaps you clicked some nasty malware link by mistake and it slipped past your outdated anti-malware. Whatever the case may be, something really bad happened to your computer and you’ve come to the realization that you're going to have to start over from scratch, meaning you need to wipe and reload your operating system, all your applications, and your personal data as well.

While no one looks forward to completely starting over, it does have some advantages. It may give you a speed boost since you’ll be installing the latest version of your operating system. You’ll be flushing caches and clearing out all manners of temporary files that may have been slowing your system down.

Starting over also gives you a chance to re-secure your system, and that’s what this article is all about. We’re going to go over every part of the wipe-and-reload process and try and make sure that wherever you can, you add security measures. So let’s get started:

Before You Begin

Before you wipe and reload your computer, you need to do a few things first, otherwise you might be out of commission for longer than you want to be. Let's go over a few things you should do NOW that will help you avoid costly mistakes later on in the process.

Gather Your Software Disks And Product Keys

Before you wipe your hard drive in preparation for a complete start-from-scratch reload, you're going to want to make sure that you have your original operating system disks that came with your computer.

Some computers don't come with disks but come with a backup that is on a separate partition of your hard drive. Check the documentation that came with your computer to make sure that you know how to obtain the installation media or create an install disk.

You'll also likely need the product key for your operating system.

Sometimes this key is located on a sticker on the case of your computer or it may be located on a card with your system documentation.

Backup What You Can BEFORE You Wipe Your Drive And VERIFY That You Have Your Files

You obviously want to salvage whatever personal data you can before you wipe your drive. Backup your personal data files to removable media (such as a CD, DVD, or Flash drive). Before taking this media to any other computer, make sure that computer's antimalware definitions are up to date and that a full scan is completed on the media before any files are copied anywhere else.

Verify that the media you used for your backup actually has your malware-free personal data files on it before going any further.

Securely Wipe Your Hard Drive

After you've verified your backup and located all your disks and licenses, it's time to securely erase your hard drive. For some guidance on this process, check out our article: Wipe or Erase Your Hard Drive Before Disposal (but obviously, skip the disposal part). Additionally, here is a list of several disk wipe utilities to do the job.

Consider Using an Offline Malware Scanner to Ensure The Drive is Malware-free

If you're super paranoid (like me) and worry that even after you've wiped your drive that malware may still be lurking on your hard drive, you can always load an Offline Malware Scanner to check for any malware that may still be hiding somewhere on your drive.

It's probably not going to find anything but you never can be too careful, so why not give it one last check.

Make Sure You Have The Newest Version of Your Operating System

If you're reloading your operating system from disks that came with your computer, it's obviously going to take you back to an earlier patch level than what is currently available. If possible, download the most recent version of the install disk from your computer's manufacturer or from the OS maker. This will not only save you time loading patches later, it will also likely result in a cleaner install.

Install Your OS from Trusted Media or a Trusted Source

If you've lost your install disk, you might be tempted to download one from the Internet or buy a "cheap copy" somewhere.

Avoid downloading operating system disks from anywhere except the OS Maker's website. Some "cheap copies" may be pirated and might also be pre-infected with malware.

Stick to store-bought sealed copies or download directly from the OS manufacturer.

Enable Security Features During Installation

Once you've started your operating system's installation process, you'll probably be asked a multitude of questions during the setup process. The temptation is to choose all the defaults, but these might not be the best choices in terms of security and privacy.

Review each of the security settings you're presented with and consider opting for the most secure choice possible. You might also want to opt for Whole Disk Encryption if it's available as an option during setup. For more information on how to encrypt your drive and why you might want to, check out our article: How to Encrypt Your Files And Why You Should

Install All OS Security Patches

Once your operating system is loaded, the first thing you should do is make sure you download the most current version of it. Most operating systems have an automatic update tool that will go to the OS maker's site and download the latest patches, drivers, and security updates that are available.

This process may take several hours to complete and may have to be run several times as some patches depend on other patches and can't be installed without the presence of more current files. Repeat the process until your Operating System's update feature reports that it's completely up-to-date and that no additional patches, drivers, or other updates are available.

Install a Primary Antivirus / Antimalware

Once you've gotten your OS loaded and patched, your next installation should be an antivirus / antimalware solution. Make sure to choose a reputable one that has been well-reviewed by major computer websites. Picking a scanner that you've never heard of or that you find from a link in a pop-up box is risky because it could be fake antivirus or Scareware, or even worse, it could be malware itself.

Once you've loaded your primary antivirus / antimalware software, make sure you set it do go out and update itself and also turn on its real-time active protection (if available).

Install a Second Opinion Malware Scanner

Just because you have the antimalware software installed and updated doesn't mean that you are safe from all malware. Sometimes, malware can and will evade your primary antimalware scanner and make its way onto your system without you or your antimalware knowing about it.

For this reason, you might want to consider installing what's known as a Second Opinion Malware Scanner. These scanners are designed to not interfere with your primary scanner and are built to act as a second line of defense so that if something slips past your primary scanner, the Second Opinion Scanner will hopefully catch it. 

Some well-known second opinion scanners include. SurfRight's HitmanPro and Malwarebytes Anti-malware. For additional reasons why you might want a Second Opinion Malware Scanner, check out our article: Why You Need A Second Opinion Malware Scanner

Install The Current Versions of All Your Apps and Their Security Patches

Once you've got your antivirus / antimalware situation taken care of, it's time to start reinstalling all of your applications. Again, as with the operating system, you'll want to load the most current version possible of all your apps and plug-ins. If an app has its own auto-update feature, be sure to turn it on as well.

Make sure your Internet Browsers are patched and secure as well, and that their security features are turned on and functioning correctly (pop-up-blockers, privacy features, etc).

Scan Your Backup Data Before You Load It Onto Your System

Before you load your personal data from the removable media that you moved it to, scan it for malware prior to copying it back to your freshly-loaded computer. You'll want to make sure your antimalware has it's real-time "active" scanning function turned on for this process and set a "full" or "deep" scan of the removable media as well.

Set an OS and Application Update Schedule

Most operating systems will let you set a time to perform the update process, consider setting this to a time when you're not actively using your computer, otherwise you might get frustrated and turn it off if it happens to interrupt you and then your system won't get the patches and security updates that you need in the future.

Backup Your System And Setup a Backup Schedule

Once you've got everything all perfect and the way you like it, you should perform a full backup of your system. Your operating system may have a built-in tool to accomplish this or you may opt for using a cloud-based backup tool as well as local backup software.  Read our article on The Do's and Don'ts of Home PC backups for some tips on this process.

Don't Just "Set it and Forget It"

Just because you've set your auto-update features to "ON" doesn't mean that they will always work as they are supposed to. You should periodically check to see if the update process is working as intended and verify that all current drivers, patches, and updates are loaded. Also, check your antimalware scanners to ensure that they have the most current updates available as well.